What is a zone?

A zone is a set of IP address ranges, a single IP address, or geolocations that are defined by an adminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page. for network security.

What are zones used for?

Creating and configuring a network zone allows an admin to set a network perimeter for improved security. As an admin, you can set up to 100 zones. Each zone can contain up to 150 gateways and 150 proxies. Zones are used in policies, application sign in rules, VPN Notifications, and Integrated Windows Authentication (IWA). If a zone definition is updated, any policy or rule that uses it is automatically updated to the new specification.

Once your network zones are configured, they can be used with Okta SignOn, Application Sign On, MFA, Password policies, and IWA and VPN notification configurations. For example, you can use the Zones in Okta SignOn Policy to allow or block access to Okta.

Accessing this feature

From the admin dashboard, navigate to Security > Networks.

Types of Zones

There are two types of network zones: IP Zones and Dynamic Zones.


IP Zones: A zone where the network perimeter is configured based on IP addresses.

Dynamic Zones: A zone where the network perimeter is configured based on location or the proxy type. To create a dynamic zone, one of two features must be enabled: Geolocation for Network Zones or IP Trust for Network Zones.

Advanced Topics