Okta improves account lockout behavior by blocking suspicious sign-in attempts from unknown devices. A known device was previously signed in to Okta, while an unknown device was never signed in. When an unknown device exceeds the maximum failed login attempts allowed by the password policy, Okta locks out new attempts from unknown devices but allows sign-ins from known devices. This prevents malicious parties from disrupting access and enhances account protection.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Block Suspicious Password Attempts from Unknown Devices
• Unknown Devices

How can an Okta Administrator configure the organization to block suspicious password attempts from unknown devices?

Navigate to the general security settings in the Admin Console and configure the protection against password-based attacks.

1.  In the Okta Admin Console, navigate to Security > General.
2. Scroll down to the Protect against password-based attacks section.
3. Click Edit.

4. Select Enabled from the Block suspicious password attempts from unknown devices dropdown menu.

5. Click Save.

Related References

• How to Allow Unknown Devices to Sign In