Systems and methods for detecting anomalous post-authentication behavior with respect to a user identity

What is claimed is: 1. A computing system, comprising: at least one processor circuit; and at least one memory that stores program code configured to be executed by the at least one processor circuit, the program code comprising: a user identity protection engine configured to: receive a log specifying a sequence of actions performed with respect to a user identity of a platform-based identity service, the sequence of actions occurring while the user identity is authenticated with the platform-based identity service; generate an anomaly score indicating a probability whether the sequence of actions is indicative of anomalous behavior via an anomaly prediction model; receive an authentication risk score indicating a probability whether user credentials utilized to authenticate the user identity with the platform-based identity service were compromised at the time of authentication; combine the authentication risk score and the anomaly score to generate a combined score; determine that an anomalous behavior has occurred based at least on the combined score; and based on a determination that the anomalous behavior has occurred, cause a mitigation action to be performed that mitigates the anomalous behavior. 2. The computing system of claim 1 , wherein the user identity protection engine is further configured to: determine that the anomalous behavior has occurred based on the combined score meeting a predetermined condition. 3. The computing system of claim 1 , wherein the user identity protection engine is further configured to: for each action in the sequence of actions, determine a respective probability that the action occurs after one or more other actions from the sequence of actions; and aggregate the respective probabilities determined for the sequence of actions into an aggregated probability, the anomaly score being based on the aggregated probability. 4. The computing system of claim 1 , wherein the anomaly prediction model comprises a machine learning model, wherein the machine learning model comprises at least one of: an unsupervised machine learning-based model; or a neural network-based machine learning-based model. 5. The computing system of claim 4 , wherein the machine learning model is trained by: determining a plurality of features associated with logs specifying a plurality of actions performed with respect to a plurality of user identities of the platform-based identity service; and providing the plurality of features as training data to a machine learning algorithm, wherein the machine learning algorithm is configured to determine, for each sequence of actions from the plurality of actions, a probability that a first action from the sequence of actions occurs after a second action from the sequence of actions. 6. The computing system of claim 5 , wherein the plurality of features comprises at least one of: a respective identifier for each of the plurality of actions; a respective time stamp indicating a time at which a respective action of the plurality of actions occurred; or a respective network address from which a respective action from the plurality of actions was initiated. 7. The computing system of claim 1 , wherein the user identity protection engine is further configured to perform at least one of: provide a notification that indicates that the anomalous behavior was detected; cause the user identity to be removed from the platform-based identity service; or cause access to a resource that was previously-accessible by the user identity to be restricted for the user identity. 8. A method performed by a computing system, comprising: receiving a log specifying a sequence of actions performed with respect to a user identity of a platform-based identity service, the sequence of actions occurring while the user identity is authenticated with the platform-based identity service; generating an anomaly score indicating a probability whether the sequence of actions is indicative of anomalous behavior via an anomaly prediction model; receiving an authentication risk score indicating a probability whether user credentials utilized to authenticate the user identity with the platform-based identity service were compromised at the time of authentication; combining the authentication risk score and the anomaly score to generate a combined score; determining that an anomalous behavior has occurred based at least on the combined score; and based on determining that the anomalous behavior has occurred, causing a mitigation action to be performed that mitigates the anomalous behavior. 9. The method of claim 8 , further comprising: determining that the anomalous behavior has occurred based on the combined score meeting a predetermined condition. 10. The method of claim 8 , wherein generating the anomaly score comprises: for each action in the sequence of actions, determining a respective probability that the action occurs after one or more other actions from the sequence of actions; and aggregating the respective probabilities determined for the sequence of actions into an aggregated probability, the anomaly score being based on the aggregated probability. 11. The method of claim 8 , wherein the anomaly prediction model comprises a machine learning model, wherein the machine learning model comprises at least one of: an unsupervised machine learning-based model; or a neural network-based machine learning-based model. 12. The method of claim 11 , wherein the machine learning model is trained by: determining a plurality of features associated with logs specifying a plurality of actions performed with respect to a plurality of user identities of the platform-based identity service; and providing the plurality of features as training data to a machine learning algorithm, wherein the machine learning algorithm is configured to determine, for each sequence of actions from the plurality of actions, a probability that a first action from the sequence of actions occurs after a second action from the sequence of actions. 13. The method of claim 12 , wherein the plurality of features comprises at least one of: a respective identifier for each of the plurality of actions; a respective time stamp indicating a time at which a respective action of the plurality of actions occurred; or a respective network address from which a respective action from the plurality of actions was initiated. 14. The method of claim 8 , wherein causing the mitigation action to be performed that mitigates the anomalous behavior comprises at least one of: providing a notification that indicates that the anomalous behavior was detected; causing the user identity to be removed from the platform-based identity service; or causing access to a resource that was previously-accessible by the user identity to be restricted for the user identity. 15. A computer-readable storage medium having program instructions recorded thereon that, when executed by at least one processor of a computing system, perform a method, the method comprising: receiving a log specifying a sequence of actions performed with respect to a user identity of a platform-based identity service, the sequence of actions occurring while the user identity is authenticated with the platform-based identity service; generating an anomaly score indicating a probability whether the sequence of actions is indicative of anomalous behavior via an anomaly prediction model; receiving an authentication risk score indicating a probability whether user credentials utilized to authenticate the user identity with the platform-based ident