Identity Threat Protection with Okta AI
…now Generally Available
A matter of Identity Security
In today’s increasingly cloud-based world, Identity is the first, and in many cases, only persistent fingerprint enabling a user’s access to assets in the organization. As the control plane, Identity spans across the enterprise IT tech stack and intersects the data or access planes of device, network, and application. So it’s no wonder Identity is an attractive and common target for attack and compromise.
According to the OWASP Top 10, “Broken Access Control” was the top security risk to web applications, with 94% of applications tested for broken access controls in some form. The attack vector here has evolved over time, with token theft and replay becoming an increasingly common threat vector, especially deployed by Advanced Persistent Threat (APT) actors. Organizations with more sophisticated access verification controls need to be wary of this threat. Some of MITRE’s top attack Tactics, Techniques and Procedures (TTPs) for establishing initial access, persistence, executing lateral movement, or privilege escalation in modern environments involve either the compromise of Identity (social engineering, credential brute force, etc.) or targeting the Identity (phishing, business email compromise (BEC)). Attackers rarely employ a single method to achieve their objectives.
Threat actors show increasing proficiency and willingness to launch multi-stage attacks, backed through systematic reconnaissance, that leverage lay-of-the-land techniques and sophisticated tools (a thriving cottage industry of modern SaaS now powered by AI). The stakes are high — Identity Security has a material impact on the bottom line and enduring shareholder value. Last year, the U.S. Securities and Exchange Commission (SEC) adopted the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule that requires publicly traded companies to disclose material cybersecurity incidents and their cybersecurity risk management, strategy, and governance mechanisms to safeguard investors and markets.
Okta’s mission to safely enable everyone to use any technology has never been more relevant. In the Okta Secure Identity Commitment released earlier this year, we publicly recognized our responsibility to power every Identity use case in a secure framework that safeguards these identities. We believe Identity Threat Protection with Okta AI is an important weapon in the defensive armory that meets many of the security needs of our full spectrum of customers, with a primary focus on continuous protection. We’re excited to announce that Identity Threat Protection with Okta AI is now generally available. This is a seminal moment, with many firsts for the industry. Keep reading to learn more.
Identity Security through the lens of ITDR: The Need for Identity Threat Protection with Okta AI
Identity Threat Detection & Response (ITDR) is often considered the vanguard in Identity Security. First coined in 2022, Gartner defines ITDR as a “discipline,” an IT security operation that organizations fund to safeguard themselves from the expanding landscape of attacks on identities. The goals of ITDR are broadly understood to be:
- Continuous monitoring and analysis of user activity in an organization
- Detection of anomalous activity representing attack behavior
- Availability of appropriate response measures to achieve remediation that secures Identity and data
- Enable threat investigation supporting Incident Response to determine the scoping, containment and eviction of detected threats and threat actors
According to a recent Gartner press release, by 2026 90% of all enterprise organizations will have some embedded product unifying their approach to achieving the goals of ITDR.
While the objectives of ITDR are fairly universal, the activity underpinning these goals has evolved along with the ever-changing IT and security landscape. Thus far, Identity Security has focused on safeguarding the authentication ceremony.
With the cryptographic assurance of Okta Verify FastPass, security at authentication can be considered a technologically solved problem.
Attacker behavior seems to validate this premise: A recent study by our Data Science team indicated that adopting Okta Verify FastPass directly correlated to a reduced risk of compromised identities.
However, attackers follow the principles of least effort.
If the bar for security at the authentication ceremony is too high, attackers will seek to compromise other facets of the enterprise surface. In a world where compromising identities at authentication becomes an increasingly difficult cryptographic challenge, post-authentication ceremonies become a more attractive area for focussing attack. Recent data indicates that token theft, manipulation, and replay have become increasingly interesting areas for exploitation. Spycloud recently shared that they had managed to recapture 1.87 billion session cookie malware records tied to Fortune 1000 employees in 2022. (The total number of session cookie records recaptured was nearly 22 billion.) The nature of token theft as an attack TTP requires compromise of another threat surface (OS, device, browser, etc.) to pivot to the Identity threat surface for compromise. This is a metaphor for the nature of security and the broader attack pattern developing today: Pivoting from less secure threat surfaces in a cloud-based world.
