Log and block authentication attempts from suspicious IP addresses.
ThreatInsight uses attack data from across our network to identify and block malicious login attempts.
Okta detects threats prior to authentication evaluation. Requests that Okta ThreatInsight blocks prevent user lockouts from suspicious IP addresses. Configure Okta ThreatInsight to detect suspicious IP addresses from credential-based attacks.
When Okta ThreatInsight actions are enabled, end users may sign in to their org as usual. If Okta detects a sign-in attempt from a malicious IP address and authentication requests are set to be blocked, the user receives an HTTP 403 error.