Allow "Deny" access to behavior based sign on policies

Allowing “Deny” access would assist in stopping brute force/password spray attacks by denying attackers access if certain behavioral conditions are met such as impossible velocity.

Currently when you attempt to select “Deny” access on a behavioral sign-on policy, it will error out saying that this feature cannot be enabled at this time.

Denying Access based off of behavioral detection is not one of the actions that can be taken in the sign on policy rule.

Hey Erik,

Thanks for your response. That was the reason for my posting - I wanted to suggest this to be a feature that could be used. In case of a certain behavior detection such as impossible velocity, this feature could block the request at pre-authentication and stop the attacker from being able to get to the Okta tenant and attempting to login.