Sign-on notifications for end users
When enabled, this email notification notifies end users of any sign-in activity. The email contains user sign-on details such as the web browser, operating system used to sign in, and time and location of authentication.
New sign-on notification emails complement other security features such as multifactor authentication and shouldn't act as a replacement. In most scenarios, clients are easily and accurately identified but there are some limitations.
HealthInsight task recommendation
Configure network block listing to deny access from known malicious IP addresses or locations to your Okta tenant.
Okta recommends |
Enable this email notification so end users are informed about new sign-on activity, which can inform them if a different user has signed in to their account. |
Security impact |
High |
End-user impact |
Low End users receive an email notification if they sign in from a new or unrecognized client. |
Known limitations
Currently, new sign-on notifications don't use Improved New Device Behavior Detection when sending email notifications for new sign-ins. Changes to deviceToken or browser cookies may not trigger a new sign-on email notification.
Enable sign-on notification emails for end users
- In the Admin Console, go to .
- Under Security Notification Emails, click Edit.
- Set New sign-on notification email to Enabled.
- Click Save.
If your org has multiple brands, the previous steps affect the default brand only. Complete the following steps for other brands.
-
In the Admin Console, go to .
-
Choose the brand that you want, and then click Emails.
-
Select New Sign-On notification Email.
-
Click Edit next to audience, and then select All users.
-
Click Update.
Related topics
HealthInsight tasks and recommendations
Password changed notification for end users
Authenticator enrolled notification email for end users