About behavior and sign-on policies
Admins can add behavior conditions in sign-on policies using an expression. Behavior describes a change in location, device, IP address or velocity from which Okta is accessed.
A behavior heuristic is an expression that has multiple behavior conditions joined by an operator. When defined, behavior heuristics can be used as part of the sign-on policy rule as a measure to take action and further secure end-user authentication.
Behavior and Expression Language
Behaviors, that are available for your org through Behavior Detection, are available using Expression Language. Pass a behaviorName in the expression security.behaviors.contains('behaviorName').
Create a custom behaviorName or use one of the following behaviorName defaults:
- New IP
- New Device
- New Location
- New Velocity
For more information, see Expression Language Overview.
Expression examples
Unrecognized IPs OR unrecognized devices
- Create a new behavior policy for New Device and New IP. See Configure Behavior Detection.
- Define the expression language if the IP OR Device is not recognized.
security.behaviors.contains('New IP') || security.behaviors.contains('New Device')
Unrecognized IP AND unrecognized devices
security.behaviors.contains('New IP') && security.behaviors.contains('New Device')