Sign-on notifications for end users

When enabled, this email notification notifies end users of any sign-in activity. The email contains user sign-on details such as the web browser, operating system used to sign in, and time and location of authentication.

New sign-on notification emails complement other security features such as multifactor authentication and shouldn't act as a replacement. In most scenarios, clients are easily and accurately identified but there are some limitations.

HealthInsight task recommendation

Configure network block listing to deny access from known malicious IP addresses or locations to your Okta tenant.

Okta recommends

Enable this email notification so end users are informed about new sign-on activity, which can inform them if a different user has signed in to their account.

Security impact

High

End-user impact

Low

End users receive an email notification if they sign in from a new or unrecognized client.

Known limitations

Currently, new sign-on notifications don't use Improved New Device Behavior Detection when sending email notifications for new sign-ins. Changes to deviceToken or browser cookies may not trigger a new sign-on email notification.

Enable sign-on notification emails for end users

  1. In the Admin Console, go to SecurityGeneral.
  2. Under Security Notification Emails, click Edit.
  3. Set New sign-on notification email to Enabled.
  4. Click Save.

Related topics

HealthInsight tasks and recommendations

Network zones

Configure Okta ThreatInsight

Password changed notification for end users

Factor enrollment notifications for end users

Factor reset notifications for end users

General Security