About Network Zones
Network Zones define security perimeters around which admins can restrict or limit access based on the following parameters:
- a single IP address
- one or more IP address ranges
- CIDR notations (Classless Inter-Domain Routing)
- a list of geolocations
- IP Type
- ASN (Autonomous System Numbers)
Network zones consist of IP Zones and Dynamic Zones. Network zones may be incorporated into:
- application sign-on rules
- VPN Notifications
- Integrated Windows Authentication (IWA).
Policies and rules are updated automatically when a zone definition is modified.
Both IP Zones and Dynamic Zones have the following limitations:
- up to 100 zones configured per org
- up to 150 gateways IPs and 150 proxy IPs (except for IP block list zones)
- IP block list zones may contain up to 1000 gateways per zone and up to a total of 25,000 per org
Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated as part of this initiative. In this topic, blacklist is now referred to as block list.