This article explains how to restrict user access based on time. 

NOTE: Okta Professional Services handles the creation of custom policies. If there are any specific questions about this article, support may be able to answer them.

• Okta Access Gateway (OAG)
• Application
• Custom Policy

There is no option within Okta core to restrict access to OSG apps based on time, but this can be achieved through OAG custom policy.

Under the application that needs to be restricted, some examples are below.

The operand ~ means match regex and !~ means not match regex.

This will return a 403 if the time is not equal to 08 hours to 17 hours (8 am-5pm):

ssi on;
if ($date_local !~ "\d{4} (0[8-9]|1[0-6]):[0-5][0-9]:[0-5][0-9] "){
return 403;
} 

 If GMT time is between 03:00:00 and 14:59:59, return 403:

ssi on;
      if ($date_gmt ~ "\d{4} [03..14]:[0-5][0-9]:[0-5][0-9]") {
        return 403;
      }

The configuration below can be used to display the time format. If set, when accessing the app, a file with the variable output is downloaded. Different variables can be used: the local time of the client machine, GMT, local time in the ISO 8601 standard format, and local time in the Common Log Format. (There may be more time variables not mentioned below.)

ssi on;
echo $date_local $date_gmt $time_iso8601 $time_local;