<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5KZ00000axaR60AIOkta Classic EngineAuthenticationAnswered2025-03-31T15:21:39.000Z2025-03-25T02:39:24.000Z2025-03-31T15:21:39.000Z

NeilC.50012 (Customer) asked a question.

Edited March 25, 2025 at 2:41 AM
Restrict IP Addresses on OIDC App

I have tried a number of different methods to restrict inbound IP addresses on an OIDC application with no luck. I have added a zone and created a rule. Applying one or both of these does not result in users getting blocked from authenticating through OKTA on IP addresses outside of the range I provided.

 

How can I set an IP range in an OIDC application and ensure that any user outside of that range cannot authenticate through the OKTA app

  • 4 answers
  • 212 views

  • NeilC.50012 (Customer)

    The answer here is that when you create a zone and then go to create your rules in your SAML or OIDC app, you need to create two rules each time. One rule for allow and one rule for deny

    Selected as Best

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @NeilC.50012 (Customer)​ Thank you for posting on our Community page!

     

    As long as the rule and Zone are configured properly, users trying to access the application outside of the set rage should not access the application.

    Please see below a similar question on this topic:

    https://devforum.okta.com/t/restrict-oidc-app/25978

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge

    Expand Post

  • NeilC.50012 (Customer)

    I guess that is the issue then. they must not be configured correctly but there is not a lot to the configuration. My rule is only using IF user's IP is In Zone. My zone has a single IP address range. When I Edit my IP Zone it shows my current IP address and the address in the gateway IP section. These are different but never blocks me from connecting.

  • NeilC.50012 (Customer)

    I have seen this work with countries but trying the same exact set up with IP addresses does not block users

  • NeilC.50012 (Customer)

    The answer here is that when you create a zone and then go to create your rules in your SAML or OIDC app, you need to create two rules each time. One rule for allow and one rule for deny

    Selected as Best
This question is closed.
Loading
Restrict IP Addresses on OIDC App