Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term initiative to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We invest in keeping our products hardened and secure while delivering new solutions that protect our customers. We also consistently invest in services, including 24/7 global support and 99.99% operational uptime.
Championing customer best practices
It’s estimated that human error and talent shortages will cause over half of major cybersecurity incidents by 2025, with misconfigured Identity being a key risk. With 16 years of experience and 19,650+ customers, we have the expertise to ensure the right Identity configuration. We also support our ecosystem in developing their own skills to stay ahead of evolving threats through Okta Learning – featuring 200+ public security-focused courses, industry-recognized certifications, and much more.
Raising the bar for our industry
Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We’re accelerating our capabilities and embracing new technology, such as AI. Additionally, with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
Hardening our corporate infrastructure
The cyber-threat profile we use for our customer-facing environment is similar to that of our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay ahead of threats.
We're already helping secure more than 19,650 customers
And we're continually evolving in the fight against Identity-based attacks.
8 billion
attacks (credential stuffing, malicious bots) denied over a 30-day period*
>752M
malicious (or risky) access attempts blocked over a 30-day period*
Investing in market-leading products and services
What we recently delivered
Enable business partners to securely and seamlessly access shared resources without requiring significant development, customization, and management tasks from IT.
Build your GenAI applications securely. Auth for GenAI is a suite of features that allow your AI agents to securely call APIs on behalf of your users, both interactively and asynchronously, by requesting for the right and least privileged access to users' sensitive information.
Okta Account Management Policy
Define the assurance requirements a user must meet to perform authenticator enrollment, password reset, or unlock account operations.
Client Initiated Backchannel Authentication (CIBA)
Provide the means to proactively reach out to users via a notification for them to authenticate and authorize access.
What's next
Desktop MFA Recovery for macOS
Prevent productivity disruption by securely enabling admins to provide end users with time-limited recovery codes to log in to their devices in case of a lost phone or security key.
IdP single logout
Allow end users to log out of multiple apps and external identity providers simultaneously with one click for a secure and seamless experience.
Native to Web SSO
Streamline the customer experience by eliminating the need to re-login when moving from a mobile app to a web app. Leverage Auth0's built-in security features, including DPoP and App Attestation, to enable a more seamless and secure Native to Web SSO experience.
Championing customer best practices
What we recently delivered
CISOs’ top threats for 2025, from deepfakes to Scattered Spider
Cybercriminals are constantly evolving and refining their tactics. Find out what’s keeping CISOs up at night, from increasingly sophisticated ransomware to supply chain vulnerabilities and AI-based cyber attacks.
Cyber-safety over the holidays
A practical guide to staying safe during the holiday season, highlighting tips for protecting your identity and accounts from scams and cyber threats. Includes actionable advice such as monitoring accounts, securing devices, and practicing safe online shopping.
Five predictions for Identity-centric attacks in 2025
Explore the evolving landscape of Identity-based cyberattacks, including emerging threats like advanced phishing kits, a resurgence of device-bassed attacks, and exploitation of business processes through social engineering.
How to prove the ROI of cybersecurity
Data breaches were up 72% in 2023 alone, but security professionals are still struggling to get the buy-in and resources they need to move key initiatives forward. This guide includes advice from CISOs and security leaders for demonstrating ROI, and lays out the steps to showing that security isn’t just a cost center but a strategic driver of business growth and resilience.
The most targeted companies choose phishing-resistant MFA
Learn how organizations targeted by advanced phishing campaigns are adopting phishing-resistant MFA methods like Okta FastPass and FIDO2 to reduce risk. Discover how phishing-resistant MFA helps prevent credential theft, enables passwordless security, and protects against evolving phishing tactics.
What a change of power in Washington means for cybersecurity
With the new administration entering office in the U.S., what should security leaders expect and plan for? In this article, Okta Federal CSO Sean Frazier shares his predictions for the next presidential term, from deregulation to state-sponsored cyber attacks.
How Okta mitigates OWASP's top 10 non-human identity risks
Learn how to address OWASP’s top 10 non-human identity (NHI) risks using Okta’s platform — from securing sensitive credentials to enforcing least-privilege access and streamlining Identity lifecycle management.
One trick finds the root of any Okta troubles
Whether you’re troubleshooting a technical issue or performing a forensic investigation into your Okta Workforce Identity org, discover new queries that can help you get to the root of problems.
What's next
How to measure the success of your security program
Tracking the right metrics is key to demonstrating ROI, getting buy-in, and securing resources. In this article, CISOs share how to measure the success of your security program with practical qualitative and quantitative metrics that demonstrate value to your organization.
Strategies to improve cyber resilience
Since the CrowdStrike outage, business resilience has become a primary driver of security strategies across industries. In this article, CISOs share tactics to boost cyber resilience, strengthen disaster recovery plans, and reinforce trust in mission-critical vendors to the board.
Secure governance of non-human identities
Discover effective strategies to enhance secure governance of non-human identities (such as service accounts and chatbots), including improving visibility, automating oversight, and safeguarding critical systems.
Raising the bar for our industry

Raising the bar for our industry with IPSIE
Discover how Okta is working to advance security with the Interoperability Profiling for Secure Identity in the Enterprise (IPSIE), uniting 25+ companies to create a groundbreaking, industry-wide standard for secure SaaS integrations focused on all aspects of Identity, including single sign-on, lifecycle management, risk signal sharing, and more.

CISA Secure by Design Technical Exchange
Okta presented at the CISA Secure By Design technical exchange efforts to eliminate an entire vulnerability class. Over the past year, we’ve analyzed and classified vulnerabilities, defined the scope, and implemented process changes—conducting deep reviews, running education campaigns, and driving initiatives across multiple organizations.
Building resilient Identity: Reducing security debt in 2025
Okta’s security team delves into the growing challenge of managing identity sprawl and technical debt, which leaves organizations vulnerable to attacks and operational inefficiencies—and how, without a clear strategy, identity security gaps can lead to misaligned priorities, hinder business outcomes, or incur costly breaches.
Okta for Good has committed $15.7M
Okta for Good has committed $15.7M towards its $50M philanthropy commitment, completing the first year of our 5-year commitment.
Hardening our corporate infrastructure
What we recently delivered
Additional security controls established for third-party libraries
Mitigating the risks associated with external dependencies is a key component of a robust security program. Okta has taken steps to help reduce the risk of vulnerabilities via third-party libraries with additional security controls and monitoring.
Backup verification process established for account recovery
Okta partners with Persona for Identity verification (IDV), verifying credentials and identities to ensure that users are who they claim to be during account unlocks and password resets.
How Okta embraces Identity verification using Persona
Okta has introduced ID verification as a compulsory component of our evolving onboarding process and secure account recovery activities to improve our security posture assurance—including context on Okta's unique use cases.
What's next
Biometric authentication for high & moderate assurance apps
Biometric authentication simplifies the end-user experience by eliminating the need to remember complex credentials, offering enhanced protection and improved convenience.
Additional detections on production changes
Okta’s enhanced detections on code changes in production will assist in prohibiting unauthorized modifications and/or potentially malicious insertions.
Vulnerability management automation
By automating vulnerability management, Okta can continuously identify, prioritize, and remediate security risks without manual effort.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.
Explore more resources
Hear from CEO Todd McKinnon
Okta CEO and Co-Founder Todd McKinnon announces the launch of the Okta Secure Identity Commitment and shares his vision for the future of Identity and security.
*Based on internal reporting through January 2025