<!DOCTYPE html> <html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd" lang="en-us" xml:lang="en-us" class="_Skins_okta_html5_topnav_nav_poc" data-mc-search-type="Stem" data-mc-help-system-file-name="okta_help.xml" data-mc-path-to-help-system="../../../../" data-mc-has-content-body="True" data-mc-toc-path="Org-level security|ThreatInsight" data-mc-target-type="WebHelp2" data-mc-runtime-file-type="Topic;Default" data-mc-preload-images="false" data-mc-in-preview-mode="false"> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="typeofcontent" content="documentation" /> <meta name="audience" content="admin" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, height=device-height" /><title>Configure Okta ThreatInsight</title> <link rel="canonical" href="https://help.okta.com/en-us/content/topics/security/threat-insight/configure-threatinsight.htm" /> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <link rel="shortcut icon" href="../../../Resources/Images/favicon.ico" type="image/x-icon" /> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <!-- Pendo Script (Per Chris Bank) --> <!-- End Pendo Script --> <link href="../../../../Skins/Default/Stylesheets/Slideshow.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Default/Stylesheets/TextEffects.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Default/Stylesheets/Topic.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Default/Stylesheets/Components/Styles.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Default/Stylesheets/Components/Tablet.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Default/Stylesheets/Components/Mobile.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Default/Stylesheets/Components/Print.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Fluid/stylesheets/foundation.6.2.3.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Fluid/stylesheets/styles.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Fluid/stylesheets/tablet.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Fluid/stylesheets/mobile.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link href="../../../../Skins/Fluid/stylesheets/print.css" rel="stylesheet" type="text/css" data-mc-generated="True" /> <link rel="stylesheet" href="https://static.cloud.coveo.com/searchui/v2.5395/css/CoveoFullSearchNewDesign.css" /> <style>/*&lt;meta /&gt;*/ .button.select-language-button { -pie-background: linear-gradient(#ffffff, #ffffff); } .needs-pie { behavior: url('../../../../Resources/Scripts/PIE-no-motw.htc'); } </style> <link href="../../../resources/stylesheets/okta-main-new-nav.css" rel="stylesheet" type="text/css" /> <script src="../../../../Resources/Scripts/jquery.min.js" type="text/javascript"> </script> <script src="../../../../Resources/Scripts/purify.min.js" type="text/javascript" defer="defer"> </script> <script src="../../../../Resources/Scripts/require.min.js" type="text/javascript"> </script> <script src="../../../../Resources/Scripts/require.config.js" type="text/javascript" defer="defer"> </script> <script src="../../../../Resources/Scripts/foundation.6.2.3_custom.js" type="text/javascript"> </script> <script src="../../../../Resources/Scripts/plugins.min.js" type="text/javascript" defer="defer"> </script> <script src="../../../../Resources/Scripts/MadCapAll.js" type="text/javascript" defer="defer"> </script> <script> /* <![CDATA[ */ (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-NMZZV4P'); /* ]]> */ </script> <script> /* <![CDATA[ */ (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KXMLV58'); /* ]]> */ </script> <script> /* <![CDATA[ */ (function(apiKey){ (function(p,e,n,d,o){var v,w,x,y,z;o=p[d]=p[d]||{};o._q=o._q||[]; v=['initialize','identify','updateOptions','pageLoad','track'];for(w=0,x=v.length;w<x;++w)(function(m){ o[m]=o[m]||function(){o._q[m===v[0]?'unshift':'push']([m].concat([].slice.call(arguments,0)));};})(v[w]); y=e.createElement(n);y.async=!0;y.src='https://cdn.pendo.io/agent/static/'+apiKey+'/pendo.js'; z=e.getElementsByTagName(n)[0];z.parentNode.insertBefore(y,z);})(window,document,'script','pendo'); pendo.initialize({ visitor: { id: 'VISITOR-UNIQUE-ID' }, account: { id: 'ACCOUNT-UNIQUE-ID' } }); })('a9bd3885-93ae-46ab-700b-dd29e613c19d'); /* ]]> */ function openSurvey() { window.open('https://surveys.okta.com/jfe/form/SV_e4L0iW8a3tz8Yol?source=' + encodeURIComponent(document.location.href), '_blank'); } </script> </head> <body> <div class="foundation-wrap off-canvas-wrapper"> <div class="off-canvas-wrapper-inner" data-off-canvas-wrapper=""> <aside class="off-canvas position-right" role="navigation" id="offCanvas" data-off-canvas="" data-position="right" data-mc-ignore="true"> <ul class="off-canvas-drilldown vertical menu off-canvas-list" data-drilldown="" data-mc-back-link="Back" data-mc-css-tree-node-expanded="is-drilldown-submenu-parent" data-mc-css-tree-node-collapsed="is-drilldown-submenu-parent" data-mc-css-sub-menu="vertical menu slide-in-right is-drilldown-submenu" data-mc-include-indicator="False" data-mc-include-icon="False" data-mc-include-parent-link="True" data-mc-include-back="True" data-mc-defer-expand-event="True" data-mc-expand-event="click.zf.drilldown" data-mc-toc="True"> </ul> </aside> <div class="off-canvas-content inner-wrap" data-off-canvas-content=""> <div data-sticky-container="" class="title-bar-container"> <nav class="title-bar tab-bar sticky" role="banner" data-sticky="" data-options="marginTop:0" style="width:100%" data-sticky-on="only screen and (max-width: 1024px)" data-mc-ignore="true"><a class="skip-to-content fluid-skip showOnFocus" href="#">Skip To Main Content</a> <div class="middle title-bar-section outer-row clearfix"> <div class="menu-icon-container relative clearfix"> <div class="central-account-wrapper"> <div class="central-dropdown"><a class="central-account-drop"><span class="central-account-image"></span><span class="central-account-text">Account</span></a> <div class="central-dropdown-content"><a class="MCCentralLink central-dropdown-content-settings">Settings</a> <hr class="central-separator" /><a class="MCCentralLink central-dropdown-content-logout">Logout</a> </div> </div> </div> <button class="menu-icon" aria-label="Show Navigation Panel" data-toggle="offCanvas"><span></span> </button> </div> </div> <div class="title-bar-layout outer-row"> <div class="logo-wrapper"><a class="logo" href="https://help.okta.com/okta_help.htm?id=csh-index" alt="Okta"></a> </div> <div class="navigation-wrapper nocontent"> <ul class="navigation clearfix" role="navigation" data-mc-css-tree-node-has-children="has-children" data-mc-css-sub-menu="sub-menu" data-mc-expand-event="mouseenter" data-mc-top-nav-menu="True" data-mc-max-depth="2" data-mc-include-icon="False" data-mc-include-indicator="False" data-mc-include-children="True" data-mc-include-siblings="True" data-mc-include-parent="True" data-mc-toc="True"> <li class="placeholder" style="visibility:hidden"><a>placeholder</a> </li> </ul> </div> <div class="central-account-wrapper"> <div class="central-dropdown"><a class="central-account-drop"><span class="central-account-image"></span><span class="central-account-text">Account</span></a> <div class="central-dropdown-content"><a class="MCCentralLink central-dropdown-content-settings">Settings</a> <hr class="central-separator" /><a class="MCCentralLink central-dropdown-content-logout">Logout</a> </div> </div> </div> <div class="nav-search-wrapper"> <div class="nav-search row"> <form class="search" action="#"> <div class="search-bar search-bar-container needs-pie"> <input class="search-field needs-pie" type="search" aria-label="Search Field" placeholder="Search" /> <div class="search-filter-wrapper"><span class="invisible-label" id="search-filters-label">Filter: </span> <div class="search-filter" aria-haspopup="true" aria-controls="sf-content" aria-expanded="false" aria-label="Search Filter" title="All Files" role="button" tabindex="0"> </div> <div class="search-filter-content" id="sf-content"> <ul> <li> <button class="mc-dropdown-item" aria-labelledby="search-filters-label filterSelectorLabel-00001"><span id="filterSelectorLabel-00001">All Files</span> </button> </li> </ul> </div> </div> <div class="search-submit-wrapper" dir="ltr"> <div class="search-submit" title="Search" role="button" tabindex="0"><span class="invisible-label">Submit Search</span> </div> </div> </div> </form> </div> </div> </div> </nav> </div> <div