About behavior types

Behavior types are based on changes in the location, device, IP address, or velocity with which the user accesses Okta. You can create multiple named behaviors for each behavior type.

Behavior type example

You can base one behavior on the country, and another on the city, from which the sign-in originates, and include one or both of them in your sign-on policies. In this example, you can prompt for a second MFA factor when there's a change of country, but allow access when there's a change of city.

Behavior Type	Name	Description	Defaults and Customization
Location	New City	A city that hasn't been the source of a successful sign-in before.	Checked against the last 20 successful sign-ins. You can change the number to check against.
	New State	A state or region that hasn't been the source of a successful sign-in before.	Checked against the last 15 successful sign-ins. You can change the number of successful sign-ins to check against.
	New Country	A country that hasn't been the source of a successful sign-in before.	Checked against the last 10 successful sign-ins. You can change the number of successful sign-ins to check against.
	New Geo-Location	A location outside a specified radius that hasn't been the source of a successful sign-in before.	Checked against the last 20 successful sign-ins for locations that are outside a 20-kilometer radius of the locations of prior, successful sign-ins. You can change the number of successful sign-ins to check against, specify the radius size, and define the location by longitude and latitude.
Device	New Device	A device that hasn't been the source of a successful sign-in before. A device is defined at the client level. When you sign in using a browser that you haven't used before, Okta considers the new browser as a new device. See Improved New Device Behavior Detection	Checked against the last 20 successful sign-ins. You can change the number of successful sign-ins to check against.
IP	New IP	An IP address that hasn't been the source of a successful sign-in before.	Checked against the last 50 successful sign-ins. You can change the number of successful sign-ins to check against.
Velocity	Velocity	A measurement of velocity used to identify suspicious sign-ins. Velocity is evaluated based on the distance and time elapsed between two subsequent user sign-ins.	Checked against the geographic distance and time elapsed between two successive sign-ins. The default is 805 km/h (500 mph).

About behavior types

Behavior type example

Related topics