Use of device risk evaluation to manage access to services

What is claimed is: 1. A method, comprising: receiving data in a communication from a computing device of an identity provider; subsequent to receiving the data, receiving, by a second computing device, a request from a first computing device, the request for access by the first computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the first computing device; in response to the request, performing, by the second computing device, an evaluation of a configuration of the first computing device, wherein the evaluation comprises determining a risk level, and wherein the evaluation is based at least in part on the received data from the identity provider; performing, by the second computing device, an action based on the evaluation, wherein the action comprises sending a first communication to the computing device of the identity provider, the first communication indicating the risk level, wherein the identity provider is of record with the second computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication; determining whether the software component is installed on the first computing device; and in response to determining that the software component is not installed on the first computing device: creating a fingerprint of the first computing device, the fingerprint including data extracted from at least one communication from the first computing device; and determining whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the second computing device. 2. The method of claim 1 , wherein the service is provided by a third computing device. 3. The method of claim 1 , wherein the evaluation determines that the configuration is not secure, and the action further comprises blocking access of the first computing device to the service. 4. The method of claim 1 , wherein the service is provided by a third computing device, the method further comprises receiving first data from the first computing device that is used in the evaluation, and the action further comprises sending the first data to the third computing device. 5. The method of claim 4 , wherein the first data is received from the software component, and the software component obtains the first data from the first computing device. 6. The method of claim 1 , wherein software is installed on the first computing device, and wherein the evaluation comprises at least one of determining a source of the software, evaluating authenticity of the software, or analyzing at least one component of the software. 7. The method of claim 1 , wherein the evaluation determines an extent of security risk for the configuration of the first computing device, and wherein an extent of access to the service provided to the first computing device is based on the determined extent of security risk. 8. The method of claim 1 , wherein the evaluation determines that the configuration passes a security threshold, and the action further comprises sending a communication to a third computing device regarding the passed security threshold. 9. The method of claim 1 , wherein a third computing device provides the service, and the method further comprises: generating a token for the first computing device, the token comprising first data encoding the risk level from the evaluation; and providing the token to the first computing device, wherein the first data is used by the third computing device to configure the service provided to the first computing device. 10. The method of claim 9 , wherein the third computing device is configured to determine, using the first data, a risk state associated with providing service to the first computing device. 11. The method of claim 1 , wherein the service is provided by a third computing device, and the method further comprises: extracting first data from a communication received from the first computing device; and performing the evaluation using the first data. 12. The method of claim 1 , wherein: the request for access to the service is generated by an application executing on the first computing device; performing the evaluation comprises determining an authenticity of the application; and performing the evaluation further comprises assessing a context of a user of the first computing device, the context comprising at least one of: a location of the first computing device, a device location for a prior login made to the service by the user, an event associated with a presence of the user on a computing device other than the first computing device, or credentials associated with the user that have become unsecure. 13. The method of claim 1 , wherein the first computing device is associated with a domain, the method further comprises receiving a second communication from a third computing device associated with the domain, and the evaluation comprises using data from the second communication to evaluate the configuration of the first computing device. 14. The method of claim 1 , further comprising: in response to determining that the software component is not installed on the first computing device, sending a second communication to the first computing device requesting installation of the software component; after sending the second communication, determining that the software component is installed on the first computing device; and in response to determining that the software component is installed on the first computing device, sending a communication to cause a third computing device to grant the access to the service. 15. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a first computing device to: receive data in a communication from a computing device of an identity provider; subsequent to receiving the data, receive a request from a second computing device, the request for access by the second computing device to a service, wherein the access requires authorization by the computing device of the identity provider, and access to the service requires that a software component is installed on the second computing device; in response to the request, perform an evaluation of the second computing device, wherein the evaluation is based at least in part on the received data from the identity provider; perform, by at least one processor, an action based on the evaluation, the action comprising sending a first communication to the computing device of the identity provider, wherein the identity provider is of record with the first computing device to use for authorizing requests for access to the service, and wherein the identity provider is configured to authorize access to the service in response to receiving the first communication; determine whether the software component is installed on the second computing device; and in response to determining that the software component is not installed on the second computing device: create a fingerprint of the second computing device, the fingerprint including data extracted from at least one communication from the second computing device; and determine whether the fingerprint matches a fingerprint of another computing device that has previously communicated with the first computing device. 16. The non-transitory computer-readable storage medium of claim