class="main-section"> <div class="row outer-row sidenav-layout"> <nav class="sidenav-wrapper"> <div class="sidenav-container"> <ul class="off-canvas-accordion vertical menu sidenav" data-accordion-menu="" data-mc-css-tree-node-expanded="is-accordion-submenu-parent" data-mc-css-tree-node-collapsed="is-accordion-submenu-parent" data-mc-css-sub-menu="vertical menu accordion-menu is-accordion-submenu nested" data-mc-include-indicator="False" data-mc-include-icon="False" data-mc-include-parent-link="False" data-mc-include-back="False" data-mc-defer-expand-event="True" data-mc-expand-event="click.zf.accordionMenu" data-mc-toc="True" data-mc-side-nav-menu="True"> </ul> </div> </nav> <div class="body-container"> <div data-mc-content-body="True"> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NMZZV4P" height="0" width="0" style="display:none;visibility:hidden"></iframe> </noscript> <!-- End Google Tag Manager (noscript) --> <!-- Google Tag Manager (noscript) --> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KXMLV58" height="0" width="0" style="display:none;visibility:hidden"></iframe> </noscript> <!-- End Google Tag Manager (noscript) --> <!-- Coveo config parameters --> <div id="coveo_org_id" style="Display:None"><span class="mc-variable okta-coveo-config.OrgId variable">oktaproduction9ounvcxa</span> </div> <div id="coveo_rest_uri" style="Display:None"><span class="mc-variable okta-coveo-config.PlatformRestUri variable">https://platform.cloud.coveo.com/rest/search</span> </div> <div id="coveo_search_url" style="Display:None"><span class="mc-variable okta-coveo-config.SearchPageUrl variable">https://support.okta.com/help/s/global-search/%40uri</span> </div> <div id="coveo_token_url" style="Display:None"><span class="mc-variable okta-coveo-config.SearchTokenServiceUrl variable">https://support.okta.com/help/services/apexrest/PublicSearchToken?site=help</span> </div> <div id="coveo_dev_org_id" style="Display:None"><span class="mc-variable okta-coveo-config.DevOrgId variable">oktanonproduction1il1gtac7</span> </div> <div id="coveo_token_url_dev" style="Display:None"><span class="mc-variable okta-coveo-config.SearchTokenServiceUrlDev variable">https://qo2dt8ecve.execute-api.us-west-2.amazonaws.com/dev/token?site=help</span> </div> <!-- End Coveo config parameters --> <!-- ************** Coveo Search bar ************************************* --> <!-- set margin and size in /Content/Resources/Scripts/coveo-resources/css/Coveo.Okta.StandaloneSearchbox.min.css to make room for replacing Flare-generated top-nav with HTML code (see below)--> <div id="OLC_Coveo_Headline" class="coveo-headline-wrapper" data-mc-conditions="MultiProdPublish.SearchBar"> <div class="slds-p-vertical_small"> <!--Search Bar--> <div class="slds-grid slds-grid_align-center"> <div id="customSelect" class="CoveoCustomSelect slds-float_right"> </div> <div id="standaloneSearchbox"> <div class="CoveoAnalytics" data-search-hub="OktaCommunityFullSearch"> </div> <div class="CoveoTab" data-id="Help" data-caption="Help" style="display:none"> </div> <div class="CoveoSearchbox" data-enable-omnibox="true" data-enable-query-suggest-addon="true"> </div> </div> </div> </div> </div> <div class="replace_top_nav"> <div class="navbar" data-mc-conditions="Primary.live-site-only"> <div class="dropdown" data-test="menuBarCategory" id="documentationMenu" data-mc-conditions="MultiProdPublish.DocMenu"> <button class="dropbtn">Documentation <em class="fa fa-caret-down"></em></button> <div class="dropdown-content" data-test="menuBarItems"> <div><a href="https://help.okta.com/okta_help.htm?type=oie&amp;id=oie-index" data-test="menuBarLink">Identity Engine</a> </div> <div><a href="https://help.okta.com/okta_help.htm?id=index-admin" data-test="menuBarLink">Classic Engine</a> </div> <div><a href="https://help.okta.com/okta_help.htm?type=oag&amp;id=ext_oag_main" data-test="menuBarLink">Access Gateway</a> </div> <div><a href="https://help.okta.com/okta_help.htm?type=asa&amp;id=csh-asa-overview" data-test="menuBarLink">Advanced Server Access</a> </div> <div><a href="https://help.okta.com/okta_help.htm?type=wf&amp;id=ext-Okta-workflows" data-test="menuBarLink">Workflows</a> </div> </div> </div> <div