Post auth session evaluation
Post auth session monitors user sessions after the user authenticates to Okta. It evaluates the authentication and global session policies to identify changes in session context, such as these:
- Changes in the IP address associated with the received web request.
- Changes in the device context.
If Okta detects a context change, Post auth session re-evaluates the session details. Okta records the user.session.context.change System Log event with the result of the evaluation.
You can configure Post auth session to automatically take certain actions when it detects a global session policy violation, such as prompting users for multifactor authentication, signing users out of apps and Okta, or triggering a Workflow.
If you configure Post auth session to respond to violations but turn this feature off, Okta doesn't launch any actions if it detects policy violations. Okta still logs session events and policy evaluation outcomes.
Post auth session statistics appear on dashboard widgets, which present different information depending on how you’ve configured this feature. There are also reports that you can run and download that track violations over a given period of time. See Identity Threat Protection dashboard widgets and Identity Threat Protection reports.