Okta ThreatInsight aggregates data about sign-in activity across the Okta customer base to analyze and detect potentially malicious IP addresses and to prevent credential-based attacks such as:
- password spraying
- credential stuffing
- brute-force cryptographic attacks
Because ThreatInsight collects information about the origin of sign-in activity directed at Okta organizations and Okta endpoints, it provides a security baseline for all Okta customers. You can choose to log events for auditing or to log events and block traffic that ThreatInsight has identified as suspicious. If you choose to log and block traffic, Okta automatically denies access to sign-in requests that come from potentially malicious IP addresses that ThreatInsight has detected.
Exclude IP zones from Okta ThreatInsight evaluation