<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Differences Between the Okta DefaultExemptIpZone Feature and ThreatInsight Exclude IP Zones

Administration
Okta Classic Engine
Okta Identity Engine

Overview

The Okta DefaultExemptIpZone feature automatically allows traffic from specific IP addresses and bypasses Okta ThreatInsight evaluation. In contrast, ThreatInsight Exclude IP zones accept any Network Zone to prevent ThreatInsight from evaluating those specific IP addresses.

Applies To

  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • IP Zones
  • Okta ThreatInsight

Cause

 

 

Solution

What are the differences between the DefaultExemptIpZone and ThreatInsight Exclude IP zones?

The IP exempt zone feature creates the DefaultExemptIpZone zone. Okta automatically allows traffic from the IP addresses within this zone, and Okta ThreatInsight does not evaluate these IP addresses.

The ThreatInsight Exclude IP zones field accepts any Network Zone and prevents ThreatInsight from evaluating those IP addresses.

Configure the ThreatInsight Exclude IP zones by navigating to the Okta ThreatInsight settings in the Admin Console and adding the desired Network Zones to the exempt list.

Okta ThreatInsight settings

The DefaultExemptIpZone zone automatically allows the included IP addresses without requiring the addition of the zone to the Okta ThreatInsight settings. Both the Exempt Zones and the DefaultExemptIpZone zone prevent ThreatInsight from evaluating the listed IP addresses during log-in. Gateway IP addresses within the DefaultExemptIpZone always have access to Okta resources, offering a bypass to IP and Autonomous System Number (ASN) session binding based on the client IP address.

 

Related References

Loading
Okta Support - Differences Between the Okta DefaultExemptIpZone Feature and ThreatInsight Exclude IP Zones