Configure Okta General Security settings

NEW ORG SETUP Learn how to configure Okta General Security settings according to Addova best practices. General security settings include specifying the security-related email notifications administrators receive, device binding for session creation, and protection against password-based attacks. You will also configure Okta ThreatInsight and specify the actions Okta will take when suspicious activity is detected, as well as identify known safe network zones that are exempt from these actions.

5 STEPS

Step 1: Enable all security notification emails

In Okta, navigate to Security > General.

In the Security notification emails section, click Edit.

Enable all the email notifications and click Save.

Step 2: CAPTCHA integration considerations

We recommend you do not enable CAPTCHA because it increases friction in the user login experience, and users are already strongly secured if you follow our other configuration recommendations.

However, we understand some might consider this option if the client has been breached before or there is a heightened risk.

If you decide to use CAPTCHA, refer to the CAPTCHA integration section of Okta's General Security documentation.

Step 3: Review organization security settings

Leave all the default settings.

However, you can confirm that the settings are as follows:

IP binding for admin console = Enabled
Remember user on sign in = Enabled
Stay signed in = Not Enabled
Activation emails are valid for = 7 days
Enforce device binding for creating sessions = Enabled for all IdPs
Username match criteria on sign in = Enabled
Use standard AMR value format = Not Enabled

User enumeration prevention considerations

User enumeration prevention has two options: Recovery and Authentication.

Leave the Okta default where this setting and both options remain disabled. If you are considering enabling this setting, please contact Addova Support for guidance. The impact of enabling this setting is highly environment-specific.

Step 4: Protect against password-based attacks

In the Protect against password-based attacks section, click Edit.

Make sure both settings are Enabled and click Save.

Step 5: Configure Okta ThreatInsight settings

In the Okta ThreatInsight settings area, click Edit, then configure the settings as follows:

Action – Select Log and enforce security based on threat level.
Exempt Zones – Select the MSP-Okta Infrastructure zone to make sure Okta does not block critical MSPsystem services, including Deep Linking.

Click Save.