Okta's bug bounty program

We believe community researcher participation plays an integral role in protecting our customers and their data. We appreciate all security submissions and strive to respond in an expedient manner.

Okta is an integrated identity service that connects people to their applications from any device, anywhere, anytime. The Okta Identity Cloud provides directory services, single sign-on, strong authentication, provisioning, and mobile device management. It comes with built-in reporting and integrates deeply with cloud, mobile, and on-premise applications, directories, and identity management systems.

Account Creation

In order to participate in Okta’s bug bounty program you are required to have a Bugcrowd account.

Here’s what to expect:

• Enter your Bugcrowd ID (BCID)
• (2) accounts will be created
  • https://bugcrowd-BCID-1.oktapreview.com
  • https://bugcrowd-BCID-2.oktapreview.com
• (2) emails will be sent to your registered Bugcrowd address

Testing

All scope, payout, and account setup details can be found on our Okta bug bounty page.

Resources

• Okta Public API References
• Okta Configuration & Support Site

Please check our current release notes to see what's new. New code is released weekly.

Out of Scope

The site you are currently visiting is out of scope for the Bug Bounty program. All scope, payout, and account setup details can be found on our Okta bug bounty page.