Create zones for IP addresses

Create an IP zone that defines network perimeters around a set of IP addresses. An IP zone is made up of gateway and proxy IP addresses.

Before you begin

Follow these guidelines when you create an IP zone:

  • Configure at least one gateway or proxy in an IP zone.
  • You can add up to 1000 IPs, IP ranges, or CIDRs to a single blocked zone.
  • You can add up to 25,000 IPs, IP ranges, or CIDRs across all IP zones.
  • You can add up to 150 gateway IPs, proxy IPs, IP ranges, or CIDRs to a non-blocked zone.

Start this task

  1. In the Admin Console, go to SecurityNetworks.

  2. From the Add Zone dialog, select IP Zone.
  3. In the Zone Name field, enter a name for the IP zone.
  4. Optional. Select Block access from IPs matching conditions listed in this zone to prevent matching IPs from accessing Okta. This includes IP addresses found in the zone and IP chains.
  5. Enter the Gateway IP addresses and Trusted Proxy IP addresses. Separate IP addresses and ranges with a new line or comma. You can add single IP addresses, IP ranges, or use CIDR notation.
  6. Click Save.

When you edit a network zone, wait approximately 60 seconds for the change to propagate across all servers and take effect.

Related topics

IP zones

Network zones

Add IPs to a network zone from the System Log