Create a dynamic zone

Create a dynamic zone that defines network perimeters for location, IP Type, and ASN.

  1. In the Admin Console, go to Security > Networks.

  2. In the Add Zone dropdown, select Dynamic Zone.
  3. In the Zone Name field, enter a name for the zone.
  4. Optional. Select Block access from IPs matching conditions listed in this zone to prevent matching IPs from accessing Okta.
  5. In IP Type, define a proxy type, from Any, TorAnonymizer, or NotTorAnonymizer, or leave proxy unchecked to ignore any proxy.

    6. The accuracy of Tor proxy detection is dependent on a third party vendor, which is used to identify IP addresses that use Tor. The proxy type is only used to evaluate if a proxy is Tor or not. If a proxy is unchecked, it won't be evaluated.

  6. In Locations, add up to 75 locations.
  7. In ISP ASNs, add up to 75 ASNs separated by either a comma or new line.
  8. Click Save.

Selecting Block access from IPs matching conditions listed in this zone will cause all requests, with an IP chain containing an IP matching the conditions of the zone, to be blocked from accessing Okta.

Whenever you edit a network zone, you need to wait approximately 60 seconds for the change to propagate across all servers and take effect.

Related topics

About dynamic zones

Define geolocation for a dynamic zone

Define IP types for a dynamic zone

Define a network zone for IWA