JeremyH.86309 (Customer) asked a question.
Is multiple behavior detection and or or by default. Where to add expression language
Hello,
2 things.
- I am using behavior detection to for different authentication policies. I know how to create the behaviors and use single behaviors in a sign on policy. I also know you can add multiple behaviors to one sign on policy. By default in the Sign-On GUI are multiple behavior in one policy evaluated as an "And" statement or as an "Or" statement?
- I see where Okta docs refer to being able to use expression language to set up combinations of behaviors in sign-on policies to be evaluated as an "And" or as an "Or". Unfortunately I do not see anything in the docs about where/how you enter these expression language statements? Do you know where I do this or docs that show it?
Thanks
Jeremy
Hi @JeremyH.86309 (Customer) , Thank you for reaching out to the Okta Community!
If you add multiple Behaviors in your sign on policy, they will be treated as "OR" statement.
Please the following articles for confirmation:
https://help.okta.com/en/prod/Content/Topics/Security/policies/configure-signon-policies.htm
https://help.okta.com/en/prod/Content/Topics/Security/behavior-detection/add-rule-behavior-detection.htm
To answer your second question, the custom expression option is only available for the Okta Identity Engine orgs.
https://help.okta.com/oie/en-us/Content/Topics/identity-engine/devices/el-add-to-asop.htm
Hope this helps!