Security Features

Protect your workforce and customers with a variety of robust security features.
Download the technical whitepaper
Try Okta for free
Okta ThreatInsight

ThreatInsight

Log and block authentication attempts from suspicious IP addresses.

ThreatInsight uses attack data from across our network to identify and block malicious login attempts.

Okta detects threats prior to authentication evaluation. Requests that Okta ThreatInsight blocks prevent user lockouts from suspicious IP addresses. Configure Okta ThreatInsight to detect suspicious IP addresses from credential-based attacks.

When Okta ThreatInsight actions are enabled, end users may sign in to their org as usual. If Okta detects a sign-in attempt from a malicious IP address and authentication requests are set to be blocked, the user receives an HTTP 403 error.

Passwordless authentication

Delight and secure users with passwordless authentication.

With passwordless authentication, you can reduce or even eliminate a majority of password-based attacks, including phishing and credential stuffing.

Get a variety of passwordless options for every use case:

  • Applicable for Workforce and Customer Identity
    • Email-based magic link
    • Factor sequencing
    • WebAuthn
  • Applicable for Workforce
    • PIV/Smart-Card (x509 based)
    • Passwordless with Device Trust
    • Desktop single sign-on
Learn more

Biometric authentication

Add modern biometric security to your passwordless authentication flows for employees and consumers.

Okta supports biometrics authentication via FIDO2.0, delivering standards-based support via technologies like Windows Hello, TouchID, FaceID, and more. 

Additionally, Okta can integrate with third-party technologies that support biometrics through SAML and OIDC integrations.

Learn more

Okta Verify

Enable Okta Verify (with push when available) to enable your end users to authenticate with a strong MFA factor.

Okta Verify is an MFA factor and authenticator app you can use to confirm a user's identity when they sign in to their Okta account. 

After an end user installs the app on their primary device, they can verify their identity by approving a push notification or by entering a one-time code. When a user signs in to their organisation or service, the Okta Verify app prompts them to verify their identity.

Learn more

Context-based authentication

Make intelligent access decisions while reducing friction for end users.

Layer contextual access policies on top of the factor of your choice. Combine a range of contextual data signals to assess risk, including user, network, device, and location. 

And, ultimately, ease your users’ pain points by reducing the frequency of MFA prompts.

How you can use context-based authentication:

  • Prompt for MFA on initial login to Okta, but not per-app
  • No MFA when a user logs in on a managed or known device
  • Prompt for a stronger factor (WebAuthn/FIDO2.0) on logins from new devices
  • Reduce account lockout by blocking access from suspicious IP addresses, while still allowing legitimate users to login

Risk-based authentication

Make risk assessment easy.

Okta assigns a risk level to each Okta sign-in using models that use contextual information about the sign-in as well as historical information about the user. Admins can configure a sign-in policy rule to take different actions based on the risk level of the sign-in. For example, they can prompt for MFA if the login is high risk.

How does the risk scoring work?

Okta uses a risk engine that determines the likelihood of an anomalous sign-in event.

The risk engine is comprised of two parts:

  • Heuristics
    • Define policies to address any risk scenarios
    • Pair risk level with the appropriate access decision—allow/deny, prompt for MFA, passwordless authentication 
  • AI engine 
    • Feed any context into Okta’s machine learning models to accurately identify and remediate risk at scale 
Learn more

Devices

Okta devices enable seamless management of user devices and secure authentication across devices or channels.

Learn more

Devices

Okta devices enable seamless management of user devices and secure authentication across devices or channels.

Learn more

Devices API

Bind user and device identity in Okta’s universal directory and store a user’s known devices. The Devices API enables authentication across devices using a trusted/registered device, allows admins and users to manage devices.

Devices SDK

 

Leverage Okta devices SDK to automatically register a user’s devices, Whitelabel Okta Verify Push with biometrics(FaceID etc), and enable passwordless authentication across devices and channels using a trusted device. 

HealthInsight

Get personalised, easy-to-implement security advice.

Use Okta HealthInsight to audit your organisation’s security settings and get recommendations to improve your security posture.

Okta Health Insight