Administrators can block TOR connections from accessing an Okta organization by configuring an Enhanced Dynamic Network Zone (EDNZ). This configuration prevents unauthorized access from anonymized IP addresses by explicitly blocking the TOR IP service category.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Enhanced Dynamic Network Zone (EDNZ)
• TOR

What steps configure an Enhanced Dynamic Network Zone to block TOR connections?

To block TOR connections, create a new Enhanced Dynamic Network Zone in the Okta Admin Console, configure the zone to block access, and specify the TOR IP service category.

1. Sign in to the Okta Admin Console.
2. Navigate to Security > Networks.
3. Select Add Zone > Enhanced dynamic zone.
   
4. Enter a name for the zone that blocks all TOR connections.
5. Select the Block access from IPs matching conditions listed in this zone checkbox.
6. Select the Include the following IP service categories button.
7. In the Type an IP service category name field, enter ANONYMIZER_TOR.
   
8. Select Save.

Related References

• Enhanced dynamic zones
• How to Allowlist an IP Blocked by Network Zones