The Okta Network Zones API provides operations to manage Zones in your organization. There are two usage Zone types: Policy Network Zones and Blocklist Network Zones. Policy Network Zones are used to guide policy decisions. Blocklist Network Zones are used to deny access from certain IP addresses, locations, proxy types, or Autonomous System Numbers (ASNs) before policy evaluation.
A default system Policy Network Zone is provided in your Okta org. You can use the Network Zones API to modify the default Policy Network Zone or to create a custom Policy or Blocklist Network Zone. When you create your custom Zone, you can specify if the Zone is an IP Zone or a Dynamic Zone. An IP Zone allows you to define network perimeters around a set of IPs, whereas a Dynamic Zone allows you to define network perimeters around location, IP type, and ASNs.
okta.networkZones.read
Lists all network zones with pagination. A subset of zones can be returned that match a supported filter expression or query.
This operation requires URL encoding. For example, filter=(id eq "nzoul0wf9jyb8xwZm0g3" or id eq "nzoul1MxmGN18NDQT0g3")
is encoded as filter=%28id+eq+%22nzoul0wf9jyb8xwZm0g3%22+or+id+eq+%22nzoul1MxmGN18NDQT0g3%22%29
.
Okta supports filtering on the id
and usage
properties. See Filtering for more information on the expressions that are used in filtering.
Success
Forbidden
Too Many Requests
[- {
- "asns": [
- 23457
], - "created": "2019-08-24T14:15:22Z",
- "gateways": [
- "1.2.3.4/24"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
]
okta.networkZones.manage
Creates a new network zone.
gateways
attribute or proxies
attribute must be defined when creating a Network Zone.proxyType
, locations
, or asns
.asns | Array of strings <= 75 Format of each array value: a string representation of an ASN numeric value | ||||
Array of objects (NetworkZoneAddress) IP addresses (range or CIDR form) of this Zone. The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone. | |||||
Array of objects (NetworkZoneLocation) <= 75 The geolocations of this Zone | |||||
Array
| |||||
name | string Unique name for this Zone. Maximum of 128 characters. | ||||
Array of objects (NetworkZoneAddress) IP address (range or CIDR form) that are allowed to forward a request from gateway addresses. These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request. The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone. | |||||
proxyType | string One of: | ||||
status | string (NetworkZoneStatus) Enum: "ACTIVE" "INACTIVE" | ||||
system | boolean Indicates if this is a system Network Zone. For admin-created zones, this is always | ||||
type | string (NetworkZoneType) Enum: "DYNAMIC" "IP" | ||||
usage | string (NetworkZoneUsage) Enum: "BLOCKLIST" "POLICY" |
Success
Bad Request
Forbidden
Too Many Requests
{- "asns": [
- 23457
], - "gateways": [
- "1.2.3.4/24"
], - "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST"
}
{- "asns": [
- 23457
], - "created": "2019-08-24T14:15:22Z",
- "gateways": [
- "1.2.3.4/24"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.networkZones.read
Retrieves a network zone by zoneId
Success
Forbidden
Not Found
Too Many Requests
{- "asns": [
- 23457
], - "created": "2019-08-24T14:15:22Z",
- "gateways": [
- "1.2.3.4/24"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.networkZones.manage
Replaces a network zone by zoneId
. The replaced network zone type must be the same as the existing type.
You may replace the usage (POLICY
, BLOCKLIST
) of a network zone by updating the usage
attribute.
asns | Array of strings <= 75 Format of each array value: a string representation of an ASN numeric value | ||||
Array of objects (NetworkZoneAddress) IP addresses (range or CIDR form) of this Zone. The maximum array length is 150 entries for admin-created IP zones, 1000 entries for IP blocklist zones, and 5000 entries for the default system IP Zone. | |||||
Array of objects (NetworkZoneLocation) <= 75 The geolocations of this Zone | |||||
Array
| |||||
name | string Unique name for this Zone. Maximum of 128 characters. | ||||
Array of objects (NetworkZoneAddress) IP address (range or CIDR form) that are allowed to forward a request from gateway addresses. These proxies are automatically trusted by Threat Insights, and used to identify the client IP of a request. The maximum array length is 150 entries for admin-created zones and 5000 entries for the default system IP Zone. | |||||
proxyType | string One of: | ||||
status | string (NetworkZoneStatus) Enum: "ACTIVE" "INACTIVE" | ||||
system | boolean Indicates if this is a system Network Zone. For admin-created zones, this is always | ||||
type | string (NetworkZoneType) Enum: "DYNAMIC" "IP" | ||||
usage | string (NetworkZoneUsage) Enum: "BLOCKLIST" "POLICY" |
Success
Bad Request
Forbidden
Not Found
Too Many Requests
{- "asns": [
- 23457
], - "gateways": [
- "1.2.3.4/24"
], - "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST"
}
{- "asns": [
- 23457
], - "created": "2019-08-24T14:15:22Z",
- "gateways": [
- "1.2.3.4/24"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.networkZones.manage
Deletes network zone by zoneId
No Content
Forbidden
Not Found
Too Many Requests
{- "errorCode": "E0000006",
- "errorSummary": "You do not have permission to perform the requested action",
- "errorLink": "E0000006",
- "errorId": "sampleNUSD_8fdkFd8fs8SDBK",
- "errorCauses": [ ]
}
okta.networkZones.manage
Activates a network zone by zoneId
Success
Forbidden
Not Found
Too Many Requests
{- "asns": [
- 23457
], - "created": "2019-08-24T14:15:22Z",
- "gateways": [
- "1.2.3.4/24"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}
okta.networkZones.manage
Deactivates a network zone by zoneId
Success
Forbidden
Not Found
Too Many Requests
{- "asns": [
- 23457
], - "created": "2019-08-24T14:15:22Z",
- "gateways": [
- "1.2.3.4/24"
], - "id": "string",
- "lastUpdated": "2019-08-24T14:15:22Z",
- "locations": [
- {
- "country": "US",
- "region": "US-CA"
}
], - "name": "newNetworkZone",
- "proxies": [
- "1.2.3.4/24"
], - "proxyType": "ANY",
- "status": "ACTIVE",
- "system": true,
- "type": "IP",
- "usage": "BLOCKLIST",
- "_links": {
- "self": {
- "hints": {
- "allow": [
- "DELETE"
]
}, - "href": "string",
- "name": "string",
- "type": "string"
}
}
}