Configure Okta ThreatInsight

Configure Okta ThreatInsight to detect malicious IP addresses that attempt credential-based attacks.

Before you begin

  • Create an IP zone that contains trusted IP addresses for your org so it may be exempted from Okta ThreatInsight.
  • Trusted IP addresses include IPs such as office gateway IPs or Okta agents. See Exempt Zones for more details.

Start this task

To configure Okta ThreatInsight:

  1. From the Admin Console, click Security > General.
  2. Go to Okta ThreatInsight Settings.
  3. Click Edit. A list of actions is displayed:
    • No Action: Okta ThreatInsight actions are not enabled. Okta collects Okta ThreatInsight data for aggregation purposes even if this option is selected.

    • Log authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log.

    • Log and block authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log and blocked, returning an appropriate HTTP error.

  4. Select the desired action for your org.
  5. Add any trusted network zones that you want to exclude from threat detection.
  6. Click Save to save your changes.
  7. Note

    Note

    It may take a few minutes for any changes to these settings to take effect.