
f6dkj (f6dkj) asked a question.
We had a user get blocked due to an expired credential, after resetting her password, her IP was still being blocked. How can we "unblock" an IP address without adding a permanent whitlisted IP? We don't want to do that as the IP is transient to a home user and could be reassigned allowing for reduced security.

Hi Brian,
IPs that are blocked by ThreatInsight should be cleared after 24 hours, if no other suspicious activity is recorded. From the end-user side, if the IP is dynamic, a change should be possible. From the Okta side, at this time, the best approach would be to whitelist the IP for a day, and then remove it from the whitelist afterwards.
The procedure to do that is detailed here:
https://support.okta.com/help/s/article/How-to-whitelist-an-IP-from-HealthInsight?language=en_US
Hi Sebastian,
Thanks for your reply. I did finally get a similar answer from support. However, I do feel this 24 hour thing should be something that an admin can bypass, and/or clear without putting a potentially permanent record in to whitelist.
I have added an "Idea" feature-request into the portal for this. I would also recommend (unless I missed it) ensuring this 24 hour thing is included in the technical documentation for ThreatInsight, so customers don't have to scramble when they have a user who is unable to log in due to a block like this.
Thanks
Brian
I agree with Brian here. Seems silly to have to put something on a whitelist to do a temporary bypass.
I added a blocked IP address by ThreatInsight to whitelist and IP address is still being blocked as suspicious. Is there any way to clear the flag?
This can be pretty impactful to tell a CEO that he is not able to login to his company because we have to wait 24 hours. I really think this should be something that could be done on the admin side.