About Network Zones
Network Zones define security perimeters around which admins can restrict or limit access based on the following parameters:
- A single IP address
- One or more IP address ranges
- CIDR notations (Classless Inter-Domain Routing)
- A list of geolocations
- IP Type
- ASN (Autonomous System Numbers)
Network Zones consist of IP Zones and Dynamic Zones which may be added to or used for:
- Okta sign-on policies
- App sign-on policies
- VPN Notifications
- Integrated Windows Authentication (IWA)
Note
Policies and rules are updated automatically when a Network Zone definition is modified.
Both IP Zones and Dynamic Zones have the following limitations:
- Up to 100 zones configured per org
- Up to 150 Gateway IPs and 150 Proxy IPs (except for IP zones that are blocked)
- IP blocked zones may contain up to 1000 gateways per zone and up to a total of 25,000 per org
Related topics