A customer may do everything right and deploy the strongest forms of authentication, yet Identity will only be as strong as the weakest intersecting threat surface among network, device, OS, browser and application. It’s this need that Identity Threat Protection seeks to meet. It’s an enduring need: We believe that, as the world quickly evolves towards new human-machine planes of interaction and modalities of productivity, financial exchange, and information consumption, identities will always need continuous protection, for instance: at on-ramps, as well as at the intersection of these potential threat surfaces. The enduring focus of Identity Threat Protection will, therefore, be:
- To meet and secure customers where they are, irrespective of their stage of maturity
- To offer tools for triaging their security posture as part of (Identity) security operations
- To evolve with the latest technological innovations and attack patterns by using the latest technologies and insights to protect customers at all levels of the maturity curve
While ITDR may always remain a discipline, Identity Threat Protection with Okta AI attempts to unify that discipline with an armory of detection and response tools for customers with every security posture.
Keeping the above long-term focus in perspective, Identity Threat Protection at GA attempts to offer resolutions to the following issues today:
- Dissolve the fragmented view of Identity Security across multiple threat surfaces
- Improve control and visibility over access post-authentication
- Enable manual decentralized identity threat responses from holistic risk signals
- Balance user friction and productivity with security
Let’s see how the product achieves these goals.
What is Identity Threat Protection with Okta AI?
Identity Threat Protection is an ITDR platform that enables continuous protection for all your users. It achieves this by
- Leveraging a powerful risk engine, which uses AI/machine learning (ML) techniques, geared to deliver detections for the entire spectrum of Identity attack TTPs
- Seamlessly integrating the risk engine to work with the rest of your security stack, feeding the deepest and richest integrations into a powerful detection suite, reflecting Identity risk from across the security vendor ecosystem
- Deepening the policy evaluation story to ensure access is assessed continuously and is always current with environment variables governing access at every point in time
- Enabling class-leading actions to react to threats inline and in real-time
- Offering a comprehensive reporting and eventing framework that allows you to gather a high-level snapshot of the Identity risk/threat posture and dive deep to perform threat investigations when necessary.
Six feature areas describe the breadth of Identity Threat Protection:
- Continuous Risk Evaluation
- Shared Signals (Framework) Pipeline
- Continuous Policy Evaluation
- Precision Risk Response
- Observability & Insights
- Feedback Pipeline
Let’s take a look at these feature areas to understand the functionality and value better.
Continuous Risk Evaluation
Risk at Okta is defined as the probability of compromise. It’s classified into a tristate risk level: low, medium, or high. In Adaptive multi-factor authentication (MFA), risk is calculated at the point of authentication. This is commonly known as login risk.
With Identity Threat Protection, Okta introduces the concept of session risk. Okta’s risk engine evaluates every request post-authentication. It checks for changes in IP (zone) and device context. Okta Verify FastPass enables the device signal collection when a request is sent to Okta and periodically thereafter as well. If change or regression to the security state provided at login is discovered in a device, risk and behavior are re-calculated to achieve concurrency with this context.
Here, we must note that, even before we introduced Identity Threat Protection, Okta Verify depended on native signal collection and integration with two of the top device protection offerings in the industry. Okta Verify can ingest CrowdStrike risk scores and Windows Security Center signals to augment the device posture available for policy. CrowdStrike provides endpoint security and threat intelligence, integrating with Okta to detect and respond to threats targeting endpoints.
This integration helps protect devices from malware, ransomware, and other advanced threats by leveraging real-time threat intelligence and automated response capabilities. Windows Security Center offers virus and threat protection, account protection, firewall and network protection, app and browser control, device performance and health, and more, for Windows devices. With Identity Threat Protection, this is now made available for authentication policy re-evaluation. (We delve more into policy re-evaluation in the section: “Continuous Policy Evaluation with Precision Risk Response.”
