About behavior and sign-on policies

Behavior describes a change in location, device, IP address, or the velocity from which Okta is accessed. Admins can add behavior conditions to sign-on policies using Expression Language.

A behavior heuristic is an expression that has multiple behavior conditions joined by an operator. Use behavior heuristics to enhance the security of your org.

Behavior and Expression Language

Behaviors that are available for your org through Behavior Detection are available using Expression Language. Pass a behaviorName in the expression security.behaviors.contains('behaviorName').

Create a custom behaviorName or use one of the following behaviorName defaults:

  • New IP
  • New Device
  • New Location
  • New Velocity

For more information, see Okta Expression Language overview.

Expression examples

Unrecognized IPs OR unrecognized devices

  1. Create a behavior policy for New Device and New IP. See Configure Behavior Detection.
  2. Define the Expression Language if the IP OR Device isn't recognized.

security.behaviors.contains('New IP') || security.behaviors.contains('New Device')

Unrecognized IP AND unrecognized devices

security.behaviors.contains('New IP') && security.behaviors.contains('New Device')

Related Topic

Add an authentication policy rule

Add a global session policy rule