Okta Policies & Network Zones
Status: Scaffold — content in progress
Policy Types
| Policy | Controls |
|---|---|
| Sign-on policy | Which authenticators required per app, per group, per location |
| MFA enrollment policy | Which factors users can/must enroll |
| Password policy | Complexity, rotation, lockout |
| Global session policy | Session lifetime, device trust |
Network Zones
Okta Network Zones allow IP-based policy (allow/deny/require extra MFA from specific IPs).
Misconfiguration risk: Overly broad trusted zones allow bypass of MFA requirements.
Cross-Links
| Topic | Link |
|---|---|
| Okta Overview | okta-overview |
| MFA Fatigue | mfa-fatigue |