To reduce inaccuracies in risk assertions and enable the risk engine to evolve faster than the attacker, Identity Threat Protection employs advanced heuristics and patent-pending ML to thwart session compromise. Environmental (IP/device) variables are evaluated against known good behavior and the request is assessed for evidence of indicators of compromise (IOC).
Session risk not only helps identify session hijacking behavior but also undesired behavior occurring in the organization that was not evident thus far, but can now help resolve policy and assurance inconsistencies, triggering remediation & better security posture and outcomes.
There is a case to be made for attack patterns that have a blast radius beyond the scope of an Okta access session. For instance, attempting persistence or brute forcing access to Okta or an app have ramifications that go beyond a session in time. To scope and remediate such attacks, Okta introduced entity risk. Since the user is the first entity we support risk evaluation for, this is also sometimes termed entity user risk. At GA, Identity Threat Protection supports the following natively curated entity user risk detections:
- Entity Critical Action From High Threat IP: to detect an attacker’s attempts to achieve persistence
- Suspicious App Access: to detect an attacker’s attempt to harvest app session cookies
- Suspicious Brute Force attack: to detect MFA brute force attacks to gain strong, authentication-based access into the organization
- Okta Threat Intelligence: to detect sophisticated threat actor activity or the use of phishing infrastructure to orchestrate attacks
Identity Threat Protection also supports crowdsourcing attacker activity with options for an admin or an end user to report risk and unknown access behavior into the system.
But the product scope doesn’t end there. Entity Risk also scopes the reflection of an attack on other threat surfaces (i.e.: device, network, application) as it pertains to the identity.
The objective of Entity Risk is, therefore, not just to detect attacks beyond the scope of an access session but also ensure that organizations using best-of-breed security providers don’t suffer from their security products operating in silos that result from single-dimensional, myopic definitions of threat.
Entity Risk as a concept also differentiates from Session Risk by scope and by being more stateful and multidimensional. Thus, it serves as a closer reflection of the true probability of compromise as it pertains to the user.
Entity Risk’s multi-dimensionality aims to hinder sophisticated threat actors from laterally moving (pivoting) off threat surfaces at will. This value is delivered through the Shared Signals Pipeline.
Shared Signals Framework Pipeline
Here, we go a step further. In the Session Risk and IP/device context change paradigm, the risk detection mechanism extends only as far as the user interacts with Okta (either directly with the authentication, token, or other Okta endpoint or indirectly, with Okta Verify) within the scope of a session. But, with current advanced persistent threat attack patterns and the nature of multi-stage attacks, we needed to consistently detect attacks beyond the scope of the session, with Entity Risk detections. Entity Risk detections, powered by a mixture of native detections and a Shared Signals Framework (SSF) Pipeline integration with security vendors protecting other threat surfaces, can weed out Identity-based attacks sourced from intersecting, non-Identity threat surfaces.
Today, a typical SSO environment is replete with long-lived tokens and session cookies. Therefore, interactions with the Identity provider can be few and far between.
The idea behind the SSF) Pipeline was based on the principle that security products protecting any threat surface should be able to make holistic risk determinations based on indicators of compromise seen on all intersecting threat surfaces.
The objective, therefore, was to leverage Indicators of Compromise (IoCs) and risk developed on other threat surfaces intersecting with Identity to offer a holistic risk on the entity (user). The security partnership that evolved was one of equals between security events providers and Okta, with each participant benefitting from the ecosystem thus created. Each security events provider, including Okta, can instantiate an SSF transmitter and receiver pair and exchange signals based on an open standard ratified by the Open IDentity Foundation’s Shared Signals working group, called Continuous Access Evaluation profile.
CAEP operates within a constrained pub-sub model that enables the continuous publication of (risk/IOC) events as they occur, thus aligning with the goals of truly “continuous protection.”
