Okta Network Zones. Add ASN in the ISP ASNs field that would be added to the network zone
Add ASN in the ISP ASNs field that would be added to the network zone. Click the Sign On tab. Network Zones are configurable boundaries that you can use This article provides the steps to allowlist a trusted IP address to bypass network zone restrictions using the DefaultExemptIpZone feature. Add a network zone to policies Okta Developer IP Zones are a type of network zone that enables administrators to define network perimeters around a set of IP addresses. Network Zones are configurable boundaries that you can use Aug 24, 2018 · Is this using the X-Forwarded-For header or similar to match for client IP -> gateway IP? IE if gateway is IP1 and proxy is IP2, then create a network zone with IP2 in the proxy ip addresses and IP1 in the gateway IP addresses, and Okta will obtain the gateway IP from the 'X-Forwarded-For' header? Dec 9, 2024 · During one of these reviews, Okta observed customers using a Network Zone configuration that could result in unintended consequences for their security posture. A gateway is an IP address that a request must pass through to gain access. Learn how to set up network zones in Okta. Apr 4, 2025 · This article explains how to restrict or allow access to an Okta tenant based on location while also allowing a way to grant access to users who are traveling to other countries or need to gain access outside of the specified location. If the IP chain of the request contains more than one IP address, Okta compares the chain to all proxy IPs defined in all IP zones for that org. Okta compares both the location and proxy type with the ASN conditions to determine if there's a match. Add a network zone to policies You can add a network zone to Okta sign-on policies to manage network access. Generate a Proxy IP report Prepare for creating network zones by generating a list of the IP addresses used as proxies in your org. Sep 18, 2024 · This article describes the steps to find a network zone's ID using the browser's developer tools. Dynamic zones Dynamic zones define network perimeters based on location, IP address type, and autonomous system number (ASN). After you define one or more network zones, you can use them in Okta sign IP zones IP zones define network perimeters around a set of IP addresses. When you add a gateway to your IP zone, a request's IP address must match the gateway to be considered within zone. Explore how to define and implement network zones in Okta to manage access based on IP addresses, geographic locations, and connection types. A trusted Manage network zones Learn how to create and edit the different types of network zones. Mar 18, 2025 · Importing it via zoneID, the same as the other okta_network_zone s, makes sense to me here, though it would be really nice if the okta tf provider handled the lookup for us so we didnt have to get the id from the admin console or manual API calls. Applies To Network zones Dynamic zones Blocklist Allowlist Countries Regions Solution Afghanistan Badakhshān Baghlān Balkh Bādghīs Bāmyān Dāykundī Farāh Fāryāb Ghaznī Ghōr Helmand Herāt Jowzjān Kandahār Khōst Kunar Kunduz Enhanced dynamic zone evaluation Okta verifies whether the enhanced dynamic zone configuration matches the location, IP service categories, and ASN of the IP where the request originates. When you add an IP to a zone, the traffic from this IP is blocked or allowed access based on how you've configured the zone. Is there a way I can get network zones applied at a per-application level? Thanks! AS-Blob-Storage-Add-Domains-to-Zscaler-URL-Category AS-Block-GitHub-User AS-Block-Hash-in-Defender AS-Clear-Okta-Network-Zone-List AS-Compromised-Machine-Tagging Network zones FAQ The network zones FAQ is a resource that provides useful information and common questions about network zones. However, the Authentication -> Sign On Policies don't seem to allow me to select a particular application to enforce on. Additional controls include network zone restrictions and tenant access control lists (TACLs) that deny access from anonymous services favored by threat actors. Frequently Asked Questions: I’m an existing employee of a company and I don’t remember the URL for the login page for my organization? Nov 6, 2025 · Okta is an enterprise-grade identity management service built for the cloud but compatible with many on-premises applications. This article provides information on configuring and using IP zones in Okta. Manage network zones Learn how to create and edit the different types of network zones. The company also said that threat actors are “frustrated” when network zones and tenant access control lists are set up, since they deny access via the anonymizing services that they prefer. Network zones contain a list of IP addresses, and dynamic zones contain a list of locations, ASNs, or IP types. com Try Okta for free In this episode, Nathanael, a certified Okta professional, walks you through how to configure a network zone in Okta.