Configure Okta ThreatInsight
Configure Okta ThreatInsight to detect malicious IP addresses that attempt credential-based attack.
Before you begin
- Create an IP zone that contains trusted IP addresses for your org so it may be exempted from Okta ThreatInsight.
- Trusted IP addresses include IPs such as office gateway IPs or Okta agents. See Exempt Zones for more details.
To configure Okta ThreatInsight:
- From the Admin Console, click Security > General.
- Go to Okta ThreatInsight Settings.
- Click Edit. A list of actions is displayed:
No Action: Okta ThreatInsight actions are not enabled. Okta collects Okta ThreatInsight data for aggregation purposes even if this option is selected.
Log authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log. Add any allowed Network Zones.
Log and block authentication attempts from malicious IPs: Sign-in attempts from malicious IP addresses are displayed in the system log and blocked, returning an HTTP 403 error. Add any allowed Network Zones.
-
Select the desired action for your org and click Save to continue with your changes.
Note
It may take a few minutes for any changes to these settings to take effect.