Today, Okta offers integrations using SSF-CAEP that allows signal intelligence sharing with security event providers that are premier names in their practice areas. These include Cloudflare, Jamf, Palo Alto Networks, Rubrik, SGNL, Zimperium, and Zscaler. We’ve taken care to ensure these partners cover a good balance of threat surfaces (XDR, CASB/ZTNA/SASE, UEM, etc.).
Heroes wear a CAEP!
Identity Threat Protection is as much a product as it is an experiment in healthy capitalism. It’s proof that security companies can come together successfully and build a product that benefits customers, so the whole is greater than the sum of individual parts. In fact, while Jamf was the first partner to announce integration as a CAEP transmitter with Okta as a CAEP receiver, the idea has built enough momentum for Apple Business Manager to also announce support for this ecosystem. Okta is the first CAEP transmitter partner to announce support for Identity security context exchange with Apple Business Manager via CAEP-SSF. Many of Okta’s CAEP transmitter partners have also expressed interest in consuming our CAEP receiver signals. Customers with large Identity footprints have also expressed interest in onboarding in-house curated intelligence signals to SSF so that Entity Risk in their Okta-tenanted organization benefits from this integration. We welcome these developments. An interconnected, best-of-breed world powered by a heterogeneous security stack enables a far more secure landscape, and we’re happy to play our humble part in it.
Building out a Shared Signals Framework platform has unleashed incredible synergy. The best part is that customers now have a powerful response to sophisticated threat activity with minimal integration cost.
Shared Signals and Events, with CAEP in Identity Threat Protection with Okta AI, has unleashed hundreds of detections across all enterprise threat surfaces leveraged to protect Identities across diverse IT ecosystems, enabling protection for a variety of use cases. It’s so powerful to think that this is just the beginning.
Here are some of those use cases.
Apple Business Manager
Device Management and Compliance: Apple Business Manager integrates with Okta to manage Apple devices across an organization. This helps enforce security policies, manage device configurations, and ensure compliance with organizational standards.
Cloudflare
Security Service Edge (SSE): Cloudflare’s SSE platform helps organizations secure access, defend against threats, and protect data with Zero Trust principles. By integrating with Okta, organizations can enforce Identity-based access controls for every request across web, private, and SaaS applications, ensuring only authorized users can reach protected resources.
Jamf
Mobile Device Security: Jamf secures Mac and mobile devices, providing threat detection and response for threats like malware, known vulnerabilities, risky applications, vulnerable OS versions, and more. With Jamf and Okta, only compliant devices can access corporate resources, avoiding unauthorized access.
Netskope
Cloud Security and Data Protection: Netskope One integrates with Okta to provide insights and control over the core components of an SSE architecture. It helps protect sensitive data by monitoring cloud app usage and enforcing data protection policies. This integration enhances visibility into cloud activities and helps mitigate risks associated with cloud services to extend the Zero Trust perimeter with Okta's Network Zones and the Netskope NewEdge network.
Palo Alto Networks
Network and Cloud Security and Threat Detection: Palo Alto Networks’ Cortex XSIAM integrates with Okta to provide advanced threat detection and automated response across the network. This helps detect and respond to sophisticated cyberthreats, ensuring comprehensive network security. Furthermore, the Cortex ITDR solution delivers additional value with Okta to identify advanced insider threat capabilities.
Rubrik
Data Security: Rubrik Security Cloud, a data security platform that delivers complete cyber resilience across enterprise, cloud, and SaaS, integrates with Okta to help customers proactively detect changes to users' sensitive data access risk levels and automate remediation.
SGNL
Access Control and Governance: SGNL provides access control solutions that integrate with Okta to enforce granular access policies and governance rules. This helps ensure that only authorized users have access to sensitive information and systems, reducing the risk of unauthorized access.
Zimperium
Mobile Threat Defense: Mobile Threat Defense (zIPS) monitors and protects mobile devices against advanced threats, including malware and network attacks. This integration ensures mobile devices accessing corporate resources are secure and compliant with security policies.
