<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Behavior Profile Data Maintained for 90 Days
Sep 8, 2025
Lifecycle Management
Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine
Overview

This article clarifies Okta's data retention period for user behavior profiles.

Behavior Detection 

 
Applies To
  • Behavior detection
  • Data retention
Cause

Okta maintains behavior profile data for a rolling 90-day period. This retention schedule is a standard internal policy for application-generated system data. After 90 days, historical behavior data is automatically purged from the system.

Solution

The 90-day retention period for behavior profiles has a direct impact on authentication policy evaluation. If an authentication policy is configured to evaluate a user's IP address, location, or device, any previously seen behavior that is more than 90 days old will be treated by Okta as a new, unrecognized behavior. Depending on the specific policy rules, this may trigger additional security challenges, such as a Multi-Factor Authentication (MFA) prompt for the end user.

Recommended content

Still looking for help?
Loading
Behavior Profile Data Maintained for 90 Days