General Security

The settings in this section apply to general security policies for your organization and specific security policies for mobile users. The following settings are available in this section:


To access these settings in the adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. console, navigate to Security > General.


Security Notification Emails

Navigate to Security > General > Security Notification Emails to configure the following:

New sign-on notification email

End usersIn Okta literature, we generally refer to "end users" as the people who have their own Okta home page (My Applications), using chiclets to authenticate into all of their apps. End users do not have any administrative control. When we refer to "users" we are generally referring to the individual(s) who have administrative control. receive an email notification if they sign in from a new or unrecognized clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. . This email contains user sign-on details such as the web browser and operating system used to sign in, in addition to the time and location of authentication. Refer to Limitations for more information about the limitations for identifying new clients.

Note: This feature is enabled by default for new orgs.

MFA enrolled notification email

End users are sent a confirmation email if they or an admin enroll in a new factor for their account. For more information about email notifications and template customization, refer to Email and SMS Options.

MFA reset notification email

End users are sent an email if they or an admin reset a factor for their account. For more information about email notifications and template customization, refer to Email and SMS Options.


New sign-on notification emails: Limitations

New sign-on notification emails complement other security features such as multifactor authentication and should not act as a replacement. In most scenarios, clients are easily and accurately identified but there are some limitations.




Navigate to Security > General > Organization to configure the following:

"Remember Me" checkbox on sign in

This setting displays or hides the Remember Me checkbox for end users on the login screen. If an end user checks this feature and signs in, their username is remembered and displayed at sign-on until their browser cookies are cleared.

Activation emails are valid for

Sets the link expiry in the account activation email sent to end users. For more information about email notifications, refer to Email and SMS Options.



Okta Mobile Settings

Changes to Okta Mobile security settings may take up to 24 hours to be applied to all the eligible end usersEnd users who have installed a version of Okta Mobile that supports these Early Access security settings. in your orgThe Okta container that represents a real-world organization. and for Okta to prompt those end users to update their PIN. ClosedScreenshot


Navigate to Security > General > Okta Mobile to configure the following:

PIN length

Specify the required number of digits for the PIN.

Allow simple PIN

Select to permit the use of repeating, ascending, and descending numeric sequences (such as 1111, 1234, 4321, etc.).

Ask for PIN when user is inactive for

Specify how long users can be inactive before they are prompted to enter a PIN.
PIN expires after Specify how long the PIN is valid before it expires.
Device trust (Android Only) Select to apply existing device trust app sign-on policiesTo enable overall Device Trust for an org, go to Security > Device Trust. To define a Device Trust app sign-on policy for eligible apps, go to Applications > Sign On tab > Sign On Policy. to apps that end users access through Okta Mobile. If you have not configured device trust policies to apps or if device trust is not enabled for your org (Security > Device Trust), selecting this setting has no effect.
Screen preview/capture (Android only) When this option is selected, Android device users cannot take screenshots, record videos, or share their screen from within Okta Mobile (other apps are not affected). Requires Okta Mobile 3.8.0+ for Android. For iOS device users, this option has no effect.
Sign on to SAMLAn acronym for Security Assertion Markup Language, SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP). The SAML standard addresses issues unique to the single sign-on (SSO) solution, and defines three roles: the end user, the IDP, and the SP. Here's how SAML works through Okta: SP-initiated flow: the end user requests (principally through a browser) a service from the SP. The SP requests and obtains an identity assertion from the IdP (in this case, Okta). On the basis of this assertion, the SP can decide whether or not to authorize or authenticate the service for the end user. IdP-initiated flow: with Okta as the IdP, an end user goes to the Okta browser and clicks on a chiclet, sending a SAMLResponse to the configured SP. A session is established with the SP, and the end user is authenticated. apps (iOS only) This iOS-specific option allows access to SAML apps in iOS Safari using an iOS Safari extension.



Okta ThreatInsight Settings

ThreatInsight aggregates data across the Okta customer base and uses this data to detect malicious IP addresses that attempt credential-based attacks.

Refer to Okta ThreatInsight for more details about this feature.