Zscaler
Internet Security, Threat Prevention, and Lateral Movement: Zscaler Deception uses decoy systems and data to provide high-fidelity early detection of targeted attacks and insider threats. It integrates seamlessly with Okta, sharing detailed attack signals with Okta. This integration enables real-time adaptive access controls, effectively mitigating the risks of lateral movement within the network.
Continuous Policy Evaluation with Precision Risk Response
Continuous Risk Evaluation represents only half the value of continuous protection. Continuous Risk Evaluation is coupled with Continuous Policy Evaluation to deliver the multifold benefit of continuous protection. Policy evaluated thus stands to accrue benefits at multiple tiers.
- The primary tier is the continuous evaluation of Global Session Policy (GSP). In the Identity Threat Protection paradigm, GSP constructs (policy rules) determining the creation of Okta SSO sessions ensure the sessions are protected from GSP violation, even after session issuance. It enables constraining action enforcement post-authentication, even if Authentication Policy requirements (on a particular app. associated with the Okta session) were met. This offers customers yet another layer of defense, ensuring policy gaps and misconfiguration do not become a reason for regression in security posture and authentication assurance.
- Both the GSP and Authentication Policy are evaluated for each request and throughout the lifetime of session context.
- Authentication Policy is evaluated not just for the app in a request, but for all apps linked to the Okta session associated with the request.
- If a change in session context is determined without a request at an Okta endpoint, it’s because such change is spawned from the continuous polling by Okta Verify on the endpoint. Okta Verify is continuously monitoring for changes in device context. In this situation, all policy rules for all apps associated with all sessions linked to the device ID are evaluated.
- Entity Risk Policy is a new policy type introduced within the Okta policy framework. While GSP and Authentication Policy \focus on the Okta session and the application accessed, respectively, Entity Policy focuses on Identity. Identity is the subject. Policy rules configured in Entity Policy are event triggered, meaning: they run automatically as soon as Entity Risk is detected. This, along with the depth of reevaluation in GSP and Authentication Policy, sets a new benchmark for “continuous protection.”
The scale execution of this multi-stage policy evaluation architecture is truly breathtaking and unique to Identity Threat Protection and Okta. This is a true first for the industry. While the magnitude of policy evaluation is, indeed, dictated by the events (entity risk, change in IP, device context, session risk, and behavior) triggering their evaluation, they can only be as effective as the actions configured in them.
Identity Threat Protection offers class-leading and extensible options for Post auth sessions to GSP and Authentication Policy re-evaluation and Entity Risk Policy evaluation.
- To counter the immediate threat of session hijacking, inline MFA or verification is supported as a remediating action for all failures in GSP and Authentication Policy rule re-evaluation. This merely enforces an action already configured by customers in their GSP / Authentication Policy. The action in these policies was scoped for the conditional issuance of an Okta session or app access, and in the case of Authentication Policy, governed by strict session conditions (triggered at every resource sign-on, fixed time periods, or upon expiry of the Okta session). With Identity Threat Protection, it’s now enforced as a verification step thus ensuring validation of any changes recorded during the lifetime of the session.
Okta was one of the first to announce in-line protection for token theft, and now goes one step further, wherein an MFA intercepting session hijacking, when determined as abandoned, results in the revocation of the Okta SSO session cookie, thus forcing reauthentication of all access in token theft scenarios.
- In certain scenarios, a change in session context can trigger Continuous Policy Evaluation, even without a request at the Okta endpoint. For instance, when Okta Verify polls for device signals periodically, Okta may determine a change in device context asynchronously (out-of-band) and trigger policy reevaluation. In such cases, triggering MFA is not the appropriate action because there is no request to trigger MFA on and no sign-in-widget on which to request verification. In such and other scenarios, Identity Threat Protection offers the unique ability to trigger an action called “Universal Logout” that helps constrain access immediately, even if out-of-band.
The ability to take inline, realtime action constraining access through out-of-band signals is an important product differentiator for Identity Threat Protection.
