About Network Zones

Network Zones define security perimeters around which admins can restrict or limit access based on the following parameters:

  • A single IP address
  • One or more IP address ranges
  • CIDR notations (Classless Inter-Domain Routing)
  • A list of geolocations
  • IP Type
  • ASN (Autonomous System Numbers)

Network Zones consist of About IP Zones and About Dynamic Zones

Network Zones may be incorporated into:

  • Policies
  • Application sign-on rules
  • VPN Notifications
  • Integrated Windows Authentication (IWA)


Policies and rules are updated automatically when a Network Zone definition is modified.

Both IP Zones and Dynamic Zones have the following limitations:

  • Up to 100 zones configured per org
  • Up to 150 Gateway IPs and 150 Proxy IPs (except for IP block list zones)
  • IP block list zones may contain up to 1000 gateways per zone and up to a total of 25,000 per org


Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated as part of this initiative. In this topic, blacklist is now referred to as block list.

Related topics

About IP Zones

About Dynamic Zones

Create and configure a Network Zone