Manage network zones

As a super admin or org admin, you can manage network zones using the edit, block, delete, and deactivate settings.

When you edit a network zone, wait approximately 60 seconds for the change to propagate across all servers and take effect.

Add a network zone

You can add two types of network zones:

To implement multiple network zones, including Dynamic Zones, you must enable Adaptive MFA.

Edit a network zone

Policies and rules are updated automatically when you change the network zone settings.

  1. In the Admin Console, go to SecurityNetworks.
  2. Select one of the existing network zones and click the pencil icon.
  3. Configure any of the fields.
  4. Click Save.

Block client IPs from accessing a network zone

A blocked network zone prevents client IPs from accessing any URL for the org and requests are automatically blocked before any type of policy evaluation. Admins can restrict access from IP zones that contain a list of IP addresses. They can restrict access from dynamic zones that contain a list of locations, ASNs, or IP types.

  1. In the Admin Console, go to SecurityNetworks.
  2. In the list of existing network zones, click the pencil icon beside the network zone you wish to modify.
  3. To block the network zone, select Block access from IPs matching conditions listed in this zone.
  4. Click Save.

Delete a network zone

When an IP zone or dynamic zone is deleted, all rules that use the deleted zone are affected.

If the network zone you want to delete is the only zone in any rule, you can't delete the zone. Edit the rule to use a different zone, then perform the deletion again.

If the network zone you want to delete isn't the only zone in any rule, you can delete the zone. The zone is removed from all the rules where it appears.

If the network zone that you want to delete is active and is used by other rules, including rules in Okta Classic Engine for customers who upgraded to Okta Identity Engine, make the network zone inactive before you attempt to delete it.

  1. In the Admin Console, go to SecurityNetworks.
  2. In the list of existing zones, click the x next to the zone that you want to delete.
  3. In the Delete Zone dialog, click OK.

Deactivate a network zone

When a network zone is deactivated, Global Session Policies and authentication policy rules that use the deactivated network zone are affected.

  1. In the Admin Console, go to SecurityNetworks.
  2. In the list of network zone, click Active beside the network zone you want to deactivate and select Inactive.

Related topics

Dynamic zones

IP zones