- Universal Logout is a path-breaking feature and another first in the industry. Okta is driving the industry to work towards a world where constraining access is achieved at its fullest depth. In this world, there are no orphaned artifacts allowed and the chain of authorization inheritance is honorably dismantled in the same way that it’s established. Okta’s standards body paved the way to a new standard in Global Token Revocation.
About a decade or so ago, Okta became the first cloud Identity provider in the industry to offer SSO or “Universal Login.” With Identity Threat Protection, Okta is the first to offer Universal Logout across all devices and supported apps.
A first step towards adopting this concept was to get top apps to adopt the Universal Logout charter. Since announcing Early Access, we have expanded our coverage considerably, along with the development of the standard. With Identity Threat Protection now Generally Available, we’re happy to announce Universal Logout support for Box, Dropbox for Business, Microsoft Azure, Microsoft Defender for Cloud, Microsoft Defender for Endpoint, Microsoft Defender for O365, Microsoft Dynamics 365, Microsoft O365, Microsoft Power BI, Microsoft Power Platform and Visual Studio, Microsoft Sentinel, Microsoft SQL Server Mgmt Studio, Google Cloud Platform, Google Workspace, Pagerduty, Salesforce, Slack, Zendesk, Zoom, and Surf Security (All Microsoft apps support partial logout. They do not yet support invalidation of app. session cookies. Surf Security support rolls out on August 14th, 2024.)
- While the Universal Logout functionality under the hood fuels the logout action offered in “Post-Auth Actions” as well as “Entity Risk Policy,” we offer intelligent scoping of logout and map the blast radius of the action based on the blast radius of the type of risk involved. So, while Entity Risk Policy supports the full depth of Universal Logout, Post-Auth Actions ensures the logout action supports revocation of only the relevant apps and Okta session under consideration. (For a detailed treatment of this, please refer to Universal Logout revocations.)
- Actions in Identity Threat Protection also support extensibility into your incident management and IT operations. Identity Threat Protection seamlessly integrates with Workflows so that you can now integrate and automate your team’s response activities and processes, and achieve faster and better security outcomes. Workflows’ native integration implies that you can initiate a workflow from one or all of the following triggers.
- React to change in IP or device context, session risk, and/or behavior evaluation
- Pivot off entity risk detection
- Natively integrate workflows as an action for post-auth session outcomes or in entity risk policy
To achieve outcomes across over 50 applications leveraging over 100 actions, Workflows with Identity Threat Protection offers comprehensive options towards the promise of Identity Threat Response.
Observability and Insights with Feedback Pipeline
Another aspect of response is supporting day-to-day IT-security operations. Identity Threat Protection couples rich reporting dashboards and admin dashboard widgets that advise product deployment and ensure security admins have
- The ability to maintain data-based snapshots of the risk to Identities in their environment,
- A view of the regression in post-authentication security posture, and the security performance of policy configuration throughout the lifetime of access for the user base
- Data to drive action to mitigate risk manually or via policy
- A way to provide feedback to the system so Identity Threat Protection becomes more attuned to the organization’s and users’ behavior over time.
The admin journey starts with widgets in the dashboard offering a bird’s eye view of session violations, entity user risk, and policy performance.
From there, customers can drill down into any particular area of interest via three reports.
- The Session Violations Report focuses on reporting changes seen in an authorized Okta session as reported via requests received against that session and context changes detected by Okta Verify. Here, a customer can also validate how the policy response established to secure the environment performs against these changes. There’s information to deep dive into the type of risk that develops around certain changes and the mitigating actions that can be established to thwart potential malicious activity. This is where an admin can determine detection and response to attacks, such as session hijacking. Here’s a peek into how this experience looks.
- Next, we offer two reports around Entity Risk. The At-Risk Users report offers a ready reckoner for (entity) risky users in the organization. The Entity Risk Report dives deeper into
- The types and frequency of entity risk detected
- What policy rules intercept these risk detections and those that continue to escape
Identity Threat Protection also allows the Identity admin to drill down on the risk developed. The Directory → People → User → {User} page will now show an additional “Risk” tab dedicated to covering risk accrued by the user. Here, an admin can
- Look at all risky activity over the past seven days associated with the user and changes seen in terms of IP/location, device context, and behavior.
