Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term initiative to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We invest in keeping our products hardened and secure while also delivering new solutions that protect our customers. At the same time, we consistently invest in services, including 24/7 global support and 99.99% operational uptime.
Hardening our corporate infrastructure
The cyber-threat profile that we use for our customer-facing environment is the same for our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay ahead of threats.
Championing customer best practices
Misconfigured Identity is just another entry point for a bad actor or negligent insider. With 15 years experience and 19,000+ customers, we have the expertise to help ensure our customers have the right Identity configuration. We educate our customers to further strengthen their policies. We are committed to deploying our products with Okta’s security best practices. Our training and certification programs are examples of how we help customers meet these standards.
Raising the bar for our industry
Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We are accelerating our own capabilities and embracing new technology, such as AI. Additionally, with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
We're already securing more than 19,000 customers
And we're continually evolving in the fight against Identity-based attacks.
2 billion
potentially malicious access requests denied over a 30-day period*
90%
reduction in credential stuffing attempts over a 90-day period†
>800M
unique monthly users protected by Okta**
Investing in market-leading products and services
What we recently delivered
Identity Security Posture Management
Proactively reduce your Identity attack surface by identifying and prioritizing risks like excessive permissions, misconfigurations, and MFA gaps across your Identity infrastructure, cloud, and SaaS apps.
(GA in North America.)
Identity Threat Protection with Okta AI
Enhance your Identity's resilience by continuously assessing risks using Okta’s native Identity signals and enriching threat detection within integrated signals from third-party security providers. This enables proactive countering of a broad range of emerging threats post-authentication.
Fourth-generation Bot Detection with Okta AI
Unlock the latest version of our Bot Detection, which incorporates third-party risk signals into fine-tuned models designed to combat fraudulent registrations.
As part of Customer Identity, provide customers with the ability to securely replace and manage their tenant's top-level encryption keys, to bring your key into the HSM to replace Auth0’s default with self-generated keys (Bring Your Own Keys, or BYOK), and to control the lifecycle of the Tenant’s Master Key for incident response and ad-hoc rotation periods (Control Your Own Keys, or CYOK).
What's next
Secure SaaS privileged accounts
Deliver zero standing privileges for shared SaaS accounts, enforce individual accountability to shared accounts, and enable flexibility in policy options like MFA and approvals to balance security with efficiency.
Session management API extensibility
As part of Customer Identity, define custom behaviors based on risk signals to revoke suspicious sessions and set policies to detect and respond to hacking — by leveraging the Session Management API with our Actions Extensibility platform.
Championing customer best practices
What we recently delivered
The ultimate guide to phishing prevention
Learn how to protect yourself, your workforce, your business, and your customers from phishing attacks with this definitive guide.
Identity Threat Level Assessment
Unlock valuable insights into your industry's Identity threat level with Okta's new tool, leveraging real-time data on bot activity to compare your score against other industries, regions, and time frames.
Learn how to align NIST’s Digital Identity Guidelines (899-63Bb) with Okta’s Secure Identity Commitment, addressing session duration, inactivity, and app classification.
How Okta fosters a security culture
What does it take to make security an intrinsic part of your organization? In this article, Jen Waugh — Okta’s Senior Director, Security Culture — shares an inside look at Okta’s blueprint to foster a security culture that rallies the organization around a common goal: protecting against security threats.
Win over the board: CISO strategies for proving security’s ROI
CISOs need to convince their organizations’ boards of their security strategies — and prove those strategies are working. In this blog, we highlight best practices for demonstrating security ROI to help CISOs tell the story that their investments are paying off without negatively impacting the business metrics the board prioritizes.
What's next
5 tips to enhance security without sacrificing productivity or user experiences
Security can be seen as the enemy of productivity and user experience. But CISOs care deeply about reducing friction for both their workforce and their customers — and they want to find solutions that don’t force tradeoffs between UX, productivity, and security. This article will share insights and tips to help organizations deepen their security posture without compromising other business priorities.
The weakest link: Securing your extended workforce
Organizations lean on third parties to expand their business capabilities, from call centers to vendors and acquired companies. But rarely do these third parties have the same security standards and protocols, making them a target since attackers know they’re the weakest links into the core organization. This blog will share insights and commentary from CISOs around how they’re securing their extended workforce.
Raising the bar for our industry
Identity maturity model whitepaper
Learn how to assess progress in your organization’s Identity maturity journey and understand how Identity can help achieve business goals.
Tackling admin sprawl with Okta
Discover how to efficiently manage admin privileges and enhance security — with practical strategies for auditing admin usage and automating monitoring to help ensure compliance.
CISA’s Secure by Design pledge
Okta signed the CISA Secure by Design pledge, along with companies around the globe, to showcase our industry’s commitment to taking meaningful steps in adopting secure-by-design principles.
Okta for Good has committed $4.8M
This contribution goes towards a $50M philanthropy commitment, including two (2) $1M, five-year commitments to long-time partners and known leaders advancing digital transformation for the nonprofit sector.
Hardening our corporate infrastructure
What we recently delivered
Extended phishing resistance for all employees
We’ve long deployed Okta FastPass for phishing-resistant MFA; we have recently implemented phishing resistance via Yubikeys for all employees — for whom the whole employee lifecycle is 100% passwordless, from onboarding to recovery.
Standardized and centralized reporting for security risk management
We deployed a single-vendor solution to centralize risk and issue management related to our governance, risk, and compliance program, including third-party risk management.
Enhanced laptop and mobile protections
We have further limited and restricted how Okta laptops can be used, continuing to emphasize least privilege. We have also improved our overall mobile device management (MDM) security posture.
What's next
Standardized and centralized reporting for vulnerability management, asset management, and CSPM
We will centralize all vulnerability-related information across our production and corporate environments.
Improved logging ingestion and analysis tooling
We will improve our logging capabilities to enable more relevant alerts. This will allow us to investigate an incident across our logging environment in a more timely manner.
Enhanced scanning of open-source software (OSS)
We will make additional improvements to OSS component vulnerability scanning.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.
Explore more resources
Hear from CEO Todd McKinnon
Okta CEO and Co-Founder Todd McKinnon announces the launch of the Okta Secure Identity Commitment and shares his vision for the future of Identity and security.
*Based on internal reporting over the period of December 5, 2023 to January 4, 2024
**Based on Okta internal reporting from February 2024
†Based on internal reporting of anonymized data from enterprise customers over the period of October 5, 2023 to January 4, 2024