class="dropdown" data-test="menuBarCategory" id="relnotesMenu" data-mc-conditions="MultiProdPublish.DocMenu"> <button class="dropbtn">Release notes <em class="fa fa-caret-down"></em></button> <div class="dropdown-content" data-test="menuBarItems"> <div><a href="https://help.okta.com/okta_help.htm?type=oie&amp;id=csh-oie-release-notes" data-test="menuBarLink">Identity Engine</a> </div> <div><a href="https://help.okta.com/okta_help.htm?id=ext_okta_relnotes" data-test="menuBarLink">Classic Engine</a> </div> <div><a href="https://help.okta.com/okta_help.htm?type=oag&amp;id=ext_oag_releasenotes" data-test="menuBarLink">Access Gateway</a> </div> <div><a href="https://help.okta.com/okta_help.htm?type=asa&amp;id=ext-asa-releasenotes" data-test="menuBarLink">Advanced Server Access</a> </div> <div><a href="https://help.okta.com/okta_help.htm?type=wf&amp;id=ext-workflows-releasenotes" data-test="menuBarLink">Workflows</a> </div> </div> </div> <div class="dropdown" data-test="menuBarCategory" id="oktaDevDocsMenu"><a href="https://developer.okta.com/" target="_blank" data-test="menuBarLink">Okta Developer</a> </div> <div class="dropdown" data-test="menuBarCategory" id="auth0Menu"><a href="https://auth0.com/docs" target="_blank" data-test="menuBarLink">Auth0</a> </div> <div class="dropdown" data-test="menuBarCategory" id="trainingMenu"><a href="https://www.okta.com/services/training/" target="_blank" data-test="menuBarLink">Training</a> </div> <div class="dropdown" data-test="menuBarCategory" id="supportMenu"><a href="https://support.okta.com/help/s/?language=en_US" target="_blank" data-test="menuBarLink">Support</a> </div> </div> <div class="logo_container" id="OktaBanner" data-mc-conditions="Primary.live-site-only"><a class="logo" href="https://help.okta.com/okta_help.htm?id=csh-index" data-test="OktaBanner"><img src="../../../resources/images/okta-assets/logo.png" alt="Okta Docs" title="Okta Docs" data-test="OktaBannerImg" /></a> </div> <div class="toolbar-main" data-test="toolBar" data-mc-conditions="Primary.live-site-only"> <div class="buttons popup-container clearfix topicToolbarProxy _Skins_okta_toolbar_no_expand mc-component nocontent" style="mc-topic-toolbar-items: ;"> <div class="button-group-container-left"> <button class="button needs-pie select-language-button" title="Change language"> <div> <div role="img" class="button-icon-wrapper" aria-label="Change language"> <div class="button-icon"> </div> </div> </div> </button> </div> </div> </div> </div> <!-- ********************** Main content row ********************** --> <div class="okta-topics" data-test="bodyWrapper"> <!-- *** Col1: Body Col *** --> <div> <div class="is-not-in-mobile"> <!-- Breadcrumbs --> <div class="nocontent"> <div class="MCBreadcrumbsBox_0 breadcrumbs" role="navigation" aria-label="Breadcrumbs" data-mc-breadcrumbs-divider=" &gt; " data-mc-breadcrumbs-count="3" data-mc-toc="True"> </div> </div> </div> <div class="oie-label" data-mc-conditions="MultiProdPublish.Classic"> <img class="oie-label" title="Label: Okta Classic Engine content" src="../../../resources/images/okta-assets/classic_engine.svg" /> </div> <div class="body-main" data-test="bodyContent"> <!-- Main content body --> <div role="main" id="mc-main-content"> <h1>Configure <span class="mc-variable okta-feature-names.Okta_ThreatInsight variable">Okta ThreatInsight</span></h1> <p>Configure <span class="mc-variable okta-feature-names.Okta_ThreatInsight variable">Okta ThreatInsight</span> to detect malicious IP addresses that attempt credential-based attacks.</p> <h2><a name="BeforeYouBegin"></a>Before you begin</h2> <ul> <li>Create an IP zone that contains trusted IP addresses for your org so it may be exempted from <span class="mc-variable okta-feature-names.Okta_ThreatInsight variable">Okta ThreatInsight</span>. </li> <li>Trusted IP addresses include IP addresses for network gateways, or <span class="mc-variable okta-variables.ProductName variable">Okta</span> agents, and others. See for <a href="exempt-ip-zone-threatinsight.htm" class="MCXref xref">Exclude IP zones from Okta ThreatInsight evaluation</a>.