Enforce post auth session evaluation policy
By default, the post auth session evaluation policy is in monitoring mode. You can enforce the policy with or without configuring remediation actions.
In orgs with Identity Threat Protection with Okta AI (ITP) enabled, the post auth session evaluation policy monitors the user session for changes in IP address or device context. When ITP detects session context changes, it reevaluates the global session and authentication policies.
Policy modes
- Monitoring: Default status. In this mode, the post auth session evaluation policy logs session context changes and session violations in the System Log. It doesn't enforce any remediation actions. You can review the System Log, dashboards, and ITP reports to understand the risk patterns in your org.
- Enforced: Require the post auth session evaluation but without triggering any remediation action. ITP evaluates the global session and authentication policies for all the apps in the Okta session. Based on the policies applicable to the user, they may be prompted to reauthenticate.
- Enforced with action: Enforce the post auth session evaluation policy with a remediation action. You can configure remediation actions such as Universal Logout or run a Workflow to take a custom action.
When the post auth session evaluation policy is in either of the enforced modes, users may be prompted to reauthenticate more often. As Okta AI learns more about the user's behavior over time, the re-authentication requests may decrease. If the number of re-authentication requests remains higher than expected, contact Okta Support.
Before you begin
Create Workflows for Identity Threat Protection if you want to take a custom remediation action when the post auth session evaluation policy is enforced with an action. Only delegated Workflows are supported.
Enforce post auth session evaluation policy with action
Enforce the post auth session evaluation policy with or without remediation actions.
-
In the Admin Console, go to .
- On the Post auth session tab, click Edit.
- Turn on the Enforce policy option using the toggle switch.
- Configure the options.
- Groups impacted: Specify to which groups the post auth session evaluation policy applies.
- Active user sessions: Select Configure an action if a policy violation is detected. Then select the remediation action: Universal Logout or a Workflow.
- Click Save.
Related topics
Identity Threat Protection with Okta AI