How well does this handle things like logging in from mobile devices? If I logged in from my desktop and later from my mobile phone I would appear to zip 350 miles because my mobile data exits the phone network 2 states and 350 miles away.
Your phone's IP address isn't related to your phone number. For IPv4 addresses it'll probably go through the closest CGNAT gateway on the phone network.
Checking geo IP services on my phone usually put me in roughly the same metro area that I'm physically in despite my area code belonging to a city hundreds of miles away. That said, I just tried a lookup on the cellular network on Maxmind and it thought I was in the next state over (a couple hundred miles off).
IP geolocation services usually aren't as great as what people think. My residential home IP had probably previously belonged to some Canadian ISP as things that would base their defaults off a detected geo IP lookup would think I was in some small town in Quebec despite living a thousand miles away. IP addresses change hands, people connect through all kinds of proxies and CGNAT gateways, location databases get old.
> Your phone's IP address isn't related to your phone number.
I'm not basing it on my phone number that's for central NC and from 10 years ago, I'm going off of the geoip and the fact that I get tons of ads or sites defaulting to Atlanta for weather or local store searches if I don't allow them more device based location data.
Not sure about Okta, but systems I've seen in the past (fraud detection etc) will quickly learn the pattern and not challenge you as often. It depends a lot on the data points the system uses to calculate risk as well as any configurable thresholds.
In this hypothetical I'm logging into the account from two different devices, one connected through the local ISP and the second on a cellular network (either through a hotspot or directly from my phone it doesn't matter). My IP for things going through the cell network get an IP that is located by GEOIP as being in Atlanta while the local ISP would locate to the RTP area of North Carolina.
I thought that now every cellular provider actually does this so when you move between networks your IP address stays the same as otherwise all your connections would break during handover; and not breaking connections is basically mandatory since voice over LTE, because voice calls now run over IP protocol too and seamless handover for voice is expected by users.
You're usually pretty heavily NAT'ed on a cellular network. Your internal IP address probably doesn't change much but external IP addresses probably change a good bit.
I am not a network guy at a cellular company, but IMO it would make more sense to use a more local gateway for outgoing connections rather than potentially routing things all the way across the country. These days people keep their number but move all over the country. It would be insane to have to route things back home every time.
