祐介遠.61991 (Customer) asked a question.
Hi team,
We have encountered an issue where several users were locked out due to repeated sign-in attempts. According to the logs, the requests are targeting the following URI: debugContext.debugData.requestUri eq "/api/v1/authn"
Our investigation shows that these attempts are coming from IP addresses outside of the users' usual locations. While we have already blocked these specific IPs, we are looking for a more fundamental solution to prevent this from recurring.
What would be the best way to handle this?
I tried to configure the Global Session Policy to use multiple behaviors with AND logic (e.g., New Device is POSITIVE AND Velocity is POSITIVE), but it seems that multiple behaviors are evaluated using OR logic instead.
Do you have any recommendations or alternative configurations to achieve this?
Best regards,
Hello @祐介遠.61991 (Customer) , thank you for contacting Okta Community, and Happy Holidays!
This issue seems too complex to be addressed here. I recommend that you open a Support ticket (Customer Support Account ID number required) so one of our engineers can analyze it and provide in-depth troubleshooting. You could also provide more details in a ticket that shouldn’t be given here, as this is a public space.
In the meantime, you may want to look into ThreatInsight. It can help you prevent credential-based attacks, including brute-force attacks. I'll leave the main page below, but you can read more by navigating the links on the bottom of the article and the left-side menu.
Okta ThreatInsight (main article)
Please note that opening a support ticket is a feature available only to paid accounts. If you do not have a paid account, but are interested in upgrading, you can contact our Sales team.
Keep in mind that some responses may be delayed due to the holiday schedule. We apologize for any inconvenience this may have cause you and thank you for your understanding.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.