Okta ThreatInsight

Okta ThreatInsight aggregates data about sign-in activity across the Okta customer base to analyze and detect potentially malicious IP addresses and to prevent credential-based attacks such as:

  • password spraying
  • credential stuffing
  • brute-force cryptographic attacks

Because ThreatInsight collects information about the origin of sign-in activity directed at Okta organizations and Okta endpoints, it provides a security baseline for all Okta customers. You can choose to log events for auditing or to log events and block traffic that ThreatInsight has identified as suspicious. If you choose to log and block traffic, Okta automatically denies access to sign-in requests that come from potentially malicious IP addresses that ThreatInsight has detected.

About Okta ThreatInsight

Configure Okta ThreatInsight

Exclude IP zones from Okta ThreatInsight evaluation

System Log events for Okta ThreatInsight