DominicF.29945 (Customer) asked a question.
Client to Client API for Game Client - Blacklist all IPs except 1
Hi all,
I'm building out an API using Okta for the first time, so apologise if the question is simple - I'm trying to understand if it's possible to block ALL IP addresses calling the endpoint, unless they're in a whitelist. I've read a little bit about blocking "Zones", but nothing about blocking everything, unless it's on a whitelist.
For some background, I want my game client to be able to hit an endpoint to generate an auth token, which it can then use as auth to perform further actions on my server.
Hi Dominic,
Thank you for posting on our community portal.
At this time it is not possible to blacklist all but one IP address in Okta, if you create a Dynamic Network Zone that blacklists everything and another zone that whitelists one address the blacklist will take priority at evaluation and the attempt will still be blocked.
As a workaround you can use Okta Sign On Policies, you can create a new policy with two rules:
At authentication the rules will be evaluated from top to bottom and if the auth attempt is NOT from your IP then it will fall to the second rule which denies access.
For reference please see: https://help.okta.com/en/prod/Content/Topics/Security/Security_Policies.htm#:~:text=Okta%20Sign-On%20Policies
Marian Cambei
Technical Support Engineer
Okta Global Customer Care