Identity Threat Protection Detections now available with Adaptive MFA
Okta is thrilled to announce the General Availability of Identity Threat Protection with Okta AI Detections for Super Admins, now included with the Adaptive Multi-Factor Authentication SKUs. This new feature extends essential security detections to your most privileged accounts, reinforcing Okta's Secure Identity Commitment.
Identity Threat Protection Detections for Adaptive Multi-Factor Authentication (Adaptive MFA) Super Admins is designed to bolster security by providing advanced protection of administrator activity. However, it's important to note that this feature does not include broader Identity Threat Protection capabilities such as Universal Logout or the extended features of the Risk Policy Engine.
How it enhances your security posture
This feature provides several layers of protection for your most critical assets and privileged accounts:
- Enhanced security for critical identities: Identity Threat Protection Detections for Adaptive Multi-Factor Authentication Super Admins delivers enhanced security for privileged identities, helping to ensure access is protected throughout the entire access lifecycle. It extends crucial security detections to your most privileged accounts, reinforcing Okta’s Secure Identity Commitment.
- Protection for specific admin scenarios: While Okta recommends using custom admin roles based on the principle of least privilege, Identity Threat Protection Detections for Adaptive MFA Super Admins is particularly important for scenarios where static Super Admin roles are required. These include:
- Break glass accounts
- Situations where an IAM administrator requires configuration permissions not covered by custom admin roles.
- Comprehensive security monitoring: Identity Threat Protection Detections for Adaptive MFA Super Admins provides comprehensive security monitoring for directly assigned Super Admin roles, including:
- Security-related change detection based on IP and device context
- Session and user risk detections
- Detections based on Shared Signals Framework (SSF) signals, including inputs from third-party source signals
Organizations can also leverage threat intelligence from their existing security ecosystems to enhance detection for Super Admin accounts. This enables Okta to correlate signals across various security tools, delivering a more holistic view of potential threats targeting privileged users.
- Visibility into security events: Customers gain visibility into critical security insights related to directly assigned Super Admins. Specifically, the user.session.context.change and user.risk.detect events are triggered based on their activity, including third-party signals. You can also configure SSF Receivers to receive these signals from the security event provider. These events are webhook eligible and can drive actions through Workflows. Additionally, Identity Threat Protection's response framework offers native actions, reducing the need for additional integration work.
- Reinforces Okta's Secure Identity Commitment: Identity Threat Protection Detections for Adaptive MFA Super Admins helps fulfill Okta's Secure Identity Commitment by enhancing session and user risk detection on admin activity tied to your most privileged accounts.
Resources
For more detailed information, please refer to the following resources:
- Release notes
- Identity Threat Protection Detections and Remediation (Remediations require the ITP SKU and/or Workflows)
- Okta Secure Identity Commitment
- Risk Scoring
