The Network Zones API provides operations to manage system default and custom zones in your Okta org. Network Zones are configurable boundaries that you can use to grant or restrict access to resources in your organization. They're used for two purposes:
POLICY
: Network Zones used to guide policy decisionsBLOCKLIST
: Network Zones used to deny access from certain IP addresses, locations, Autonomous System Numbers (ASNs), proxy types, or IP service categories before policy evaluationNote: The Network Zone blocklist applies to all URLs for the org.
See Network zones in the Okta product documentation.
Your Okta org provides the following default system Network Zones that you can modify and use:
LegacyIpZone
: The system default IP Network ZoneBlockedIpZone
: The system default IP Blocklist Network ZoneDefaultEnhancedDynamicZone
: The system default Enhanced Dynamic Network ZoneYou can create and use the following custom Network Zones:
IP
): Allows you to define network perimeters around a set of IPsDYNAMIC
): Allows you to define network perimeters around location, IP type, or ASNsDYNAMIC_V2
): Extends the Dynamic Network Zone and allows you to include or exclude specific locations, ASNs, or IP service categoriesNotes:
- To create multiple Network Zones, you must have Adaptive MFA enabled in your Okta org.
- Enhanced Dynamic Network Zones is a self-service Early Access (EA) feature. You must enable Enhanced Dynamic Network Zones in your Org settings to access this API. See Manage Early Access and Beta features.
okta.networkZones.read
Lists all Network Zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
This operation requires URL encoding. For example, filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")
is encoded as filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29
.
Okta supports filtering on the id
and usage
properties. See Filtering for more information on the expressions that are used in filtering.
Success
Forbidden
Too Many Requests
[- {
- "type": "IP",
- "id": "nzowc1U5Jh5xuAK0o0g3",
- "name": "MyIpZone",
- "status": "ACTIVE",
- "usage": "POLICY",
- "created": "2021-06-24T20:37:32.000Z",
- "lastUpdated": "2021-06-24T20:37:32.000Z",
- "system": false,
- "gateways": [
- {
- "type": "CIDR",
- "value": "1.2.3.4/24"
}
], - "proxies": [
- {
- "type": "RANGE",
- "value": "3.3.4.5-3.3.4.15"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
]
okta.networkZones.manage
Creates a Network Zone
gateways
or proxies
.asns
, locations
, or proxyType
.asns
, locations
, or ipServiceCategories
.Success
Bad Request
Forbidden
Too Many Requests
{- "type": "IP",
- "name": "newNetworkZone",
- "gateways": [
- {
- "type": "CIDR",
- "value": "1.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "2.3.4.5/24"
}
], - "proxies": [
- {
- "type": "CIDR",
- "value": "2.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "3.3.4.5/24"
}
]
}
{- "type": "IP",
- "id": "nzowb8T5Jh5xuAJ0o0g7",
- "name": "newNetworkZone",
- "status": "ACTIVE",
- "usage": "POLICY",
- "created": "2021-08-09T21:32:01.000Z",
- "lastUpdated": "2021-08-09T21:32:01.000Z",
- "system": false,
- "gateways": [
- {
- "type": "CIDR",
- "value": "1.2.3.4/24'"
}, - {
- "type": "CIDR",
- "value": "2.3.4.5/24"
}
], - "proxies": [
- {
- "type": "CIDR",
- "value": "2.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "3.3.4.5/24"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
okta.networkZones.read
Retrieves a Network Zone by zoneId
Success
Forbidden
Not Found
Too Many Requests
{- "type": "IP",
- "id": "nzowc1U5Jh5xuAK0o0g3",
- "name": "MyIpZone",
- "status": "ACTIVE",
- "usage": "POLICY",
- "created": "2021-06-24T20:37:32.000Z",
- "lastUpdated": "2021-06-24T20:37:32.000Z",
- "system": false,
- "gateways": [
- {
- "type": "CIDR",
- "value": "1.2.3.4/24"
}
], - "proxies": [
- {
- "type": "RANGE",
- "value": "3.3.4.5-3.3.4.15"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
okta.networkZones.manage
Replaces a Network Zone by zoneId
. The replaced Network Zone type must be the same as the existing type.
You can replace the usage (POLICY
, BLOCKLIST
) of a Network Zone by updating the usage
attribute.
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "type": "IP",
- "id": "nzovw2rFz2YoqmvwZ0g9",
- "name": "UpdatedNetZone",
- "status": "ACTIVE",
- "system": false,
- "usage": "POLICY",
- "gateways": [
- {
- "type": "CIDR",
- "value": "10.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "12.2.3.4/24"
}, - {
- "type": "RANGE",
- "value": "13.4.5.6-13.4.5.8"
}, - {
- "type": "CIDR",
- "value": "14.2.3.4/24"
}
], - "proxies": [
- {
- "type": "CIDR",
- "value": "12.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "13.3.4.5/24"
}, - {
- "type": "RANGE",
- "value": "14.4.5.6-14.4.5.8"
}, - {
- "type": "RANGE",
- "value": "15.5.6.7/24-15.5.6.9"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
{- "type": "IP",
- "id": "nzovw2rFz2YoqmvwZ0g9",
- "name": "UpdatedNetZone",
- "status": "ACTIVE",
- "usage": "POLICY",
- "created": "2022-05-08T18:25:05.000Z",
- "lastUpdated": "2022-05-10T13:15:22.000Z",
- "system": false,
- "gateways": [
- {
- "type": "CIDR",
- "value": "10.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "12.2.3.4/24"
}, - {
- "type": "RANGE",
- "value": "13.4.5.6-13.4.5.8"
}, - {
- "type": "CIDR",
- "value": "14.2.3.4/24"
}
], - "proxies": [
- {
- "type": "CIDR",
- "value": "12.2.3.4/24"
}, - {
- "type": "CIDR",
- "value": "13.3.4.5/24"
}, - {
- "type": "RANGE",
- "value": "14.4.5.6-14.4.5.8"
}, - {
- "type": "RANGE",
- "value": "15.5.6.7/24-15.5.6.9"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
okta.networkZones.manage
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.networkZones.manage
Activates a Network Zone by zoneId
Success
Forbidden
Not Found
Too Many Requests
{- "type": "IP",
- "id": "nzowc1U5Jh5xuAK0o0g3",
- "name": "MyIpZone",
- "status": "ACTIVE",
- "usage": "POLICY",
- "created": "2021-06-24T20:37:32.000Z",
- "lastUpdated": "2021-06-24T20:37:32.000Z",
- "system": false,
- "gateways": [
- {
- "type": "CIDR",
- "value": "1.2.3.4/24"
}
], - "proxies": [
- {
- "type": "RANGE",
- "value": "3.3.4.5-3.3.4.15"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "deactivate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}
okta.networkZones.manage
Deactivates a Network Zone by zoneId
Success
Forbidden
Not Found
Too Many Requests
{- "type": "IP",
- "id": "nzowc1U5Jh5xuAK0o0g3",
- "name": "MyIpZone",
- "status": "INACTIVE",
- "usage": "POLICY",
- "created": "2021-06-24T20:37:32.000Z",
- "lastUpdated": "2021-06-24T20:37:32.000Z",
- "system": false,
- "gateways": [
- {
- "type": "CIDR",
- "value": "1.2.3.4/24"
}
], - "proxies": [
- {
- "type": "RANGE",
- "value": "3.3.4.5-3.3.4.15"
}
], - "_links": {
- "self": {
- "hints": {
- "allow": [
- "GET",
- "PUT",
- "DELETE"
]
}
}, - "activate": {
- "hints": {
- "allow": [
- "POST"
]
}
}
}
}