Okta ThreatInsight is designed to detect and block high-volume credential-based attacks (password spraying, credential stuffing, and similar brute-force attacks) directed at Okta endpoints. This knowledge article aims to point customers to the technical brief describing how to get the most out of Okta ThreatInsight.
- Okta ThreatInsight
Configuring ThreatInsight
The degree to which ThreatInsight requires configuration depends largely on customer requirements.
If all users of an org authenticate directly to the Okta tenant, administrators can toggle ThreatInsight on with confidence (see Basic Configuration below).
This paper provides additional advice for customers with more complex authentication flows, such as customers who use:
- Third-party security network providers that intercept access requests between an originating client and Okta, or
- Externally-hosted resources such as Content Delivery Networks, or self-hosted sign-in widgets, or
- Trusted applications that process authentication requests en route to Okta.
Detailed advice for these scenarios is provided under Advanced Configuration.
