This feature improves account lockout behavior by adding the ability to block suspicious sign-in attempts from unknown devices. Users who log in to Okta with devices used before will not be locked out when unknown devices cause lockouts.
With this feature, Okta can detect whether sign-in attempts are coming from a known or unknown device. A known device is a device that has been previously used to sign in to Okta. An unknown device is the one that has never been used to sign in to Okta.
When a user logs in from an unknown device (computer, browser, IP), Okta will allow them to try passwords for as many attempts as is configured in the password policy. If the user fails to log in the maximum number of times allowed, the account will be locked out on that new device. However, if Okta determines that the failed sign-in attempts are coming from an unknown device, Okta locks out new attempts from unknown devices but allows sign-ins from known devices. This helps prevent malicious parties from disrupting Okta users' access to their accounts and enhances account protection.
- Block Suspicious Password Attempts from Unknown Devices
- Unknown Devices
To block suspicious password attempts from unknown devices, perform the following in the Admin console:
- Navigate to Security > General and enter the below security configuration under Protect against password-based attacks.
