Manage network zones

Admins can manage network zones using the edit, block, delete and deactivate settings.

Whenever you edit a network zone, you need to wait approximately 60 seconds for the change to propagate across all servers and take effect.

Add a network zone

You can add two types of network zones:

Edit a network zone

When managing network zones, you may need to make modifications by editing existing settings. Policies and rules are updated automatically when network zone settings are modified.

  1. .In the Admin Console, go to Security > Networks.
  2. Select one of the existing network zones and click the pencil icon.
  3. Configure any of the fields.
  4. Click Save.

Block client IPs from accessing a network zone

A blocked network zone prevents client IPs from accessing any URL for the org and requests are automatically blocked prior to any type of policy evaluation. Admins can restrict access from IP zones that contain a list of IP addresses. They can restrict access from dynamic zones that contain a list of locations, ASNs, or IP types.

  1. In the Admin Console, go to Security > Networks.
  2. In the list of existing network zones, click the pencil icon beside the network zone you wish to modify.
  3. To block the network zone, select the Block access from IPs matching conditions listed in this zone check box.
  4. Click Save.

Delete a network zone

When an IP zone or dynamic zone is deleted, all rules that use the deleted zone are affected.

If the network zone you want to delete is the only zone in any rule, you can't delete the zone. Edit the rule to use a different zone, then perform the deletion again.

If the network zone you want to delete isn't the only zone in any rule, you can delete the zone. The zone is removed from all the rules where it appears.

If the network zone that you want to delete is active and is used by other rules, including rules in Okta Classic Engine for customers who upgraded to Okta Identity Engine, make the network zone inactive before you attempt to delete it.

  1. In the Admin Console, go to Security > Networks.
  2. In the list of existing zones, click the x next to the zone that you want to delete.
  3. In the Delete Zone dialog, click OK.

Deactivate a network zone

When a network zone is deactivated, Global Session Policies and authentication policy rules that use the deactivated network zone are affected.

  1. In the Admin Console, go to Security > Networks.
  2. In the list of network zone, click Active beside the network zone you want to deactivate and select Inactive.

Related topics

About dynamic zones

About IP zones