We are a uni, and we are facing the following problem (and I am looking for suggestions).
We have been having bot attack / log in attempts (specifically China). Our AD system is set to lock an account out after 3 failed attempts.
OKTA can prevent someone from login from a specific geographical location BUT it applies the rule only after the user has successfully provided a correct username and password.
In our case, that means that the bots try various passwords (which are wrong) and on the third attempt the account is locked.
Prior to getting OKTA, we used ADFS to connect our inhouse AD servers to Office365, now we do it via OKTA (if we still had ADFS, this could have been a solution: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-lockout-protection).
Because I had Chinese students, I cannot blacklist the whole country (which was suggested).
Any other Uni admins outthere that have similar problems and how they went about overcoming them?