Create a dynamic zone

Create a dynamic zone that defines network perimeters based on location, IP type, and autonomous system number (ASN).

To implement multiple network zones, including Dynamic Zones, you must enable Adaptive MFA.

  1. In the Admin Console, go to SecurityNetworks.

  2. In the Add Zone dropdown, select Dynamic Zone.
  3. In the Zone Name field, enter a name for the zone.
  4. Optional. Select Block access from IPs matching conditions listed in this zone to prevent matching IPs from accessing Okta. This includes IP addresses found in the zone and IP chains.
  5. In IP Type, define a proxy type. Leave this option cleared to ignore it.
    • Any: Use any proxy type for the dynamic zone.
    • TorAnonymizer: Use TorAnonymizer as the proxy type for the dynamic zone.
    • NotTorAnonymizer: Use NotTorAnonymizer as the proxy type for the dynamic zone.

    The accuracy of Tor proxy detection depends on a third-party vendor, which is used to identify IP addresses that use Tor. The proxy type is only used to evaluate if a proxy is Tor or not. If a proxy option is cleared, it isn't evaluated.

  6. In Locations, add up to 75 locations.
  7. In ISP ASNs, add up to 75 ASNs separated by either a comma or new line.
  8. Click Save.

When you edit a network zone, wait approximately 60 seconds for the change to propagate across all servers and take effect.

Related topics

Dynamic zones

Define geolocation for a dynamic zone

Define IP types for a dynamic zone

Create a network zone for IWA sign-ins