About behavior and sign-on policies
Behavior describes a change in location, device, IP address, or the velocity from which Okta is accessed. Admins can add behavior conditions to sign-on policies using Expression Language.
A behavior heuristic is an expression that has multiple behavior conditions joined by an operator. Use behavior heuristics to enhance the security of your org.
Behavior and Expression Language
Behaviors that are available for your org through Behavior Detection are available using Expression Language. Pass a behaviorName in the expression security.behaviors.contains('behaviorName').
Create a custom behaviorName or use one of the following behaviorName defaults:
- New IP
- New Device
- New Location
- New Velocity
For more information, see Okta Expression Language overview.
Unrecognized IPs OR unrecognized devices
- Create a behavior policy for New Device and New IP. See Configure Behavior Detection.
- Define the Expression Language if the IP OR Device isn't recognized.
security.behaviors.contains('New IP') || security.behaviors.contains('New Device')
Unrecognized IP AND unrecognized devices
security.behaviors.contains('New IP') && security.behaviors.contains('New Device')
Add an authentication policy rule