Okta Secure Identity Commitment
The Okta Secure Identity Commitment is our long-term commitment to lead the industry in the fight against identity attacks.
We’re committed to taking action
Learn about the definitive steps we’re taking to fight against Identity-based attacks, alongside empowering our customers and the industry to identify and mitigate emerging threats.
Investing in market-leading products and services
We invest in keeping our products hardened and secure while delivering new solutions that protect our customers. We also consistently invest in services, including 24/7 global support and 99.99% operational uptime.
Hardening our corporate infrastructure
The cyber-threat profile we use for our customer-facing environment is similar to that of our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay ahead of threats.
Championing customer best practices
Human error and talent shortages are expected to cause over half of major cyber incidents by 2025. With more than 20,000 customers and 16+ years of experience, we help ensure proper identity configurations and support our ecosystem through Okta Learning – featuring 200+ public security courses and certifications.
Elevating our industry
Okta has a responsibility to lead the industry in the fight against identity-based attacks. We’re accelerating our capabilities and embracing new technology, such as AI. Additionally, with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.
We're already helping secure nearly 20,000 customers
And we're continually evolving in the fight against identity-based attacks.
attacks (credential stuffing, malicious bots) denied over a 30-day period*
malicious (or risky) access attempts blocked over a 30-day period*
Investing in market-leading products and services
What we recently delivered
Secure Partner Access
Enable business partners to securely and seamlessly access shared resources without requiring significant development, customization, and management tasks from IT.
Protecting Non-Human Identities
Eliminate standing privileges for privileged accounts by combining Okta Privileged Access with Identity Security Posture Management.
Separation of Duties
Help ensure that users don’t accumulate conflicting access permissions that could introduce security risks or compliance violations.
On Prem Connector
Integrate on-premises apps with Okta Identity Governance, enabling the discovery, visibility, and management of fine-grained application entitlements within Okta.
What’s next
Advanced Customization for Universal Login
Customize the sign-up and sign-in experience across every app, device, and digital journey, and leverage application and user information to deliver the best user experience.
Cascading of the Single Logout Request to External IdP
Automatically log users out of external identity providers when they log out of an Okta-connected application configured for Single Logout, improving security for shared devices.
Universal Logout for Okta Customer Identity Apps
An out-of-the box solution that automatically logs users out without having to build anything additional thus improving security and user experience.
Championing customer best practices
What we recently delivered
The Okta Security Detection Catalog
This repository contains a collection of detection rules for security monitoring and detailed descriptions of log fields used for threat analysis within Okta environments.
Businesses at Work 2025 Report
The past decade has seen dramatic changes in the business landscape, including more sophisticated cyber threats, the rise of distributed work, and smartphone saturation. Our Businesses at Work report has tracked how workforces have adapted and the new tools they’ve adopted. Learn more about the key trends and highlights.
Five predictions for Identity-centric attacks in 2025
Explore the evolving landscape of Identity-based cyberattacks, including emerging threats like advanced phishing kits, a resurgence of device-based attacks, and exploitation of business processes through social engineering.
How to measure the success of your security program
Tracking the right metrics is key to demonstrating ROI, getting buy-in, and securing resources. In this article, CISOs share how to measure the success of your security program with practical qualitative and quantitative metrics that demonstrate value to your organization.
The hidden threat in your stack: Why non-human identity management is the next cybersecurity frontier
NHIs are on the rise, and so are their risks. This article examines three challenges CISOs face—from gaining visibility to prioritizing risks—and how they’re managing them.
From vulnerabilities to vendor trust: How CISOs build cyber resilience
Business resilience has become a primary driver of security strategies across industries. In this article, CISOs share tactics to boost cyber resilience, strengthen disaster recovery plans, and reinforce trust in mission-critical vendors to the board.
What's next
How to measure the success of your security program
Tracking the right metrics is key to demonstrating ROI, getting buy-in, and securing resources. We will provide CISO insights on how to measure the success of your security program with practical qualitative and quantitative metrics that demonstrate value to your organization.
Strategies to improve cyber resilience
Since the CrowdStrike outage, business resilience has become a primary driver of security strategies across industries. We will share how CISOs think about boosting cyber resilience, strengthening disaster recovery plans, and reinforcing trust in mission-critical vendors to the board.
Secure governance of non-human identities
Okta will provide effective strategies to enhance secure governance of non-human identities (such as service accounts and chatbots), including improving visibility, automating oversight, and safeguarding critical systems.
Raising the bar for our industry
Okta’s Secure by Design Pledge - One Year On
Our latest post highlights one year's worth of progress on Okta's commitment to the CISA Secure by Design Pledge, including detailed updates across various themes such as MFA, vulnerabilities, and more. We've delivered richer system log data to help detect threats faster and made secure defaults the norm across our products.
Okta for Good 2025 Impact Report
For nearly a decade, Okta for Good has addressed critical societal issues that align with our business, including strengthening nonprofit cybersecurity, investing in the next generation of cyber talent, and advancing climate action. In this report, Okta shares updates, successes, and learnings from the first year of our $50M philanthropy commitment, of which we have committed $16M so far.
Building resilient Identity: Reducing security debt in 2025
Okta’s security team delves into the growing challenge of managing identity sprawl and technical debt, which leaves organizations vulnerable to attacks and operational inefficiencies—and how, without a clear strategy, identity security gaps can lead to misaligned priorities, hinder business outcomes, or incur costly breaches.
Introducing the Okta Security Technical Implementation Guide (STIG)
Following our partnership with The Defense Information Systems Agency (DISA) is the release of the new Okta Identity as a Service Security Technical Implementation Guide (STIG). Learn about the new STIG guidance with an important call to action for our customers in our ongoing pursuit—to free everyone to safely use any technology.
Hardening our corporate infrastructure
What we recently delivered
Additional detections on production changes
Okta’s enhanced detections on code changes in production will assist in prohibiting unauthorized modifications and/or potentially malicious insertions.
Vulnerability management automation
By automating vulnerability management, Okta can continuously identify, prioritize, and remediate security risks without manual effort.
Expanded log collection for SaaS Apps
An enhanced data footprint will streamline Okta’s troubleshooting and root-cause analysis while bolstering security monitoring and compliance efforts.
What's next
Automated SaaS security posture management for P0 critical systems
Minimize IT attack surface across Okta’s corporate SaaS systems by proactively identifying and remediating misconfigurations, excessive permissions, and compliance drifts.
Secret scanning for P0 data-sensitive SaaS systems
Reduce the likelihood of accidental or malicious exposure of sensitive credentials shared on Okta’s critical SaaS environment.
ISPM rolled out for cross-functional cloud platforms
Granular visibility and control over user privileges, access policies, and authentication protocols across Okta’s enterprise cloud infrastructure and SaaS systems to enable proactive detection and remediation of identity-related vulnerabilities such as privilege creep and shadow admins.
We’re committed to sharing results
Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.
Explore more resources
Disclaimer
*Based on internal reporting through January 2025