- Drill-down via system log for relevant data surrounding an assertion for session context or entity risk detected.
- Offer feedback to the system so Okta can fine-tune risk assertions to be more relevant to the organization over time.
- Choose to modify user risk based on external sources not integrated with Okta (also available in API).
- Manually revoke access using Universal Logout.
Conclusion
And there you have it. It's hardly a wrap, though, because we’re just getting started. We’re immensely proud of this product and excited about the unique value it delivers.
We hope using this product helps you
- Safeguard against common Identity threats, including post-authentication attacks, like in-line session hijacking protection leveraging Okta AI.
- Empower your existing best-of-breed security stack and dissolve security silos with holistic security via entity risk, powered by a mesh of shared signal intelligence and supported by an open standards framework.
- Leverage the ability to revoke access to all/specific apps immediately, manually or via policy orchestration.
- Arm your organization from sophisticated, multi-stage attacks involving identities that span across threat surfaces with
- protect single sign-on (SSO) mechanisms with authentication assurance enforcement throughout the lifetime of the Okta session.
- Ensure the app access assurance required by policy at login is enforced continuously for all apps for the duration of access and not just for apps subject to CAEP or the app in an SSO request.
- Detections for persistence, privilege escalation, and lateral movement: MFA Brute Force, App Brute Force, Critical Actions by a User/Admin, and more, coupled with hundreds of third-party detections across every threat surface.
- Benefit from Okta-powered Threat Intelligence tracking sophisticated threat infrastructure and their latest TTPs.
- Daisy-chain entity user risk across Identity providers or manually elevate a user’s risk based on your security-operations-determined intelligence.
- Leverage Okta Verify monitoring changes in end-user device context so your users’ sessions are protected, even when not interacting with Okta.
- Finally, an Entity policy framework centered around the user
- Benefit from crowdsourced signals: Take action when a user reports, “This wasn’t me.” Offer feedback into an advanced risk engine that incorporates your IT-Sec.Ops.-determined intelligence assertions on risk.
- ITP with Workflows, enabling extensible security and business orchestration outcomes.
- Use Rich Observability reports and widgets for an at-a-glance view.
- Investigate risky behavior right from a user’s profile page.1
We’ll talk in more detail about how this value is created. This blog also kickstarts a blog series. Watch out for the following blogs that will roll out in the future.
- Usability and security
- ITP and its place in the Okta ecosystem
- Okta in the security ecosystem
- Continuous Authentication and Risk
- Universal Logout
- Shared Signals, better together
- Extensible workflows to meet your security and business goals
The launch of Identity Threat Protection with Okta AI marks a significant milestone in the hitherto asymmetric fight against cyberthreats. We invite you today to join us on this journey towards a safer online enterprise future. Identity Threat Protection is a SKU now live for all Workforce Identity Cloud customers in the public cloud. Please note: We are working towards making Identity Threat Protection FedRAMP and DoD Impact Level 4 (IL4) compliant to include this service in our Okta for Government Moderate, Okta for Government High, and Okta for U.S. Military cloud offerings, but Identity Threat Protection has not yet achieved the applicable compliance levels or been audited for inclusion in those regulated environments.
Identity Threat Protection requires you to run Okta Identity Engine, Universal Directory, Single Sign-On, and Adaptive MFA. Identity Threat Protection leverages aspects of Workflows that are met through the complimentary workflows offering available for all Workforce Identity Cloud customers (although you might need to purchase additional Workflows licenses based on your usage). This product is offered to workforce customers only. Mixed orgs will be supported. Education customers will be supported. List pricing is $4 per user per month. Please reach out to your local Okta representative to get more details or to prepare a quote customized to your needs. For a free trial, please reach out to support.
We look forward to delivering Identity Threat Protection to your enterprise.