Get started with Identity Threat Protection

You must be a super admin to complete these configuration tasks.

Initial setup

1. Understand the risk detections that Identity Threat Protection with Okta AI can detect for your org. Learn more.
2. Set up Okta FastPass and Okta Verify and enroll users. Supported versions:
   • Android: Okta Verify 7.26 or later
   • iOS: Okta Verify 9.9 or later
   • macOS: Okta Verify 9.8 or later
   • Windows: Okta Verify 4.9.1 or later

3. If the requests to Okta are proxied, complete these steps to detect changes to the originating client IP:

   1. Identify the originating client IP. Learn more.

   2. Configure the proxy service to include the originating client IP in the X-Forwarded-For HTTP header of the requests sent to Okta.

   3. Update the Trusted proxy IPs section with an active IP zone to include these proxy IP addresses. Learn more.

4. Optional. Configure a shared signal receiver. Learn more.

Monitor risk

Discover risk detection events in your org:

• System Log events
• Reports
• Admin Dashboard

The post auth session policy monitors your org by default and logs events in the System Log. You can also configure entity risk policy rules to not take any action for risk detections.

Remediate risk

Identity Threat Protection with Okta AI can take remediation actions like ending user sessions (specific or all app sessions configured for Universal Logout) or running a delegated flow. Define how Identity Threat Protection with Okta AI responds to risk detections in your org:

• Configure an entity risk policy to take remediation actions automatically based on user-related risk detections and risk level changes. Learn more.
• Configure a post auth session policy to take remediation actions automatically based on changes to the session context. Learn more.
• Take remediation actions manually. Learn more.