Security & Availability

Security and Availability

Okta powers millions of authentications per month, with a customer base that’s rapidly expanding across different markets, including public companies and those in highly regulated industries. We adhere to the highest industry standards for security and reliability in all we do, from our hiring practices to the architecture and development of the software that powers Okta and the data center strategies and operations that enable us to deliver a world-class service.

Okta Makes Your Cloud Secure

Okta Makes Your Cloud Secure

Using Okta’s on-demand identity management service improves your security through:

  • Centralized access policy for all your apps

    All access to cloud and on-premises applications is controlled from a single point and security policies can easily be applied to all apps rather than one at a time via a simple–to-use web interface.

  • Comprehensive Active Directory integration

    Administrators can control access from Active Directory and users get access to all of their apps, whether cloud or on-premises, with the network credentials they know.

  • Minimized password fatigue

    In many cases Okta eliminates the need for passwords with support for federated authentication (e.g. SAML) , and when passwords are required, they are encrypted, not scribbled on sticky notes or stored in spreadsheets.

  • Audit logs and reporting

    Okta provides audit access to all cloud apps. Use the rich set of integrated reports or export to an external archive and reporting tool.

  • Managed password policy

    A single consistent password policy, applied to all applications.

  • Centralized deprovisioning

    User deactivation is typically triggered from a corporate identity store such as Active Directory. With Okta’s centralized deprovisioning, deactivating a user in AD initiates a deprovisioning workflow immediately to ensure maximum effectiveness in preventing rogue access to Okta and other cloud applications.

  • Role-based administration

    The Okta administrative permissions model provides granular access control to, and administrative rights for, the individual capabilities of the Okta service.

  • Multi-factor Authentication (MFA)

    Okta provides two additional authentication factors: a security question and a smartphone based soft token. These options effectively protect against phishing, key loggers and other password theft attempts, and they are both built in to the Okta service. If you already have an MFA solution in place, Okta can seamlessly work with that too.

Availability

At Okta we realize that our customers rely on the single sign-on component of our service to access their business-critical applications, so we’re built for high availability and scale.

Okta delivers 99.9% guaranteed uptime—the best SLA in the industry. And that is a true SLA.

With Okta there is zero planned downtime. The Okta service never shuts down for maintenance purposes. Okta achieves this zero planned downtime while also supporting the introduction of new functionality on a regular basis. When we say 99.9% we mean 99.9%. No ifs, ands or buts.

To track our availability and understand more about how we achieve it, just go to www.okta.com/trust.

Certification

Logo Aicpa SocAs part of our commitment to security, Okta has used the SSAE 16 (SOC 2) process — formerly known as SAS 70 — to successfully certify the operational and security processes of our service and our company. The detailed results of this stringent certification process are available upon request — simply email security@okta.com