Manual actions for Identity Threat Protection with Okta AI

Early Access release

Your Entity risk policy configurations determine what actions Identity Threat Protection with Okta AI should take when it identifies a risk. These actions are automatic and don’t require any action from an admin. However, you may want to take manual actions in response to a security threat.

Elevate an entity risk level

You can manually elevate a low or medium entity risk level to high.

  1. In the In the Admin Console, go to DirectoryPeople.
  2. Select a user from the People & username column.
  3. Click More actions, and then click Elevate Risk Level. The Elevate entity risk level dialog opens.
  4. Click Yes, elevate risk level.

When you manually elevate a user’s risk level, the user.risk.change event appears in the System Log.

End a user session

You can manually revoke a user’s IdP sessions and refresh tokens by clearing their sessions. When you do this, the following happens:

  • The user is signed out of all active Okta sessions across all of their devices.
  • The user is signed out of the Admin Console and all of their assigned apps that support Universal Logout
  • Universal Logout.
  • The user’s Okta Verify and refresh tokens are revoked.
  • The user’s entity risk level is set to low.

When you manually end a user's session, their Single Sign-On Web System (SSWS) tokens aren't revoked.

Follow these steps to revoke user sessions and refresh tokens for a user:

  1. In the Admin Console, go to DirectoryPeople.
  2. Select a user from the People & username column.
  3. Click More Actions, and then select Clear user sessions. The Clear sessions and revoke tokens dialog opens.
  4. Optional. Select Clear active sessions for apps with logout enabled to invoke Universal Logout for the user.
  5. Click Clear and revoke.

Related topics

Deactivate and delete user accounts

Suspend and unsuspend users

System Log events for Identity Threat Protection with Okta AI