Okta welcomes US DoD and mission partners to Okta Identity Governance, Workflows, and AI

Framework/Policy

Okta’s Audit-Ready Capability

Alignment

DoD Instruction 8520.04 ("Identity Assurance")

Identity Governance: Ensures least-standing privilege by easily entitling the right people to the right apps, simplifying access governance, and improving security posture through automated reviews and lifecycle management.

• Strong identity assurance: Supports robust authentication (IA-2, IA-3, IA-5).
• Reliance on authoritative attribute sources: Works with centralized attribute data in Okta Universal Directory to define roles, scope access reviews, and enforce policies (IAM-1).
• Least privilege access: Provides tools to define and enforce granular access policies (AC-3, AC-6).
• Access lifecycle management: Manages access requests, approvals, and provisioning/deprovisioning based on defined policies (IAM-2).
• Separation of duties (SoD): Allows definition and enforcement of SoD policies, preventing users from accumulating conflicting entitlements that could pose a security risk (AC-5).
• Auditing and compliance: Offers comprehensive reporting capabilities (AU-2, AU-6).

DoD ICAM

Workflows: Leverages no-code identity automation and orchestration to save time and reduce costs by fully automating complex, last-mile tasks like provisioning/deprovisioning and customizing user lifecycle for various identity types.

• Connecting to authoritative attribute services: Automates integration with various authoritative sources (e.g., HR, clearance systems, training platforms) to keep Okta Universal Directory updated with verified details like job title, security clearance level, and required training completion status (IAM-1).
• Automating actions based on attribute changes: Triggers actions based on changes in authoritative data (IAM-2).
• Operationalizing governance policies: Automates the execution of identity governance decisions across multiple systems. For example, a change in clearance level could trigger a workflow to adjust access permissions automatically. (AC-6)
• Integration with security tools (NIST SP 800-207 - Zero Trust Architecture): Connects with security tools for automated threat response (IR-4, aligning with Zero Trust automation principles).

DoD ICAM (OMB M-22-09 and NIST SP 800-207)

Identity Threat Protection with Okta AI: Continuously assesses and responds to Identity threats in real-time, providing comprehensive visibility and ecosystem collaboration for quicker threat detection and response, enhancing security without compromising user experience.

• Continuous monitoring and risk assessment: Leverages AI for real-time anomaly detection (SI-4).
• Adaptive access policies: Enables dynamic multi-factor authentication (MFA) and access controls based on risk (IA-5, AC-2), supporting OMB M-22-09's emphasis on phishing-resistant MFA
• Threat detection and response: Automates responses to post-authentication threats, triggering automated remediation through Workflows and informed by the user's known status and roles derived from authoritative attributes (IR-4)
• Unified approach to identity security: Provides centralized visibility and integrates with existing security stacks (SI-1, IA-8, aligning with Zero Trust's holistic view)