HealthInsight

 

 

With HealthInsight, certain admins can:

• View a list of complete, incomplete, or dismissed tasks that are applicable to your org.
• Review detailed recommendations from Okta based on your org’s existing security settings.
• Navigate to various settings to update your existing configuration.
• Dismiss tasks so they do not appear Incomplete.

Tasks are marked as complete automatically by HealthInsight when addressed in its respective section in the admin console.

Access this feature

---

• From the HealthInsight prompt on the admin console dashboard.
• From the Shortcuts list on the admin console dashboard, click HealthInsight.
• From the admin console menu, click Security and navigate to HealthInsight.

Before you begin

---

Note the following about admin roles and permissions:

Admin Permission	Super Admin	Org Admin	Read-Only Admin
View HealthInsight status	✓	✓	✓
Dismiss security tasks and recommendations	✓	✓

Security tasks and recommendations

---

Security Task	Why is this recommended?	Security Impact	End- User Impact
Enable MFA for Okta Administration access	To reduce the risk of admin account compromise if credentials are obtained maliciously by a third party.	Critical	None
Limit the number of super admin roles	To ensure that org admins are not assigned more permissions than necessary. Most orgs require only a few super admins.	Critical	None
Enable Okta ThreatInsight to block suspicious IP addresses	To detect suspicious IP addresses from credential-based attacks.	Critical	Low
Disable weaker MFA factors in factor enrollment policies	To improve resistance to phishing and man-in-the-middle attacks.	High	High
Enable Okta Verify (with Push if available) for MFA	To provide end users with a strong and secure factor to sign in to their org.	High	High
Enforce a limited session lifetime for all policies	To reduce the risk of malicious third party access to an end user's applications (when an end-user session is active).	High	Moderate
Enable Suspicious Activity Reporting	To give end users the option to report unrecognized activity from an account activity email.	High	Low
Enable new sign-on email notifications	To inform end users by email of any unrecognized activity from a new or unknown device or browser.	High	Low
Enable factor enrollment notifications	To inform end users by email of new MFA enrollment activity on their account.	High	Low
Enable factor reset notifications	To inform end users by email that MFA factors for their account have been reset.	High	Low
Password changed notification for end users	To inform end users by email that the password for their account has changed.	High	Low
Use SAML or OIDC authentication for app access	To leverage SAML and OIDC authentication protocols, which reduce reliance on password-based authentication.	High	None
Blacklist network zones to deny access to your Okta tenant	To deny access from known suspicious IP addresses or locations from your Okta tenant.	Moderate	Low
Enable strong password policy settings	To enforce strict password policies that define settings for password lockout, history, minimum age, and minimum length.	Low	Moderate
Set a required factor for MFA enrollment policies	To ensure that end users assigned to a given policy are enrolled in multifactor authentication.	Low	High

 

Related topics

---

• Suspicious Activity Reporting
• General Security
• Network Security
• Security Policies
• Multifactor Authentication