Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term initiative to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We invest in keeping our products hardened and secure while delivering new solutions that protect our customers. We also consistently invest in services, including 24/7 global support and 99.99% operational uptime.
Hardening our corporate infrastructure
The cyber-threat profile we use for our customer-facing environment is the same for our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay ahead of threats.
Championing customer best practices
Misconfigured Identity is another entry point for a bad actor or negligent insider. With 15 years experience and 19,450+ customers, we have the expertise to help ensure our customers have the right Identity configuration. We’re committed to deploying our products with Okta’s security best practices, and our training and certification programs are ways we help customers meet these standards.
Raising the bar for our industry
Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We’re accelerating our capabilities and embracing new technology, such as AI. Additionally, with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
We're already helping secure more than 19,450 customers
And we're continually evolving in the fight against Identity-based attacks.
3 billion
attacks (credential stuffing, malicious bots) denied over a 30-day period*
90%
reduction in credential stuffing attempts over a 90-day period†
>800M
unique monthly users protected by Okta**
Investing in market-leading products and services
What we recently delivered
Work directly with Okta experts to control your Identity debt and close security gaps like admin sprawl, misconfigured permissions, or shadow IT before they become a security threat.
Enhance security and reduce development time with 125+ new SaaS application integrations that bring advanced security to some of the biggest SaaS applications.
Customise sessions with extensibility
Define custom behaviours based on risk signals to revoke suspicious sessions and set policies to detect and respond to hacking. You can do this by leveraging the Session Management API with our Actions Extensibility platform.
Out-of-the-box integrations for Identity verification
Use out-of-the-box integrations with third-party Identity verification providers to enable seamless Identity verification throughout the employee lifecycle. Our integration for Persona is available in Early Access now.
What's next?
Secure partner access
Securely manage Identity and access to shared applications for business partners without requiring significant development, customisation, and management tasks from IT.
Yubico FIDO pre-reg
Protect your organisation from modern Identity attacks by implementing advanced phishing resistance across the organisation with pre-enrolled FIDO2 Yubikeys.
Combat call center, in-person fraud with CIBA
Client-Initiated Backchannel Authentication (CIBA) offers a streamlined, more secure way to verify customers over the phone, in-person, and through IoT devices. Instead of relying on traditional security questions, CIBA allows backchannel apps to trigger push authentication requests directly to the user’s device.
Championing customer best practices
What we recently delivered
Secure Sign-In Trends Report 2024
Okta’s latest Secure Sign-In Trends report dives into how organisations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins.
5 tips to enhance security without sacrificing productivity or user experiences
Security can be seen as the enemy of productivity and user experience. This article will share insights and tips to help organisations deepen their security posture without compromising other business priorities.
Five reasons to upgrade your org to the Okta Identity Engine
Explore why thousands of organisations are upgrading from Okta Classic to the modern Okta Identity Engine. This guide highlights key benefits like enhanced authentication, passwordless sign-ins, device assurance, and improved admin experiences to help secure your Identity posture and streamline user access.
Zero Trust and the Identity imperative: Building resilience against emerging threats
Explore how organisations can benefit from industry guidelines and best practices, like those outlined by NIST, to strengthen their Zero Trust approaches. Learn about threats and trends companies face, including phishing, shadow IT, misconfigured Identity, and more.
Verifying identity of your remote workforce
With deepfakes on the rise, remote identity verification is becoming increasingly important and difficult. How do you verify that employees are who they say they are when you can’t physically see them? This article outlines best practices for identity verification during the hiring process and beyond.
The weakest link: Securing your extended workforce
Organisations lean on third- parties to expand their business capabilities, from call centres to vendors and acquired companies. But these third parties rarely have the same security standards and protocols, making them a target since attackers know they’re the weakest links into the core organisation. Okta Deputy CSO Charlotte Wylie shares what it takes to secure your extended workforce.
What's next?
Guide to proving the ROI of cybersecurity
Data breaches were up 72% in 2023 alone, but security professionals are still struggling to get the buy-in and resources they need to move key initiatives forward. This guide includes advice from CISOs and security leaders for demonstrating ROI.
Threats I’m monitoring in 2025: from deepfakes to Scattered Spider
Cybercriminals are constantly evolving and refining their tactics. Find out what’s keeping CISOs up at night, from increasingly sophisticated ransomware to supply chain vulnerabilities and AI-based cyber attacks.
Raising the bar for our industry
Preparing for the New Identity Security Standard
The OpenID Foundation’s Interoperability Profiling for Secure Identity in the Enterprise (IPSIE) working group is in the process of creating an open industry standard. This standard will enhance the end-to-end security of enterprise SaaS products and provide a framework for SaaS builders to more easily meet evolving enterprise security needs.
Okta’s mission to standardise Identity security
As part of our mission to secure Identity, we’ve led the formation of a working group within the OpenID Foundation. This group is dedicated to creating the first unified Identity Security standard for enterprise apps, resources, and workloads: Interoperability Profile for Secure Identity in the Enterprise (IPSIE).
Okta’s ongoing commitment to Secure by Design
In May 2024, Okta was one of the first technology providers to sign the CISA Secure by Design pledge. The pledge commits enterprise software companies to make a “good faith” effort to meet seven high-level Secure by Design goals within the course of a year. Learn how Okta has progressed against this pledge.
Okta for Good has committed $11.7M
Okta for Good has committed $11.7M towards its $50M philanthropy commitment, including a $2.5 million commitment for NetHope - a catalyst for collective impact that advances humanitarian, conservation, and international development efforts worldwide to enhance cybersecurity resilience across the nonprofit sector.
Hardening our corporate infrastructure
What we recently delivered
Standardised and centralised reporting for vulnerability management, asset management, and CSPM
We have centralised vulnerability-related information across our production and corporate environments.
Improved logging ingestion and analysis tooling
We have improved our logging capabilities to enable more relevant alerts.
Enhanced scanning of open-source software (OSS)
We have made additional improvements to OSS component vulnerability scanning in order to detect operational risks and malware in third-party libraries. This tooling has been operationalised within Okta’s development and release workflows.
What's next?
Additional security controls established for third-party libraries
Mitigating the risks associated with external dependencies is a key component of a robust security program. Okta is taking steps to help reduce the risk of vulnerabilities via third-party libraries with additional security controls and monitoring.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.
Explore more resources
Hear from CEO Todd McKinnon
Okta CEO and Co-Founder Todd McKinnon announces the launch of the Okta Secure Identity Commitment and shares his vision for the future of Identity and security.
*Based on internal reporting through October 2024
**Based on Okta internal reporting from February 2024
†Based on internal reporting of anonymised data from enterprise customers over the period of October 5, 2023 to January 4, 2024