Okta + Data Residency

How and where to use the Okta Identity Platform for your data residency requirements.

The world's most trusted brands build with Okta.

In today’s complex cloud computing environment, organizations have legitimate concerns about the ever-changing landscape of data privacy laws. Not only are customers subject to an increasing number of requirements around protecting personal data, but many customers are subject to requirements and increased concerns around where data is stored. At Okta, it is our mission is to stay ahead of the curve of privacy law developments and partner with our customers to support their data residency challenges as they grow their digital footprint. We want to provide full transparency into how we process customer data and how we can help organizations meet their compliance requirements related to data residency.

Schrems II, GDPR, and CCPA are just some examples of regulations that have changed the landscape over the last decade. As regulations are continuously added and evolving throughout different countries, organizations need to make investments that serve as a foundation for future growth worldwide. Learn more about Okta’s industry standard certifications to help meet regulatory requirements.

Data residency refers to the actual geographic location where your organization’s content is stored.

Organizations may be required to meet various requirements pursuant to data privacy regulations, particularly those in regulated industries. To support customers with data residency needs, Okta has created cell architecture that allows customers to purchase local cells in which to store customer data.

Okta is built on the industry’s most reliable, secure, and scalable platform worldwide to support our customers with their data residency requirements, Okta will host Customer Data in data centers selected by Customer. Okta has cells located throughout the US, EMEA, Japan, and Australia (for both primary and failover capabilities). For future locations, please see our roadmap.

Okta utilizes Sub-processors to assist Okta in providing its services to its customers. The locations in which Okta’s processing occurs are described in the “Sub-processor Information” document that is part of our Trust & Compliance documentation. The location of processing will sometimes vary depending on the applicable Service and cell that the Customer selects. Additional information about our assurances to customers are available in our Master Subscription Agreement, Data Processing Addendum, and in our Trust and Compliance Documentation.

Okta is built on secure, safe connections between people and technology – not monetizing customer data. We do not sell customer data – any and all data uploaded into the Okta service by or on behalf of a customer – and we never will.

At Okta, securing our customer's data is our top priority. We carry out stringent organizational measures to ensure our customer's data is protected. Our certifications and authorizations meet the highest industry standards, complying with FedRAMP, NIST 800-53, HIPAA, ISO 27001/27017, and GDPR requirements. We encourage you to learn more about Okta’s security practices by reviewing our Okta Security Technical Whitepaper and view Okta’s service certifications here.