<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Blocklisting an Entire Zone in Okta
Nov 28, 2025
Administration
Okta Classic Engine
Okta Identity Engine
Overview
This article provides guidance on the process of blocklisting an entire zone in Okta. By utilizing the IP Zones feature, entire zones can be designated as blocklisted, thereby preventing clients from these zones from accessing any URL of the organization.
Applies To
  • Okta environments where the IP Zones feature is enabled
  • Okta Classic Engine
Cause

To restrict access from entire zones, the zone needs to be marked as blocklisted.

Solution

To blocklist an entire zone, follow the steps or video below:


 

  1. Log in to the Okta Admin Console.

  2. Go to Security > Networks.

  3. Click Add Zone.

Add Zone

  1. Enter the Zone Name and Description.

  2. Under Gateway IPs, add the IP address range of the zone to the blocklist.

  3. Check the box next to Block access from IPs matching conditions listed in this zone.

Block access from IPs matching condition

  1. Click Save.


NOTE: When the Multiple Network Zones feature is activated, two network zones are automatically generated. One of these can be used for blocklisting IP addresses.

 

Related References

 

 

Recommended content

Still looking for help?
Loading
Blocklisting an Entire Zone in Okta