About network zones
Network zones define security perimeters around which admins can restrict or limit access based on the following parameters:
- A single IP address
- One or more IP address ranges
- Classless inter-domain routing (CIDR) notations
- A list of geolocations
- IP type
- Autonomous system numbers (ASN)
Network zones consist of IP zones, Dynamic zones, and Enhanced dynamic zones. You can add to or use these zones for the following items:
- Okta sign-on policies
- App sign-on policies
- VPN notifications
- Integrated Windows Authentication (IWA)
Policies and rules are automatically updated when you modify a network zone definition.
When you edit a network zone, wait approximately 60 seconds for the change to propagate across all servers and take effect.
Network zones have the following limits:
- You can configure up to 100 zones in an org.
- You can configure up to 150 gateway IPs and 150 proxy IPs (except for IP zones that are blocked).
- IP blocked zones may contain up to 1000 gateways in each zone and up to a total of 25,000 in an org.
- You can configure up to 5000 gateway IPs for the default system IP Zone.
- You can configure up to 5000 proxy IPs for the default system IP Zone.
See Zones API developer documentation for more information.