Okta
Octa
Enable ThreatInsight
The ThreatInsight function detects login attempts from suspicious IPs, outputs detection logs, and executes actions to block logins. By using this function, it is possible to prevent lockouts due to repeated login attempts from suspicious IPs. Enabling this logging and blocking feature is recommended by Okta.
Enable ThreatInsight
- Go to Security > General screen and display "Okta ThreatInsight Settings" at the bottom of the screen
- Click Edit
- Select any value in the Action item
- No action
- ThreatInsight functionality is disabled.
- Log authentication attempts from malicious IPs
- A log is output to SystemLog when a login attempt from a suspicious IP occurs.
- Log and block authentication attempts from malicious IPs
- When a login attempt from a suspicious IP occurs, block login with log output to SystemLog and respond with HTTP403 error. (Recommended by Okta)
- In the Exempt Zones item, specify the zones that are excluded from suspicious IP judgment, and define the zones in advance.
Example: Specify "Corporate Network" that defines the global IP of the office to exclude access from the company's office from the judgment target
- Click Save
If the System Log output when a suspicious login attempt occurs is enabled, the output will be as follows.
To extract the relevant event in the System Log, enter "eventType eq "security.threat.detected"" in the search bar.
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Weekdays: 9:00-17:00