Okta Secure Identity Commitment

The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against Identity attacks.

We’re committed to taking action

Learn about the definitive steps we’re taking to fight against Identity-based attacks, alongside empowering our customers and the industry to identify and mitigate emerging threats.

Market leading identity products & services

We relentlessly invest in keeping our products hardened and secure.  After all, the world’s most trusted brands trust Okta for the strength of security within our platform.

We recognize that our security posture is your security posture, so we continue to innovate and further strengthen our product and services to deliver market leading protection.

 

Harden our corporate infrastructure

We treat all of our internal technology, people, and processes with the same cyber threat profile as our customer-facing environment.

We are accelerating our investments to further harden our ancillary (production-adjacent) and corporate systems.

 

Champion customer best practices

Misconfigured identity is just another entry point for a bad actor or negligent insider. With 16 years experience and nearly 20k customers, we have the unique expertise to ensure our customers have the right identity configuration.

To make sure our customers benefit from our depth of experience, we are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.

 

Elevate our industry

Identity has become the primary enterprise security entry point for all workforce and consumer apps.

The volume and complexity of attacks against entities large and small continues to accelerate.

Detecting and protecting against these attacks is a mission-critical requirement. Organizations need a neutral and independent identity provider. As the only vendor recognized as a leader in every Gartner® Magic Quadrant™, Okta has a responsibility to lead the way.

 

We're already helping secure nearly 20,000 customers

And we're continually evolving in the fight against identity-based attacks.

3.9 billion

attacks (credential stuffing, malicious bots) denied over a 30-day period*

>517M

malicious (or risky) access attempts blocked over a 30-day period*

99.99%

operational uptime delivered globally to support seamless access

10B+

logins secured with 24x7 support and 16+ years of identity expertise

Investing in market-leading products and services

What we recently delivered

ITP Workflows Connector

Take real-time, automated actions in response to ITP detections, with rich context and detailed insights about the event. Responses include, but are not limited to, suspending users or sending detailed notifications to security teams.

Network Restrictions for Token Endpoint

Enforce network restrictions, thereby enhancing security to protect customers from token relay attacks and theft.

Ephemeral Sessions in Actions

Dynamically configure whether a session should expire when the browser is closed. Define ephemeral sessions per client, organization, connection, or by any custom business logic within Actions.

DPoP (Demonstrate Proof of Possession)

Protect access and refresh tokens by constraining them cryptographically to the application that they are issued to.

What’s next

Custom Admin Roles for ITP

Enforce least-privilege access with precise, scoped admin permissions for managing ITP configurations, such as who can manage user sessions, configure risk policies, or set up Shared Signals Framework (SSF) integrations.

Advanced Directory Management

Securely manage B2B customers' access to shared applications at scale. Extend strong security controls like passwordless authentication to protect customer access and delegate user management and app assignments to optimize IT operations.

Advanced Filtering in Security Center

Anomaly monitoring on expanded attack vectors in the Security Center dashboard through filter categories. List groupings of events by multiple categories for incident analysis.

Championing customer best practices

What we recently delivered

Deepfakes and deception: Building a human firewall against AI-powered attacks

Explore how AI-driven deepfakes and sophisticated social engineering tactics are evolving to bypass traditional defenses. In this piece, we emphasize the importance of empowering users through awareness training — creating a “human firewall” — to recognize and resist AI-fueled deception schemes.

The ‘superuser’ blind spot: Why AI agents demand dedicated identity security

Okta’s CPO Arnab Bose highlights how AI agents can accumulate high-level access — effectively becoming hidden “superusers” — and why they require their own identity policies and controls. The article urges organizations to treat AI agents with the same rigor as human identities to close this critical security gap.

Navigating AI's impact on security with Guidewire CISO James Dolph

In this video, Guidewire’s CISO James Dolph discusses how AI is not only enhancing phishing via increased believability, but also transforming the CISO role. He emphasizes reframing security strategies to anticipate AI’s dual role in both attacks and defense.

The password problem: Why we need a passwordless world

Okta advocates for a move beyond passwords to seamless, passwordless authentication methods like biometrics and WebAuthn. This piece outlines the benefits — stronger security, improved user experience — and underscores the need for education and design to drive user adoption.

Sophisticated deception: Thoughtworks CISO Nitin Raina on a new era of social engineering attacks

Thoughtworks’ CISO Nitin Raina warns that cybercriminals are increasingly using AI to orchestrate highly convincing, context-aware phishing and social engineering campaigns. He stresses that this fast-moving threat requires new detection techniques and proactive response strategies from CISOs.

Third-party risk: 3 actions security leaders should take to safeguard their business

Supply chain attacks are a growing concern, and one that can feel beyond your organization’s control. In this article, we’ll unpack the critical considerations for managing third-party relationships, from evaluating vendor security to mitigating threats across the supply chain.

What's next

Addressing the growing threat of ransomware

Druva CTO Stephen Manley shares a proactive, three-pronged approach to combat ransomware, emphasizing integrated recovery plans, rigorous testing, and prioritizing critical data, while highlighting the importance of employee education to counter evolving threats.

Balancing AI innovation and security

In the era of AI, how can CISOs enable innovation without compromising security? In this article, explore how CISOs can fast-track safe AI projects, avoid hype, and navigate the risks of emerging tools.

Raising the bar for our industry

Security and sustainability through people, processes, and technology

Securing critical infrastructure enables sustainable business practices and respect for human rights like privacy. Okta supports our B2B customers in securing their critical infrastructure. Effective identity management and ESG programs include aligning people, processes, and technology for a unified approach to security risk management.

Okta for Good Technical Services for Nonprofits

This new service expands our technical services offerings to nonprofits. This includes the Okta Quick Launch Guide, curated by the Okta for Good team for nonprofits & other organizations with few technical resources. This on demand resource includes content from Okta Learning.

New pro bono partner implementation services for Nonprofits through our partners Cloudworks and BeyondID

Many nonprofits operate with small IT teams with limited skillsets. Nonprofits need more than a product donation to be secure—they need technical implementation support. This ensures the product is set up according to best practices. This new program expands our support offerings to customers in EMEA and beyond through partners.

$19.5M committed with Okta for Good

Okta for Good (O4G) has committed $19.5M towards its $50M philanthropy commitment to advance digital transformation for the nonprofit sector.

Hardening our corporate infrastructure

What we recently delivered

Okta Threat Intelligence

Okta now publishes threat advisories on the latest identity-based attacks we have observed at security.okta.com — these observations are available exclusively for the security contacts of Okta customers. Read on for more on how to access these resources.

Threat Research: The Secrets Agentic AI Leaves Behind

Okta Threat Intelligence published a preliminary analysis of authentication methods used for agentic AI access to protected applications.

Auth0 Detection Library

Okta has published a library of common detections for suspicious activity in an Auth0 tenant to the open source community.

What's next

CheckMate for Auth0

Okta is releasing a free utility for Auth0 customers that assesses the configuration of their Auth0 tenant against security best practices.

New notification type: Suspected Targeted Threat Actor Activity Notification

Okta will expand the range of suspicious activity notifications sent to customers based on an expanding set of intelligence priorities.

Secure Sign-in Trends 2025

Okta will share our third annual Secure Sign-in Trends report. This report summarizes an anonymized study on user adoption of various sign-in methods to access Okta-protected resources in the workforce.

Hear from CEO Todd McKinnon

*Based on internal reporting from February 1 through July 31, 2025