About Network Zones

Network Zones define security perimeters around which admins can restrict or limit access based on the following parameters:

  • a single IP address
  • one or more IP address ranges
  • CIDR notations (Classless Inter-Domain Routing)
  • a list of geolocations
  • IP Type
  • ASN (Autonomous System Numbers)

Network zones consist of IP Zones and Dynamic Zones. Network zones may be incorporated into:

  • policies
  • application sign-on rules
  • VPN Notifications
  • Integrated Windows Authentication (IWA).
Note

Note

Policies and rules are updated automatically when a zone definition is modified.

Both IP Zones and Dynamic Zones have the following limitations:

  • up to 100 zones configured per org
  • up to 150 gateways IPs and 150 proxy IPs (except for IP block list zones)
  • IP block list zones may contain up to 1000 gateways per zone and up to a total of 25,000 per org
Note

Note

Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated as part of this initiative. In this topic, blacklist is now referred to as block list.

Related topics

About IP Zones

About Dynamic Zones

Create and Manage a Network Zone