New Beta Feature: Anti-phishing whitelist via Okta Plugin Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.

New Beta Feature: Anti-phishing whitelist via Okta Plugin

Jul 19, 2016 | by Ahmed Al-Bahar in Security

To prevent against phishing to improve security, Okta now gives admins the capability to whitelist certain Okta organizations that users would be able to access. This features helps ensure your end-users only log into approved Okta organizations, by preventing them from being able to access non-company sanctioned Okta organizations, effectively blocks all phishing attempts that use an Okta org.

The Feature

Admin Point of View
If we haven’t contacted you about this beta already and you would like to participate, email with the title “Anti-Phishing Whitelist Plugin Beta” and send your preview or sandbox URL for us to enable the feature. To turn the feature on, on your Admin dashboard go to Security -> Customization. Scroll down till you see a Browser Plugin panel on the left.
BrowerPlugin Settings
In the Security Organizations tab, in the drop-down choose the ‘Specify Organizations’ and another dropdown will appear asking you to list Okta organizations you would like to whitelist.
BrowserPlugin Settings Whitelist

There is a limit of ten Okta orgs you can whitelist aside from the current org which is whitelisted by default.

End-User Point of View
If an end-user then tries to access an Okta org that is not on the whitelist, they will be prompted with a security warning by the plugin and the entire page will look disabled to them. The only action the user would be able to take is to close the tab/window.
End User Anti-phishing popup