Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against identity-based attacks, alongside empowering our customers and the industry to identify and mitigate emerging threats.
Market leading identity products & services
We relentlessly invest in keeping our products hardened and secure. After all, the world’s most trusted brands trust Okta for the strength of security within our platform.
We recognize that our security posture is your security posture, so we continue to innovate and further strengthen our product and services to deliver market leading protection.
Harden our corporate infrastructure
We treat all of our internal technology, people, and processes with the same cyber threat profile as our customer-facing environment.
We are accelerating our investments to further harden our ancillary (production-adjacent) and corporate systems.
Champion customer best practices
Misconfigured identity is just another entry point for a bad actor or negligent insider. With 16 years experience and nearly 20k customers, we have the unique expertise to ensure our customers have the right identity configuration.
To make sure our customers benefit from our depth of experience, we are further strengthening our customer policies. We are committed to ensuring our products are deployed with Okta’s security best practices.
Elevate our industry
Identity has become the primary enterprise security entry point for all workforce and consumer apps.
The volume and complexity of attacks against entities large and small continues to accelerate.
Detecting and protecting against these attacks is a mission-critical requirement. Organizations need a neutral and independent identity provider. As the only vendor recognized as a leader in every Gartner® Magic Quadrant™, Okta has a responsibility to lead the way.
We're already helping secure nearly 20,000 customers
And we're continually evolving in the fight against identity-based attacks.
attacks (credential stuffing, malicious bots) denied over a 30-day period*
malicious (or risky) access attempts blocked over a 30-day period*
operational uptime delivered globally to support seamless access
logins secured with 24x7 support and 16+ years of identity expertise
Investing in market-leading products and services
What we recently delivered
Okta for AI agents
Bring AI agents into your identity security fabric. Discover and identify risky agents with ISPM, control and manage access with Universal Directory, and automate governance with access certifications to enforce security policies and manage the end-to-end lifecycle.
Cross-App Access
Enable trusted connections between apps and AI agents. Shift access control and consent decisions from the user to the identity provider, allowing enterprise IT to decide which apps are connecting — and see exactly what’s being accessed.
Auth0 for AI Agents
Empower developers to build AI agents that are secure by design. Identify human users with User Authentication, enforce zero standing privileges with Token Vault, secure data access with FGA for RAG and establish guardrails for sensitive actions with Async auth.
Enhanced Bot Detection Accuracy
Detect automated attacks like fake signups and credential stuffing using 60+ risk signals, ML-powered detection models, and respond with user-friendly challenges like Auth Challenge.
Hardening our corporate infrastructure
What we recently delivered
Okta Threat Intelligence
Okta now publishes threat advisories on the latest identity-based attacks we have observed at security.okta.com — these observations are available exclusively for the security contacts of Okta customers. Read on for more on how to access these resources.
Threat Research: The Secrets Agentic AI Leaves Behind
Okta Threat Intelligence published a preliminary analysis of authentication methods used for agentic AI access to protected applications.
Auth0 Detection Library
Okta has published a library of common detections for suspicious activity in an Auth0 tenant to the open source community.
Championing customer best practices
What we recently delivered
From phishing to AI agents: Solving the authorization crisis
Webster Bank’s CISO, Patricia Voight, joins Okta to discuss the authorization crisis with a focus on data exfiltration resulting from consent phishing, and how Okta’s Cross-App Access and Fastpass can solve the fundamental authorization problem.
Why attackers keep winning with consent phishing
Explore how sophisticated social engineering attacks are tricking users into authorizing attacker-controlled OAuth applications. In this piece, we emphasize the importance of adopting Cross-App Access to secure agent-to-app and app-to-app connections.
Threat actors: “Please do not use Okta FastPass”
Okta’s VP of Threat Intelligence, Brett Winterford, highlights evolving social engineering tactics that attempt to evade security measures companies have in place. He emphasizes organizations must not only adopt phishing-resistant authenticators, but also enforce phishing resistance in policy.
Third-party risk: 3 actions security leaders should take to safeguard their business
Supply chain attacks are a growing concern, and one that can feel beyond your organization’s control. In this article, we’ll unpack the critical considerations for managing third-party relationships, from evaluating vendor security to mitigating threats across the supply chain.
Sophisticated deception: Thoughtworks CISO Nitin Raina on a new era of social engineering attacks
Thoughtworks’ CISO Nitin Raina warns that cybercriminals are increasingly using AI to orchestrate highly convincing, context-aware phishing and social engineering campaigns. He stresses that this fast-moving threat requires new detection techniques and proactive response strategies from CISOs.
The ‘superuser’ blind spot: Why AI agents demand dedicated identity security
Okta’s CPO Arnab Bose highlights how AI agents can accumulate high-level access — effectively becoming hidden “superusers” — and why they require their own identity policies and controls. The article urges organizations to treat AI agents with the same rigor as human identities to close this critical security gap.
Raising the bar for our industry
Security and sustainability through people, processes, and technology
Securing critical infrastructure enables sustainable business practices and respect for human rights like privacy. Okta supports our B2B customers in securing their critical infrastructure. Effective identity management and ESG programs include aligning people, processes, and technology for a unified approach to security risk management.
Okta for Good Technical Services for Nonprofits
This new service expands our technical services offerings to nonprofits. This includes the Okta Quick Launch Guide, curated by the Okta for Good team for nonprofits & other organizations with few technical resources. This on demand resource includes content from Okta Learning.
New pro bono partner implementation services for Nonprofits through our partners Cloudworks and BeyondID
Many nonprofits operate with small IT teams with limited skillsets. Nonprofits need more than a product donation to be secure—they need technical implementation support. This ensures the product is set up according to best practices. This new program expands our support offerings to customers in EMEA and beyond through partners.
$21.3M committed with Okta for Good
Okta for Good (O4G) has committed $21.3M towards its $50M philanthropy commitment to advance digital transformation for the nonprofit sector.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.