About Security Behavior Detection
Deciding when to require a second MFA factor is a common challenge for admins. With this feature, admins can configure the system so that individual end users are only prompted for an additional MFA factor when there is a change in behavior that the admin defines.
There are two components of Security Behavior Detection that admins can configure:
- Define the behavior to track
- Define an action to take if there is a change in trackable behavior for an end user
|Actions to take||
Security Behavior Detection considerations
- You can't deny access if a behavior condition is selected in a sign-on policy rule.
- You can reset the behavior profile for an end user. This reset clears all tracked behavior history for the end user, but continues tracking new behavior.
- You must include the new behavior in a sign-on policy in order for behavior detection to take effect. Defining a behavior does not trigger any actions unless it is added to a policy.
Location policies are based on a third party geolocation database. Okta updates geolocation IP data once a week to minimize potential inaccuracies with location data. Occasionally, the geolocation data that Okta receives is either incorrect or unavailable.