To prevent against phishing to improve security, Okta now gives admins the capability to whitelist certain Okta organizations that users would be able to access. This features helps ensure your end-users only log into approved Okta organizations, by preventing them from being able to access non-company sanctioned Okta organizations, effectively blocks all phishing attempts that use an Okta org.
Admin Point of View
If we haven’t contacted you about this beta already and you would like to participate, email firstname.lastname@example.org with the title “Anti-Phishing Whitelist Plugin Beta” and send your preview or sandbox URL for us to enable the feature. To turn the feature on, on your Admin dashboard go to Security -> Customization. Scroll down till you see a Browser Plugin panel on the left.
In the Security Organizations tab, in the drop-down choose the ‘Specify Organizations’ and another dropdown will appear asking you to list Okta organizations you would like to whitelist.
There is a limit of ten Okta orgs you can whitelist aside from the current org which is whitelisted by default.
End-User Point of View
If an end-user then tries to access an Okta org that is not on the whitelist, they will be prompted with a security warning by the plugin and the entire page will look disabled to them. The only action the user would be able to take is to close the tab/window.