Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We relentlessly invest in keeping our products hardened and secure while also delivering new ones that protect our customers. At the same time, we consistently invest in services such as 24/7 global support and 99.99% operational uptime.
Hardening our corporate infrastructure
The cyber-threat profile that we use for our customer-facing environment is the same for our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay a step ahead of threats.
Championing customer best practices
Misconfigured Identity is just another entry point for a bad actor or negligent insider. With 15 years experience and 18,000+ customers, we have the unique expertise to help ensure our customers have the right Identity configuration. We are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.
Raising the bar for our industry
Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We are accelerating our own capabilities and embracing new technology such as AI. And with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
We're already securing more than 18,000 customers
And we're continually evolving in the fight against Identity-based attacks.
2 billion
potentially malicious access requests denied over a 30-day period*
90%
reduction in credential stuffing attempts over a 90-day period†
>800M
unique monthly users protected by Okta**
Investing in market-leading products and services
What we recently delivered
Privileged Access
Okta Privileged Access helps customers reduce risk and implement zero standing privileges.
Superior Identity-risk visibility
The Spera acquisition advances Identity-powered security to help organizations reduce risk and drive down fragmented enterprise IT costs.
Higher standard of access for admins
Protected actions in the Admin Console, which provide an additional layer of security that prompts admins for authentication when they perform protected actions.
What's next
Enhanced Bot Detection
Introduce an added layer of bot detection and protection using third-party scores and edge-based component signals.
Strengthen the default CAPTCHA
By default, events that trigger a CAPTCHA in Okta Customer Identity Cloud, powered by Auth0, will result in challenges with complexity proportional to the observed risk.
Extend session management control and enhance token security
Provide full programmatic control of sessions to empower customers to build their own session control dashboards to tailor the user’s experience.
Hardening our corporate infrastructure
What we recently delivered
Enterprise Chrome
Removed all personal Chrome profiles and data from corporate devices.
Stronger service account security
Increased monitoring and detection on all service accounts.
Enhanced internal monitoring
Hardened source code management and database monitoring.
What's next
Automate discovery and reporting of M2M service accounts in SaaS applications
We will implement a tool that provides visibility into local service accounts created within SaaS applications, improving the ability to manage and rotate the secrets used for authentication.
Standardized and centralized reporting for security risk management
We will deploy a single vendor solution to centralize risk and issue management related to our governance, risk and compliance program, including third-party risk management.
Enhanced detection and response capabilities
We will deploy solutions to enhance our detection and response capabilities, including a new security incident case management tool, a new threat intelligence platform, and additional dark web monitoring capabilities.
Championing customer best practices
What we recently delivered
Okta Expert Assist
We launched Expert Assist to help customers boost security and configuration with Okta security expertise.
MFA enrollments and self-serve
We are focused on providing visibility for customers into all MFA enrollments (admins + users) and providing the ability to self-serve enroll.
Awareness and training
We are reinforcing phishing awareness and training, and strongly recommending customers deploy Okta Adaptive Multifactor and FastPass as a phishing resistant authentication method.
Identity security checklist
We help protect your organization by providing a checklist of the most critical questions to become more resilient against Identity threats.
What's next
Expand in-product best practice guides
We will provide additional in-product guides to help customers with best practices for protecting their Okta tenants.
Raising the bar for our industry
Nethope’s Global Humanitarian Information Sharing & Analysis Center (ISAC) launched as a public-private partnership between Nethope, USAID and Okta to help global humanitarian NGOs respond to growing cyber threats.
In partnership with the UC Berkeley Center for Long-term Cybersecurity and the World Economic Forum’s Centre for Cybersecurity, Okta has funded Cybersecurity Futures 2030 to identify emerging cybersecurity trends and risks.
Cybersecurity Workforce Development Initiative offers new philanthropic and educational grants to advance inclusive pathways into tech and cyber industries, and help close skills gaps in the industry.
The State of Secure Identity Report explores today’s most common attack patterns and the broad trends that are shaping tomorrow’s threat landscape.
We’re committed to sharing results
Check back here for quarterly updates to learn what we’ve done, what’s next, along with Okta’s commitment.
Explore more resources
Hear from CEO Todd McKinnon
Okta CEO and Co-Founder Todd McKinnon announces the launch of the Okta Secure Identity Commitment and shares his vision for the future of Identity and security.
*Based on internal reporting over the period of December 5, 2023 to January 4, 2024
**Based on Okta on internal reporting from February 2024
†Based on internal reporting of anonymized data from Enterprise Customers over the period of October 5, 2023 to January 4, 2024