Get started with Identity Threat Protection

To discover and strengthen the security posture of your org, learn about risk detections, prerequisites, and basic configurations. You must be a super admin to complete these configuration tasks.

Initial setup

  1. Understand the risk detections that Identity Threat Protection with Okta AI can detect for your org. Learn more.
  2. Set up Okta FastPass and Okta Verify and enroll users. Supported versions:
    • Android: Okta Verify 7.26 or later
    • iOS: Okta Verify 9.9 or later
    • macOS: Okta Verify 9.8 or later
    • Windows: Okta Verify 4.9.1 or later

  3. If the requests to Okta are proxied, complete these steps to detect changes to the originating client IP:

    1. Identify the originating client IP. Learn more.

    2. Configure the proxy service to include the originating client IP in the X-Forwarded-For HTTP header of the requests sent to Okta.

    3. Update the Trusted proxy IPs section with an active IP zone to include these proxy IP addresses. Learn more.

  4. Optional. Integrate Okta Verify with a supported endpoint detection and response (EDR) solution. Currently, ITP supports integrations with CrowdStrike Falcon and Windows Security Center. Learn more.

  5. Optional. Configure Okta to receive signals from a security events provider using the Shared Signals Framework. Learn more.

Observability

Discover risk detection events in your org:

The post auth session evaluation policy monitors your org by default and logs events in the System Log. You can also configure entity risk policy rules to not take any action for risk detections.

Remediate risk

Identity Threat Protection with Okta AI can take remediation actions like ending user sessions (specific or all app sessions configured for Universal Logout) or running a delegated flow. Define how Identity Threat Protection with Okta AI responds to risk detections in your org:

  • Configure an entity risk policy to take remediation actions automatically based on user-related risk detections and risk level changes. Learn more.
  • Configure a post auth session evaluation policy to take remediation actions automatically based on changes to the session context. Learn more.
  • Take remediation actions manually. Learn more.