Security Context for Policy Rule Conditions
This is an Early Access feature. To enable it, use the Early Access Feature Manager as described in Manage Early Access and Beta features .
Security Context for Policy Rule Conditions enables admins to build custom security heuristics using signals derived from Okta. A security heuristic is an expression that has multiple conditions joined by various operators.
When defined, security heuristics can be used as part of Okta sign-on policy rules as a measure to take action and further secure end-user authentication.
Security heuristics can be defined based on Expression Language, which is also commonly used to define Universal Directory mappings and app provisioning in Okta.
Feature group and expression language
|ThreatInsight||IPs flagged by ThreatInsight||
||Boolean||An IP is considered suspicious if ThreatInsight flags it as a high threat.|
|Risk Level||Risk Level||
Based on the risk level determined by the risk scoring feature.
|User Behavior||All User Behaviors available for your org through Behavior Detection.||
||Boolean||Previously configured behaviors can be passed using the name of the predefined behaviors in the expression. The names of these behaviors are unique.|
Expression unrecognized IPs OR unrecognized devices OR if risk is medium or high
- Create a new behavior policy for new device and new IP.
- Define the expression language if the IP OR device is not recognized OR if risk is medium or high.
security.userBehaviors['NewIP'].detected OR security.userBehaviors['NewDevice'].detected OR security.risk.level=='HIGH' OR security.risk.level == 'MEDIUM'
Expression for suspicious IPs
Expression for standard risk based authentication with factor chaining but add Tor Proxy
security.risk.level == 'HIGH' OR security.ip.isTorProxy
For more information, see Expression Language Overview.
Define Security Context for sign-on policies
Configure Security Context for sign-on policies.
Before you begin
- Create a new or use an existing sign-on policy.
- Adaptive MFA must be enabled.
- The maximum number of conditions in a heuristic is 30.
- The expression language for Security Context supports a subset of operators such as:
- !or NOT
Start this task
To define Security Context for sign-on policies:
- In the Admin Console, navigate to Security > Authentication.
- Click the Sign On tab to access sign-on policies.
- Select a sign-on policy.
- Add a new rule or edit an existing sign-on policy rule.
- Under Conditions, toggle Advanced mode to enable Security Context.
- Under the AND Security Context is condition, enter the expression language to define security signals.
- Click Create Rule or Update Rule to proceed with your changes.