Okta + Data Residency

How and where to use the Okta Identity Platform for your data residency requirements.

The world's largest organizations trust Okta

The world's most trusted brands build with Okta.

Data Residency at Okta

In today’s complex cloud computing environment, organizations have legitimate concerns about the ever-changing landscape of data privacy laws. Not only are customers subject to an increasing number of requirements around protecting personal data, but many customers are subject to requirements and increased concerns around where data is stored. At Okta, it is our mission is to stay ahead of the curve of privacy law developments and partner with our customers to support their data residency challenges as they grow their digital footprint. We want to provide full transparency into how we process customer data and how we can help organizations meet their compliance requirements related to data residency.

Meet regulatory requirements with Okta

Schrems II, GDPR, and CCPA are just some examples of regulations that have changed the landscape over the last decade. As regulations are continuously added and evolving throughout different countries, organizations need to make investments that serve as a foundation for future growth worldwide. Learn more about Okta’s industry standard certifications to help meet regulatory requirements.

Frequently Asked Questions

Data residency refers to the actual geographic location where your organization’s content is stored.

Organizations may be required to meet various requirements pursuant to data privacy regulations, particularly those in regulated industries. To support customers with data residency needs, Okta has created cell architecture that allows customers to purchase local cells in which to store customer data.

Okta is built on the industry’s most reliable, secure, and scalable platform worldwide to support our customers with their data residency requirements, Okta will host Customer Data in data centers selected by Customer. Okta has cells located throughout the US, EMEA, Japan, and Australia (for both primary and failover capabilities). For future locations, please see our roadmap.

Okta utilizes Sub-processors to assist Okta in providing its services to its customers. The locations in which Okta’s processing occurs are described in the “Sub-processor Information” document that is part of our Trust & Compliance documentation. The location of processing will sometimes vary depending on the applicable Service and cell that the Customer selects. Additional information about our assurances to customers are available in our Master Subscription Agreement, Data Processing Addendum, and in our Trust and Compliance Documentation.

Okta is built on secure, safe connections between people and technology – not monetizing customer data. We do not sell customer data – any and all data uploaded into the Okta service by or on behalf of a customer – and we never will.

At Okta, securing our customers' data is our top priority.  Our certifications and authorizations are consistent with some of the highest data protection standards in the industry, including, for example, standards consistent with FedRAMP High and Medium authorizations, NIST 800-53, HIPAA, ISO 27001/27017/27018, and GDPR.  We encourage you to learn more about Okta's security practices by viewing our service certifications here

Additional Resources:

Documentation

Trust & Compliance Documentation

Whitepaper

Okta for Global, Distributed Organizations

Policy

Okta Privacy Policy

Privacy

Okta Data Privacy