About Security Behavior Detection
There are two components of security behavior detection that admins can configure:
- Define the behavior to track.
- Define an action to take if there is a change in trackable behavior for an end user.
|actions to take||
Security Behavior Detection considerations
- You cannot deny access if a behavior condition is selected in a sign-on policy rule.
- You can reset the behavior profile for an end user. This reset clears all tracked behavior history for the end user, but continues tracking new behavior.
- You must include the new behavior in a sign-on policy in order for behavior detection to take effect. Defining a behavior does not trigger any actions unless it is added to a policy.
Location policies are based on a third party geolocation database. Okta updates geolocation IP data once a week to minimize potential inaccuracies with location data. Occasionally, the geolocation data that Okta receives is either incorrect or unavailable.