Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against identity-based attacks, alongside empowering our customers and the industry to identify and mitigate emerging threats.
Market leading identity products & services
We relentlessly invest in keeping our products hardened and secure. After all, the world’s most trusted brands trust on Okta for the strength of security within our platform.
We recognize that our security posture is your security posture, so we continue to innovate and further strengthen our product and services to deliver market leading protection.
Harden our corporate infrastructure
We treat all of our internal technology, people, and processes with the same cyber threat profile as our customer-facing environment.
We are accelerating our investments to further harden our the ancillary (production-adjacent) and corporate systems.
Champion customer best practices
Misconfigured identity is just another entry point for a bad actor or negligent insider. With 16 years experience and nearly 20k customers, we have the unique expertise to ensure our customers have the right identity configuration.
To make sure our customers benefit from our depth of experience, we are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.
Elevate our industry
Identity has become the primary enterprise security entry point for all workforce and consumer apps.
The volume and complexity of attacks against entities large and small continues to accelerate.
Detecting and protecting against these attacks is a mission-critical requirement. Organizations need a neutral, and independent identity provider. As the only vendor recognized as a leader in every Gartner® Magic Quadrant™ Okta has a responsibility to lead the way.
We're already helping secure nearly 20,000 customers
And we're continually evolving in the fight against identity-based attacks.
attacks (credential stuffing, malicious bots) denied over a 30-day period*
malicious (or risky) access attempts blocked over a 30-day period*
operational uptime delivered globally to support seamless access
logins secured with 24x7 support and 16+ years of identity expertise
Investing in market-leading products and services
What we recently delivered
Secure Identity Integrations
Deploy powerful protection in minutes across your most business critical SaaS apps, like Google Workspace, Microsoft 365, and Salesforce.
Protecting Non-Human Identities
Eliminate standing privileges for privileged accounts by combining Okta Privileged Access with Identity Security Posture Management.
Separation of Duties
Help ensure that users don’t accumulate conflicting access permissions that could introduce security risks or compliance violations.
On Prem Connector
Integrate on-premises apps with Okta Identity Governance, enabling the discovery, visibility, and management of fine-grained application entitlements within Okta.
What’s next
Advanced Customization for Universal Login
Customize the sign-up and sign-in experience across every app, device, and digital journey, and leverage application and user information to deliver the best user experience.
Cascading of the Single Logout Request to External IdP
Automatically log users out of external identity providers when they log out of an Okta-connected application configured for Single Logout, improving security for shared devices.
Universal Logout for Okta Customer Identity Apps
An out-of-the box solution that automatically logs users out without having to build anything additional thus improving security and user experience.
Championing customer best practices
What we recently delivered
The Okta Security Detection Catalog
This repository contains a collection of detection rules for security monitoring and detailed descriptions of log fields used for threat analysis within Okta environments.
Businesses at Work 2025 Report
The past decade has seen dramatic changes in the business landscape, including more sophisticated cyber threats, the rise of distributed work, and smartphone saturation. Our Businesses at Work report has tracked how workforces have adapted and the new tools they’ve adopted. Learn more about the key trends and highlights.
How AI services power the DPRK’s IT contracting scams
Learn how generative AI tools have been used by North Korean nationals to gain employment in remote technical roles around the globe, observations from the Okta Threat Intelligence team, and what mitigating controls we recommend.
How to measure the success of your security program
Tracking the right metrics is key to demonstrating ROI, getting buy-in, and securing resources. In this article, CISOs share how to measure the success of your security program with practical qualitative and quantitative metrics that demonstrate value to your organization.
The hidden threat in your stack: Why non-human identity management is the next cybersecurity frontier
NHIs are on the rise, and so are their risks. This article examines three challenges CISOs face—from gaining visibility to prioritizing risks—and how they’re managing them.
From vulnerabilities to vendor trust: How CISOs build cyber resilience
Business resilience has become a primary driver of security strategies across industries. In this article, CISOs share tactics to boost cyber resilience, strengthen disaster recovery plans, and reinforce trust in mission-critical vendors to the board.
What's next
The future of identity in an AI-driven world
Explore how the rise of AI agents and generative AI is reshaping the identity landscape, from introducing new and advanced threats to automating threat detection. To mitigate risks, security leaders will need to focus on securing machine-to-machine interactions and managing the explosion of non-human identities.
Third-party risk: 3 things security leaders need to know
Supply chain attacks are a growing concern, and one that can feel beyond your organization’s control. In this article, we’ll unpack the critical considerations for managing third-party relationships, from evaluating vendor security to mitigating threats across the supply chain.
Raising the bar for our industry
Okta’s Secure by Design Pledge - One Year On
Our latest post highlights one year's worth of progress on Okta's commitment to the CISA Secure by Design Pledge, including detailed updates across various themes such as MFA, vulnerabilities, and more. We've delivered richer system log data to help detect threats faster and made secure defaults the norm across our products.
Okta for Good 2025 Impact Report
For nearly a decade, Okta for Good has addressed critical societal issues that align with our business, including strengthening nonprofit cybersecurity, investing in the next generation of cyber talent, and advancing climate action. In this report, Okta shares updates, successes, and learnings from the first year of our $50M philanthropy commitment, of which we have committed $16M so far.
How Responsible Disclosures are Shaping a Safer Cyberspace
Okta supports and actively participates in responsible disclosure practices, including a Bug Bounty program contributing to a safer online community by reducing the number of active vulnerabilities that could be exploited by threat actors. Learn about the industry benefits of responsible disclosures, which continue to grow for software vendors and technology users alike.
Introducing the Okta Security Technical Implementation Guide (STIG)
Following our partnership with The Defense Information Systems Agency (DISA) is the release of the new Okta Identity as a Service Security Technical Implementation Guide (STIG). Learn about the new STIG guidance with an important call to action for our customers in our ongoing pursuit—to free everyone to safely use any technology.
Hardening our corporate infrastructure
What we recently delivered
Additional detections on production changes
Okta’s enhanced detections on code changes in production will assist in prohibiting unauthorized modifications and/or potentially malicious insertions.
Vulnerability management automation
By automating vulnerability management, Okta can continuously identify, prioritize, and remediate security risks without manual effort.
Expanded log collection for SaaS Apps
An enhanced data footprint will streamline Okta’s troubleshooting and root-cause analysis while bolstering security monitoring and compliance efforts.
What's next
Automated SaaS security posture management for P0 critical systems
Minimize IT attack surface across Okta’s corporate SaaS systems by proactively identifying and remediating misconfigurations, excessive permissions, and compliance drifts.
Secret scanning for P0 data-sensitive SaaS systems
Reduce the likelihood of accidental or malicious exposure of sensitive credentials shared on Okta’s critical SaaS environment.
ISPM rolled out for cross-functional cloud platforms
Granular visibility and control over user privileges, access policies, and authentication protocols across Okta’s enterprise cloud infrastructure and SaaS systems to enable proactive detection and remediation of identity-related vulnerabilities such as privilege creep and shadow admins.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.