I am testing the ability to trigger MFA when authenticating from a new IP address and cannot seem to trigger it with a new IP. Any help in directing me how to ensure this is triggered would be appreciated.
Configuration:
Setup a Behavior for New IP.
Setup a Sign On Policy with the following:
- IP is Anywhere
- Authenticates via Any
- Behavior is New IP
- Risk is Any
- Access is Allowed
a. Prompt for Factor Enabled
b. Per Device
Setup a network zone with my machine’s external IP as a Gateway IP within Security → Networks.
I’m using the Okta.Auth.Sdk client to call AuthenticateAsync with the following AuthenticateOptions:
Password = userPwd
Username = okta Profile Login
XForwardedFor = the IP of my personal PC
DeviceToken = a GUID
I am able to successfully authenticate with MFA the first time through. However, when I change the XForwardedFor to another IP with all other properties unchanged MFA is not triggered. My expectation is that it would be. What may I be missing?