About behavior and app sign-on policy rules
Admins can add behavior conditions in app sign-on policies using an expression. Behavior describes a change in location, device, IP address or velocity from which Okta is accessed.
A behavior heuristic is an expression that has multiple behavior conditions joined by an operator. When defined, behavior heuristics can be used as part of the Okta app sign-on rules as a measure to take action and further secure end-user authentication.
Behavior and expression language
Behaviors, that are available for your org through Security Behavior Detection, are available using Expression Language.
Pass a behaviorName in the expression
Create a custom behaviorName or use one of the following behaviorName defaults:
- New IP
- New Device
- New Location
- New Velocity
Unrecognized IPs OR unrecognized devices
- Create a new behavior policy for New Device and New IP. See Security Behavior Detection configuration.
- Define the expression language if the IP OR Device is not recognized.
security.behaviors.contains('New IP') || security.behaviors.contains('New Device')
Unrecognized IP AND unrecognized devices
security.behaviors.contains('New IP') && security.behaviors.contains('New Device')
For more information, see Expression Language Overview.