The InCountry Data Residency and AI Protection for Okta application allows organizations to securely store user identity profiles within designated countries by creating local digital twins, reducing cross-border data transfer risks. It supports cloaking and uncloaking of sensitive identity fields, such as email addresses and phone numbers, during registration, login, and authentication flows, including within JWT tokens. The solution enables standard identity operations such as localized MFA and authorization with localized data controls, and integrates transparently using standard identity protocols like OIDC, without requiring changes to existing Okta client applications.
Last updated: Apr. 15 2026
Functionality
Add this integration to enable authentication and provisioning capabilities.
Identity Security Posture Management helps to harden the identity attack surface proactively, by identifying vulnerabilities, prioritizing risks, and streamlining remediation.
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP) that does not require credentials to be passed to the service provider.
Secure Web Authentication is a Single Sign On (SSO) system developed by Okta to provide SSO for apps that don't support proprietary federated sign-on methods, SAML or OIDC.
OpenID Connect is an extension to the OAuth standard that provides for exchanging Authentication data between an identity provider (IdP) and a service provider (SP) and does not require credentials to be passed from the Identity Provider to the application.
Creates or links a user in the application when assigning the app to a user in Okta.
Okta updates a user's attributes in the app when the app is assigned. Future attribute changes made to the Okta user profile will automatically overwrite the corresponding attribute value in the app.
The application can be defined as the source of truth for a full user profile or as the source of truth for specific attributes on a user profile.
Deactivates a user's account in the app when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if the app is reassigned to a user in Okta.
Push either the users Okta password or a randomly generated password to the app. This feature is not required for all federated applications as user authentication takes place in Okta, however some apps still require a password.
Push existing Okta groups and their memberships to the application. Groups can then be managed in Okta and changes are reflected in the application.
Link Okta groups to existing groups in the application. Simplifies onboarding an app for Okta provisioning where the app already has groups configured.
Import the user attribute schema from the application and reflect it in the Okta app user profile. Allows Okta to use custom attributes you have configured in the application that were not included in the basic app schema.
When the application is used as a profile master it is possible to define specific attributes to be sourced from another location and written back to the app. For example the user profile may come from Active Directory with phone number sourced from another app and written back to Active Directory.
We use cookies and similar technologies to improve your experience and to understand our marketing efforts. We may share data with ad partners. Opt out of this sharing via cookie settings or by configuring the GPC signal for this browser. To learn more, visit our Privacy Policy
Preference Center
We use cookies and similar technologies for various purposes, including ensuring that you get the best experience on our website, to help us understand our marketing efforts, and to reach potential customers across the web. Because we respect your right to privacy, you can choose not to allow some of these technologies which are not strictly necessary. Click on the different category headings to find out more and change our default settings. Please note that blocking certain technologies may impact your experience of the site and the services we are able to offer.
See more information in our
Privacy Policy
Manage Consent Preferences
Strictly Necessary
Always Active
These technologies are necessary for the website to function and cannot be switched off. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these technologies, but some parts of the site will not then work. These technologies do not store any personal data.
Functional
These technologies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these technologies then some or all of these services may not function properly.
Performance
These technologies allow us to count visits and understand traffic sources so we can measure and improve the performance of our site. For example, they help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these technologies, your activities on our website will not contribute to our website performance reporting.
Share Or Sale of Personal Data
These technologies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising. To opt out of email-based sharing, please visit: https://www.okta.com/your-privacy-choices/
Marketing
label
These technologies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
