Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against Identity-based attacks, alongside empowering our customers and the industry to identify and mitigate emerging threats.
Market leading identity products & services
We relentlessly invest in keeping our products hardened and secure. After all, the world’s most trusted brands trust Okta for the strength of security within our platform.
We recognize that our security posture is your security posture, so we continue to innovate and further strengthen our product and services to deliver market leading protection.
Harden our corporate infrastructure
We treat all of our internal technology, people, and processes with the same cyber threat profile as our customer-facing environment.
We are accelerating our investments to further harden our ancillary (production-adjacent) and corporate systems.
Champion customer best practices
Misconfigured identity is just another entry point for a bad actor or negligent insider. With 16 years experience and nearly 20k customers, we have the unique expertise to ensure our customers have the right identity configuration.
To make sure our customers benefit from our depth of experience, we are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.
Elevate our industry
Identity has become the primary enterprise security entry point for all workforce and consumer apps.
The volume and complexity of attacks against entities large and small continues to accelerate.
Detecting and protecting against these attacks is a mission-critical requirement. Organizations need a neutral and independent identity provider. As the only vendor recognized as a leader in every Gartner® Magic Quadrant™, Okta has a responsibility to lead the way.
We're already helping secure nearly 20,000 customers
And we're continually evolving in the fight against identity-based attacks.
attacks (credential stuffing, malicious bots) denied over a 30-day period*
malicious (or risky) access attempts blocked over a 30-day period*
operational uptime delivered globally to support seamless access
logins secured with 24x7 support and 16+ years of identity expertise
Investing in market-leading products and services
What we recently delivered
ITP Workflows Connector
Take real-time, automated actions in response to ITP detections, with rich context and detailed insights about the event. Responses include, but are not limited to, suspending users or sending detailed notifications to security teams.
Network Restrictions for Token Endpoint
Enforce network restrictions, thereby enhancing security to protect customers from token relay attacks and theft.
Ephemeral Sessions in Actions
Dynamically configure whether a session should expire when the browser is closed. Define ephemeral sessions per client, organization, connection, or by any custom business logic within Actions.
DPoP (Demonstrate Proof of Possession)
Protect access and refresh tokens by constraining them cryptographically to the application that they are issued to.
What’s next
Custom Admin Roles for ITP
Enforce least-privilege access with precise, scoped admin permissions for managing ITP configurations, such as who can manage user sessions, configure risk policies, or set up Shared Signals Framework (SSF) integrations.
Advanced Directory Management
Securely manage B2B customers' access to shared applications at scale. Extend strong security controls like passwordless authentication to protect customer access and delegate user management and app assignments to optimize IT operations.
Advanced Filtering in Security Center
Anomaly monitoring on expanded attack vectors in the Security Center dashboard through filter categories. List groupings of events by multiple categories for incident analysis.
Championing customer best practices
What we recently delivered
Deepfakes and deception: Building a human firewall against AI-powered attacks
Explore how AI-driven deepfakes and sophisticated social engineering tactics are evolving to bypass traditional defenses. In this piece, we emphasize the importance of empowering users through awareness training — creating a “human firewall” — to recognize and resist AI-fueled deception schemes.
The ‘superuser’ blind spot: Why AI agents demand dedicated identity security
Okta’s CPO Arnab Bose highlights how AI agents can accumulate high-level access — effectively becoming hidden “superusers” — and why they require their own identity policies and controls. The article urges organizations to treat AI agents with the same rigor as human identities to close this critical security gap.
Navigating AI's impact on security with Guidewire CISO James Dolph
In this video, Guidewire’s CISO James Dolph discusses how AI is not only enhancing phishing via increased believability, but also transforming the CISO role. He emphasizes reframing security strategies to anticipate AI’s dual role in both attacks and defense.
The password problem: Why we need a passwordless world
Okta advocates for a move beyond passwords to seamless, passwordless authentication methods like biometrics and WebAuthn. This piece outlines the benefits — stronger security, improved user experience — and underscores the need for education and design to drive user adoption.
Sophisticated deception: Thoughtworks CISO Nitin Raina on a new era of social engineering attacks
Thoughtworks’ CISO Nitin Raina warns that cybercriminals are increasingly using AI to orchestrate highly convincing, context-aware phishing and social engineering campaigns. He stresses that this fast-moving threat requires new detection techniques and proactive response strategies from CISOs.
Third-party risk: 3 actions security leaders should take to safeguard their business
Supply chain attacks are a growing concern, and one that can feel beyond your organization’s control. In this article, we’ll unpack the critical considerations for managing third-party relationships, from evaluating vendor security to mitigating threats across the supply chain.
What's next
Addressing the growing threat of ransomware
Druva CTO Stephen Manley shares a proactive, three-pronged approach to combat ransomware, emphasizing integrated recovery plans, rigorous testing, and prioritizing critical data, while highlighting the importance of employee education to counter evolving threats.
Balancing AI innovation and security
In the era of AI, how can CISOs enable innovation without compromising security? In this article, explore how CISOs can fast-track safe AI projects, avoid hype, and navigate the risks of emerging tools.
Raising the bar for our industry
Security and sustainability through people, processes, and technology
Securing critical infrastructure enables sustainable business practices and respect for human rights like privacy. Okta supports our B2B customers in securing their critical infrastructure. Effective identity management and ESG programs include aligning people, processes, and technology for a unified approach to security risk management.
Okta for Good Technical Services for Nonprofits
This new service expands our technical services offerings to nonprofits. This includes the Okta Quick Launch Guide, curated by the Okta for Good team for nonprofits & other organizations with few technical resources. This on demand resource includes content from Okta Learning.
New pro bono partner implementation services for Nonprofits through our partners Cloudworks and BeyondID
Many nonprofits operate with small IT teams with limited skillsets. Nonprofits need more than a product donation to be secure—they need technical implementation support. This ensures the product is set up according to best practices. This new program expands our support offerings to customers in EMEA and beyond through partners.
$19.5M committed with Okta for Good
Okta for Good (O4G) has committed $19.5M towards its $50M philanthropy commitment to advance digital transformation for the nonprofit sector.
Hardening our corporate infrastructure
What we recently delivered
Okta Threat Intelligence
Okta now publishes threat advisories on the latest identity-based attacks we have observed at security.okta.com — these observations are available exclusively for the security contacts of Okta customers. Read on for more on how to access these resources.
Threat Research: The Secrets Agentic AI Leaves Behind
Okta Threat Intelligence published a preliminary analysis of authentication methods used for agentic AI access to protected applications.
Auth0 Detection Library
Okta has published a library of common detections for suspicious activity in an Auth0 tenant to the open source community.
What's next
CheckMate for Auth0
Okta is releasing a free utility for Auth0 customers that assesses the configuration of their Auth0 tenant against security best practices.
New notification type: Suspected Targeted Threat Actor Activity Notification
Okta will expand the range of suspicious activity notifications sent to customers based on an expanding set of intelligence priorities.
Secure Sign-in Trends 2025
Okta will share our third annual Secure Sign-in Trends report. This report summarizes an anonymized study on user adoption of various sign-in methods to access Okta-protected resources in the workforce.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.