Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We relentlessly invest in keeping our products hardened and secure while also delivering new ones that protect our customers. At the same time, we consistently invest in services such as 24/7 global support and 99.99% operational uptime.
Hardening our corporate infrastructure
The cyber-threat profile that we use for our customer-facing environment is the same for our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay a step ahead of threats.
Championing customer best practices
Misconfigured Identity is just another entry point for a bad actor or negligent insider. With 15 years experience and 18,000+ customers, we have the unique expertise to help ensure our customers have the right Identity configuration. We are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.
Raising the bar for our industry
Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We are accelerating our own capabilities and embracing new technology such as AI. And with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
We're already securing more than 18,000 customers
And we're continually evolving in the fight against Identity-based attacks.
2 billion
potentially malicious access requests denied over a 30-day period*
90%
reduction in credential stuffing attempts over a 90-day period†
>800M
unique monthly users protected by Okta**
Investing in market-leading products and services
What we recently delivered
Identity Threat Protection with Okta AI
Enhance your identity's resilience by continuously assessing risks, and leveraging integrated signals from first-party and third-party partners to proactively counter emerging threats from any origin post-authentication.
Deliver zero standing privileges for your Okta administrator privileges with time-bound, ad-hoc access requests for individuals, and access reviews for existing administrators.
Fourth-generation Bot Detection with Okta AI
Unlock the latest version of our Bot Detection which incorporates third-party risk signals into fine tuned models designed to combat fraudulent registrations.
What's next
Identity Security Posture Management
Proactively reduce your Identity attack surface by identifying and prioritizing risks like excessive permissions, misconfigurations, and MFA gaps across your Identity infrastructure, cloud, and SaaS apps.
Customer-Managed Keys
Provide customers with the ability to securely replace and manage their tenant's top-level encryption keys, including BYOK (Bring Your Own Keys) and CYOK (Control Your Own Keys).
Session Management API Extensibility
Define custom behaviors based on risk signals to revoke suspicious sessions, and set policies to detect and respond to hacking by leveraging the Session Management API with our Actions Extensibility platform.
Championing customer best practices
What we recently delivered
Actions Template Implementation Guides
Get secure templates to start extending the Customer Identity Cloud to meet your unique needs.
Protect Administrative Sessions in Okta Workforce Identity Cloud
Learn recommended configurations to reduce the attack surface, prevent account takeovers, and limit the blast radius of stolen sessions.
Customer Identity Cloud Enhancements to Prevent Account Takeover
Read the blog to learn how you can leverage new features to bolster defenses against ATOs.
What's next
Identity Threat Level assessment
Unlock valuable insights into your industry's identity threat level with Okta's new tool, leveraging real-time data on bot activity to compare your score against other industries, regions, and time frames.
Elevating our industry
Enabling Zero Trust through the Okta Security Identity Commitment
Learn how Okta security features support Identity-powered Zero Trust strategies, placing each in the context of a Zero Trust theme from the NIST Cybersecurity Framework.
The “How to Secure the SaaS Apps of the Future" blog
Secure modern SaaS apps against post-auth attacks by adopting advanced security with proof-of-possession, continuous access evaluation, and universal logout.
CISA’s Secure by Design pledge
Okta signed the CISA Secure by Design pledge, along with companies around the globe, showcases our industry’s commitment to take meaningful steps in adopting secure by design principles now.
Okta for Good has committed $3.1M
towards its $50M philanthropy commitment, including two (2) $1M, five-year commitments to long-time partners and known leaders advancing digital transformation for the nonprofit sector.
Hardening our corporate infrastructure
What we recently delivered
Extended phishing resistance for new employees
We’ve long deployed Okta FastPass for Phishing resistant MFA; we have recently implemented phishing resistance via Yubikeys for all new employees — for whom the whole employee lifecycle, from onboarding to recovery, is 100% passwordless.
Standardized and centralized reporting for security risk management
We deployed a single-vendor solution to centralize risk and issue management related to our governance, risk and compliance program, including third-party risk management.
New threat intelligence platform
Our new platform will enable automation and correlation of threat intelligence to enhance our threat detection and response capabilities.
What's next
Extend phishing resistance for all existing employees
We will extend phishing resistance via Yubikeys across all existing employees.
Automate discovery and reporting of M2M service accounts in SaaS applications
We will implement a tool that provides visibility into local service accounts created within SaaS applications, improving our ability to manage and rotate the secrets used for authentication.
Enhanced scanning of open source software (OSS)
To improve security hygiene, all security libraries will be scanned against supply chain attacks.
We’re committed to sharing results
Check back here for quarterly updates to learn what we’ve done, what’s next, along with Okta’s commitment.
Explore more resources
Hear from CEO Todd McKinnon
Okta CEO and Co-Founder Todd McKinnon announces the launch of the Okta Secure Identity Commitment and shares his vision for the future of Identity and security.
*Based on internal reporting over the period of December 5, 2023 to January 4, 2024
**Based on Okta on internal reporting from February 2024
†Based on internal reporting of anonymized data from Enterprise Customers over the period of October 5, 2023 to January 4, 2024