</li> </ul> <h2><a name="Procedures"></a>Start this task</h2> <ol> <li value="1">In the <span class="mc-variable okta-feature-names.Admin_Console variable">Admin Console</span>, go to <span class="menucascade"><span class="uicontrol">Security</span><span class="uicontrol">General</span></span>.</li> <li value="2">Go to <span class="wintitle">Okta ThreatInsight settings</span>.</li> <li value="3">Click <span class="uicontrol">Edit</span>. A list of actions appears: <ul><li><span class="uicontrol">No Action</span>: <span class="mc-variable okta-feature-names.Okta_ThreatInsight variable">Okta ThreatInsight</span> actions aren't enabled. <span class="mc-variable okta-variables.ProductName variable">Okta</span> collects <span class="mc-variable okta-feature-names.Okta_ThreatInsight variable">Okta ThreatInsight</span> data for aggregation purposes even if this option is selected.</li><li><span class="uicontrol">Log authentication attempts from malicious IPs</span>: ThreatInsight records information about sign-in attempts from potentially malicious IP addresses in the System Log.</li><li><span class="uicontrol">Log and enforce security based on threat level</span>: ThreatInsight can limit or block authentication requests from suspicious IP addresses based on the threat level detected. For example, if a specific IP address is suspected of malicious activity but the threat level is considered low, authentication requests from the IP address aren't denied access but might be subjected to a rate limit. The rate limit helps ensure that requests from a suspicious IP address don't overload authentication services and affect legitimate traffic. With the option to limit access requests from suspicious IP addresses, ThreatInsight can reduce the risk of malicious activity without blocking access for legitimate users. However, if an IP address is suspected of malicious activity and the threat level detected is high, authentication requests from the IP address are blocked.</li></ul></li> </ol> <ol start="4"> <li value="4">Select the desired action for your org.</li> <li value="5">Add any trusted network zones that you want to exclude from threat detection.</li> <li value="6">Click <span class="uicontrol">Save</span>. <div class="noteOkta"><p class="noteContent">It may take a few minutes for any changes to these settings to take effect.</p></div></li> </ol> </div> </div> </div> </div> <!-- div class="toolbar-main"> <MadCap:topicToolbarProxy data-mc-skin="/Project/Skins/okta-toolbar-no-expand.flskn" style="mc-topic-toolbar-items: ;" /> </div --> <!-- *********************** Footer rows ********************************* --> <div class="footer2" data-test="footer"> <div> <p class="copyright" data-test="copyrightNotice">漏 <span class="mc-variable okta-variables.Year variable">2024</span> <span class="mc-variable okta-variables.CompanyName variable">Okta, Inc</span>. All Rights Reserved. Various trademarks held by their respective owners. </p> </div> </div> <!-- ********************** Scripts ************************************* --> <script src="../../../resources/scripts/js/ignore-dompurify.js"> </script> <script src="../../../resources/scripts/js/app.js"> </script> <script src="../../../resources/scripts/js/vendor/what-input.js"> </script> <script src="https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.4-rc1/js/foundation.min.js"> </script> <!-- Coveo --> <script src="https://static.cloud.coveo.com/searchui/v2.5395/js/CoveoJsSearch.Lazy.min.js" defer="defer"> </script> <script src="../../../resources/scripts/coveo-resources/js/cultures/en.js" id="coveoCultureScript" defer="defer"> </script> <script src="../../../resources/scripts/coveo-resources/js/coveo.madcapflare.requirejs.js" id="coveoRequireScript" defer="defer"> </script> <script src="../../../resources/scripts/coveo-resources/js/coveo.madcapflare.okta.js" id="coveoInitscript" defer="defer"> </script> <!-- Feedback tab for Qualtrics survey --> <div id="feedback-tab" data-mc-conditions="Primary.live-site-only"><a id="feedback-link" href="#" onclick="openSurvey(); return false" target="_blank" title="Submit feedback"><div id="feedback-container"><p id="feedback-text" translate="no">Feedback</p></div></a> </div> </div> </div> </div> </div><a data-close="true"></a> </div> </div> </div> </body> </html>