Configure Okta ThreatInsight

Configure Okta ThreatInsight to detect malicious IP addresses that attempt credential-based attack.

Note

Note

Okta is focused on the adoption of inclusive language and communication. Some long-standing industry terminology and expressions have been updated as part of this initiative. In this topic,

  • whitelisting is now referred to as allow listing

Before you begin

  • Create an IP zone that contains trusted IP addresses for your org so it may be exempted from Okta ThreatInsight.
  • Trusted IP addresses include IPs such as office gateway IPs or Okta agents. See Exempt Zones for more details.

To configure Okta ThreatInsight:

  1. From the Admin Console, click Security > General.
  2. Navigate to Okta ThreatInsight Settings.
  3. Click Edit. A list of actions is displayed:
    • No Action: Okta ThreatInsight actions are not enabled. Okta collects Okta ThreatInsight data for aggregation purposes even if this option is selected.

    • Log authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log. Network Zones for allow listing may be added.

    • Log and block authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log and blocked, returning an HTTP 403 error. Network Zones for allow listing may be added.

  4. Select the desired action for your org and click Save to continue with your changes.

    Note

    Note

    It may take a few minutes for any changes to these settings to take effect.