Configure Okta ThreatInsight

Configure Okta ThreatInsight to detect malicious IP addresses that attempt credential-based attacks.

Before you begin

• Create an IP zone that contains trusted IP addresses for your org so it may be exempted from Okta ThreatInsight.
• Trusted IP addresses include IPs such as office gateway IPs or Okta agents. See Exempt Zones for more details.

To configure Okta ThreatInsight:

1. From the Admin Console, click Security > General.
2. Go to Okta ThreatInsight Settings.
   
3. Click Edit. A list of actions is displayed:

   • No Action: Okta ThreatInsight actions are not enabled. Okta collects Okta ThreatInsight data for aggregation purposes even if this option is selected.

   • Log authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log. Add any allowed Network Zones.

   • Log and block authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log and blocked, returning an HTTP 403 error. Add any allowed Network Zones.

4. Select the desired action for your org and click Save to continue with your changes.

   

   Note

   It may take a few minutes for any changes to these settings to take effect.