As you look ahead to 2025, we’re proud to offer last year’s progress as a practical guide for organizations aiming to proactively address Identity security challenges, implement innovations, and build resilience against evolving threats.

When we introduced the Okta Secure Identity Commitment in early 2024, we formalized our mission to lead in the fight against Identity threats—a growing concern for organizations. Identity attacks have skyrocketed, with billions of attempts now targeting critical infrastructure, customer data, and enterprise operations. Recent reports show that over 80% of breaches involve compromised identity, and by mid-2024, organizations experienced a record increase in credential stuffing and phishing campaigns, costing billions in losses and compromising trust.

As we shared at the launch of this initiative, we recognize that our responsibility extends beyond delivering secure products—it requires setting a higher standard for the entire Identity ecosystem. With over 19,450 customers and more than 1 billion unique monthly users relying on the Okta platform, we sought to strengthen this long-standing commitment to lead the industry in protecting organizations and individuals from increasingly sophisticated Identity-based threats.

The Secure Identity Commitment is built on four pillars:

1. Providing market-leading, secure Identity products and services
2. Championing customer best practices to ensure users are protected
3. Elevating the industry’s security posture through partnerships, innovation, and philanthropic commitments
4. Hardening Okta’s own corporate infrastructure to meet the highest standards

Last year, our efforts helped protect more than 19,450 organizations worldwide, including blocking over 3 billion identity attacks monthly (including malicious bots) and achieving a 90% reduction in credential stuffing for many of our largest customers. These milestones showcase how our solutions are driving real impact, helping organizations navigate Identity-based threats with greater confidence.

Investing in market-leading products and services

We’ve continued to innovate across our Workforce and Customer Identity Clouds, delivering solutions that empower organizations to enhance security without sacrificing usability. Here are some highlights from 2024 and a glimpse at what’s next in 2025:

Key 2024 innovations

• Identity Threat Protection with Okta AI: Unlock real-time detection and mitigation of Identity threats with AI-driven insights.
• Identity Security Posture Management (ISPM): Get deeper visibility into Identity risks and actionable remediation capabilities.
• Secure Identity Assessment: Take control over your Identity debt and close security gaps — like admin sprawl, misconfigured permissions, or shadow IT — before they become a security threat.
• Secure Identity Integrations: Speed up the time it takes to integrate with your top SaaS apps, by leveraging over 125 new integrations with deep security capabilities built in. Phishing-Resistant MFA Expansion: Enhance device assurance and biometric integrations through Okta FastPass, simplifying secure logins for end users.
• Extended Device Single Sign-On: Reduce friction in user authentication while maintaining strong security standards with rolled out device-based SSO
• Workflows is Post-Audit for FedRAMP: Automate and orchestrate Identity workflows without writing code to streamline compliance and security operations for public sector customers.
• Highly Regulated Identity: Get advanced Identity security for industries requiring strict compliance, such as finance and government.

What’s next in 2025

• Customer Identity Cloud
  • Tenant Security Manager with Okta AI: Strengthen security with AI-driven insights and guidance to enhance security policies, reduce risks, and address vulnerabilities. This tool allows users to collaborate with AI to uncover actionable insights for improved security.
  • Universal Logout (GA): Ensure seamless security by enabling users to log out across all connected applications with just one click, enhancing user control and reducing security risks.
  • Client Initiated back-channel Authentication (CIBA): Provide a secure way for users to authenticate and authorize access requests through direct notifications, strengthening transaction safety.
  • “API first” integration: Optimize UX and launch Transaction Authorization & User Validation from backend applications, requiring no user redirection.
  • FAPI 2 Compliance: Perform certification testing against OpenID conformance tests for FAPI2.
• Workforce Identity Cloud
  • Separation of Duties for OIG: Prevent unauthorized actions by requiring distinct role assignments for high-risk activities.
  • Access Certifications for SaaS service accounts: Automate account reviews and enforce precise control policies to ensure sensitive data remains secure.
  • Device Assurance Advanced Posture Checks: Restrict access for devices failing compliance policies, such as missing ransomware protection, and apply MDM-enforced rules to secure your ecosystem.
• Customer Identity Solutions
  • Identity Security Posture Management for CIS

These innovations reflect our dedication to creating seamless, scalable, and secure solutions for customers worldwide.

