Create zones for IP addresses

Create an IP zone that defines network perimeters around a set of IPs. An IP zone is comprised of Gateway IPs and Proxy IPs.

Consider this information when configuring an IP zone:

  • When configuring an IP zone, at least one gateway or proxy is required.
  • Selecting Block access from IPs matching conditions listed in this zone will cause all requests with an IP chain containing an IP within the zone to be blocked from accessing Okta.
  • Up to 1000 IPs, IP ranges, and/or CIDRs can be added to a single blocked zone, and up to 25,000 can be added across all IP zones.
  • Up to 150 gateway IPs, IP ranges and/or CIDRs can be added as well as up to 150 proxy IPs, IP ranges and/or CIDRs can be added to a non-blocked zone.

Create an IP zone

  1. In the Admin Console, go to Security > Networks.

  2. From the Add Zone dialog, select IP Zone.
  3. In the Zone Name field, enter a name for the IP zone.
  4. Optional. Select Block access from IPs matching conditions listed in this zone to prevent matching IPs from accessing Okta.
  5. Enter the Gateway IP addresses and Trusted Proxy IP addresses. Separate IPs and IP ranges with a new line or comma. Single IPs, IP ranges or CIDR notation can be added.
  6. Click Save.

Whenever you edit a network zone, you need to wait approximately 60 seconds for the change to propagate across all servers and take effect.

Related topics

About IP zones

Network zones

Add IPs to a network zone from the System Log