Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against Identity attacks.
We’re committed to taking action
Learn the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We relentlessly invest in keeping our products hardened and secure while also delivering new ones that protect our customers. At the same time, we consistently invest in services such as 24/7 global support and 99.99% operational uptime.
Hardening our corporate infrastructure
The cyber-threat profile that we use for our customer-facing environment is the same for our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay a step ahead of threats.
Championing customer best practices
Misconfigured Identity is just another entry point for a bad actor or negligent insider. With 15 years experience and 18,000+ customers, we have the unique expertise to help ensure our customers have the right Identity configuration. We are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.
Raising the bar for our industry
Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We are accelerating our own capabilities and embracing new technology such as AI. And with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
We're already securing more than 18,000 customers
And we're continually evolving in the fight against Identity-based attacks.
2 billion
potentially malicious access requests denied over a 30-day period*
90%
reduction in credential stuffing attempts over a 90-day period†
>800M
unique monthly users protected by Okta**
Investing in market-leading products and services
What we recently delivered
Identity Threat Protection with Okta AI
Enhance your identity's resilience by continuously assessing risks, and leveraging integrated signals from first-party and third-party partners to proactively counter emerging threats from any origin post-authentication.
Deliver zero standing privileges for your Okta administrator privileges with time-bound, ad-hoc access requests for individuals, and access reviews for existing administrators.
Fourth-generation Bot Detection with Okta AI
Unlock the latest version of our Bot Detection which incorporates third-party risk signals into fine tuned models designed to combat fraudulent registrations.
What's next
Identity Security Posture Management
Proactively reduce your Identity attack surface by identifying and prioritizing risks like excessive permissions, misconfigurations, and MFA gaps across your Identity infrastructure, cloud, and SaaS apps.
Customer-Managed Keys
Provide customers with the ability to securely replace and manage their tenant's top-level encryption keys, including BYOK (Bring Your Own Keys) and CYOK (Control Your Own Keys).
Session Management API Extensibility
Define custom behaviors based on risk signals to revoke suspicious sessions, and set policies to detect and respond to hacking by leveraging the Session Management API with our Actions Extensibility platform.
Championing customer best practices
What we recently delivered
Okta Expert Assist
We launched Expert Assist to help customers boost security and configuration with Okta security expertise.
MFA enrollments and self-serve
We are focused on providing visibility for customers into all MFA enrollments (admins + users) and providing the ability to self-serve enroll.
Awareness and training
We are reinforcing phishing awareness and training, and strongly recommending customers deploy Okta Adaptive Multifactor and FastPass as a phishing resistant authentication method.
What's next
Expand in-product best practice guides
We will provide additional in-product guides to help customers with best practices for protecting their Okta tenants.
Raising the bar for our industry
Nethope’s Global Humanitarian Information Sharing & Analysis Center (ISAC) launched as a public-private partnership between Nethope, USAID and Okta to help global humanitarian NGOs respond to growing cyber threats.
In partnership with the UC Berkeley Center for Long-term Cybersecurity and the World Economic Forum’s Centre for Cybersecurity, Okta has funded Cybersecurity Futures 2030 to identify emerging cybersecurity trends and risks.
Cybersecurity Workforce Development Initiative offers new philanthropic and educational grants to advance inclusive pathways into tech and cyber industries, and help close skills gaps in the industry.
The State of Secure Identity Report explores today’s most common attack patterns and the broad trends that are shaping tomorrow’s threat landscape.
Hardening our corporate infrastructure
What we recently delivered
Extended phishing resistance for new employees
We’ve long deployed Okta FastPass for Phishing resistant MFA; we have recently implemented phishing resistance via Yubikeys for all new employees — for whom the whole employee lifecycle, from onboarding to recovery, is 100% passwordless.
Standardized and centralized reporting for security risk management
We deployed a single-vendor solution to centralize risk and issue management related to our governance, risk and compliance program, including third-party risk management.
New threat intelligence platform
Our new platform will enable automation and correlation of threat intelligence to enhance our threat detection and response capabilities.
What's next
Extend phishing resistance for all existing employees
We will extend phishing resistance via Yubikeys across all existing employees.
Automate discovery and reporting of M2M service accounts in SaaS applications
We will implement a tool that provides visibility into local service accounts created within SaaS applications, improving our ability to manage and rotate the secrets used for authentication.
Enhanced scanning of open source software (OSS)
To improve security hygiene, all security libraries will be scanned against supply chain attacks.
We’re committed to sharing results
Check back here for quarterly updates to learn what we’ve done, what’s next, along with Okta’s commitment.
Explore more resources
Hear from CEO Todd McKinnon
Okta CEO and Co-Founder Todd McKinnon announces the launch of the Okta Secure Identity Commitment and shares his vision for the future of Identity and security.
*Based on internal reporting over the period of December 5, 2023 to January 4, 2024
**Based on Okta on internal reporting from February 2024
†Based on internal reporting of anonymized data from Enterprise Customers over the period of October 5, 2023 to January 4, 2024