Championing customer best practices

Identity misconfigurations remain one of the top threats organizations face. Okta is committed to helping customers deploy secure configurations and adopt best practices:

• Secure Sign-In Trends Report 2024: Highlighted the growing adoption of phishing-resistant MFA across industries.
  • Phishing-resistant MFA shows great momentum: Delved into key takeaways from our Secure Sign-In Trends report, including steady growth in MFA adoption, with phishing-resistant MFA on the rise.
• Identity Security Checklist: Provided a framework to adopt a strong Identity posture and protect your organization from Identity-based attacks.
• Ultimate Guide to Phishing Prevention: Offers advice to protect you, your workforce, your business, and your customers from phishing attacks.
• Zero Trust and the Identity Imperative: Delivered resources to help organizations strengthen Zero Trust frameworks and reduce risks like shadow IT and misconfigured permissions.
• Actions Template Implementation Guides: Facilitates best practices, giving Customer Identity Cloud customers a secure configuration template to start their implementation.

In 2025, we’ll further focus on guidelines for proving the ROI of cybersecurity and actionable insights on top threats including deepfakes and supply chain attacks, to keep customers prepared and resilient.

Elevating the industry to fight Identity attacks

Beyond our products, Okta has taken a leadership role in elevating the industry’s approach to Identity security, including:

• IPSIE Working Group: Helped advance the Open ID Foundation’s (OIFD) Interoperability Profile for Secure Identity in the Enterprise (IPSIE), which aims to create a unified Identity standard for enterprise apps.
• CISA Secure by Design Pledge: Signed the pledge, along with companies around the globe, to showcase our industry’s commitment to taking meaningful steps in adopting secure by design principles.
• Identity Maturity Model: Launched a guide that helps assess progress in your organization’s Identity maturity journey and demonstrates how Identity can help you achieve your business goals.
• Okta for Good: Committed $11.7M towards our $50M philanthropy commitment to partners and leaders supporting digital protection efforts and advancing cybersecurity for the nonprofit sector.
• Okta Learning Grants: Instituted grants to support unemployed tech workers, including veterans and military spouses — equipping individuals with Okta’s on-demand course catalog, one Premier Practice Exam, one Okta certification voucher, and more.
• Tackling Admin Sprawl with Okta: Published a how-to guide for managing admin sprawl, a crucial part of maintaining security, compliance, and cost efficiency within any organization.

Hardening our corporate infrastructure

Okta holds its internal systems to the same rigorous security standards it provides to customers. In 2024, we:

• Enhanced Logging and Vulnerability Reporting: Unified reporting for vulnerability management and improved detection capabilities.
• Strengthened Device Protections: Enforced Mobile Device Management (MDM) for all devices accessing corporate resources, reducing potential attack surfaces.
• Locked Down SaaS Access Controls: Deployed granular administrator access controls to secure sensitive workflows.

In 2025, our internal initiatives include:

• Third-Party Security Controls: Rolling out additional safeguards for external libraries to further mitigate risks across the software supply chain.
• Hardened Images for Containers: Containers provide a range of security advantages, including additional isolation mechanisms, smaller attack surfaces, and role-based access control (RBAC).

These measures ensure that Okta remains a trusted partner, committed to both customer and operational security.

Conclusion

Okta’s Secure Identity Commitment represents our unwavering dedication to ensuring security always comes first. In 2024, we delivered impactful innovations, championed customer success, and set new benchmarks for the industry. But this is just the beginning.

As we enter 2025, we’re excited to keep pushing this commitment forward as part of our mission to secure every identity, everywhere.

To learn more about these developments and future launches, check out Okta’s Secure Identity Commitment page or download our comprehensive whitepaper.