This article provides steps to block a specific IP address from accessing an organization by creating a Network Zone. This action is a necessary security measure when a malicious actor's activity causes rate limit violations or user lockouts, and the System Log displays messages such as:

Okta Rate Limit Warning

Okta Rate Limit Reached

Okta Burst Rate Limits Activated

• Network Zones
• Security

A malicious actor is using a specific IP address to attack the organization. This activity results in rate limit violations or user lockouts.

1. Identify the IP address of the threat actor from the Rate Limits Dashboard or the System Log.

2. Navigate to the Okta Admin Console.
3. Go to Security > Networks.
4. Select Add zone and choose IP Zone.
5. Enter a descriptive Zone name, such as "IP Addresses Blocked From Accessing Organization".

6. Select the checkbox for Block access from IPs matching conditions listed in this zone.
7. In the Gateway IPs field, enter the IP address identified in the first step.
8. Select Save.

NOTE: When an IP address is blocked, the following event is logged in the System Log:

security.request.blocked Blocked request from IP

Related References

• Create zones for IP addresses
• Network Zones