ThreatInsight

Okta ThreatInsight maintains a constantly evolving list of IPs that exhibit suspicious behaviors suggestive of malicious activity. Authentication requests associated with an IP in this list can be logged in System Log and blocked. The Okta ThreatInsight Configuration API provides operations to manage your ThreatInsight configuration.

In order to prevent abuse, Okta ThreatInsight works in a limited capacity for free trial editions. Please contact Okta support if fully functional Okta ThreatInsight is required.

Retrieve the ThreatInsight Configuration
OAuth 2.0: okta.threatInsights.read

Retrieves current ThreatInsight configuration

Responses
200

Success

403

Forbidden

429

Too Many Requests

get/api/v1/threats/configuration
Request samples
Response samples
application/json
{
  • "action": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "excludeZones": [
    • "string"
    ],
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "_links": {
    • "self": {
      }
    }
}

Update the ThreatInsight Configuration
OAuth 2.0: okta.threatInsights.manage

Updates ThreatInsight configuration

Request
Request Body schema: application/json
action
string
excludeZones
Array of strings
Responses
200

Success

400

Bad Request

403

Forbidden

429

Too Many Requests

post/api/v1/threats/configuration
Request samples
application/json
{
  • "action": "string",
  • "excludeZones": [
    • "string"
    ]
}
Response samples
application/json
{
  • "action": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "excludeZones": [
    • "string"
    ],
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "_links": {
    • "self": {
      }
    }
}