Org-level security

Org security settings allow you to manage and control how your org is protected. By configuring administrator permissions, completing HealthInsight tasks, and defining network zones, your org remains secure and accessible to the right users.

Administrators
Set up administrator permissions to provide better control on how your org is managed.

General Security
Configure global security settings such as security notification emails and user enumeration prevention.

HealthInsight
Review a checklist of your organization’s security settings and take action to secure your org.

Network zones
Define security perimeters to restrict or limit access to your org.

Risk scoring
Configure sign-on policies to use a risk engine that helps identify anomalous sign-in activity.

Behavior detection and evaluation
Configure sign-on policies to prompt users for MFA based on their sign-in activity.

Okta ThreatInsight
Allow Okta to detect suspicious users who attempt credential-based attacks.

Telephony

Configure SMS text messages and voice calls for device enrollment, multifactor authentication, account recovery, and password resets to comply with the laws and regulations where your organization operates.

API Access Management
Build custom authorization servers in Okta that can be used to protect your own API endpoints.

API token management
Manage Okta API tokens and add Origin URLs. See Okta Developer for more details.

Allow access to Okta IP addresses
Allow access to select IP addresses and applications so they aren't blocked by your network.

Allow third-party cookies
Ensure that your browser allows cookies from your Okta org domain.