Okta complies with a range of industry-standard certifications and authorizations.

 

Okta's Security Documentation for Current Customers

Okta’s SOC 3 Report + Standard Security Questionnaires

Okta's Service Certifications: SOC2, ISO 27001, CSA-Star, FedRAMP ...

A summary of Okta’s FIPS compliance

SECURITY BLOG

Go “Secure by Default” With Custom Admin Roles for IT support staff

Cross-Tenant Impersonation: Prevention and Detection

Social Engineering is Getting More Extreme, but the Fixes Can Be Simple

Keeping Phishing Adversaries Out of the Middle

Defending against Session Hijacking

SYSTEM LOGS & DATA RETENTION

Okta is committed to providing all customers with access to system logs, which can be searched from the admin console or streamed to third-party security tools.

 

Exporting Okta Log Data

Streaming Okta Log Data

Okta's Data Retention Policy

Monitor Okta

RESILIENCE & AVAILABILITY

Learn about Okta’s approach to scaling the identity cloud.

 

Not All Cloud Services Are Built Alike

Scaling Okta to 50 Billion Users

How Okta Builds and Runs Scalable Infrastructure

Okta System Status Dashboard

PRODUCT SECURITY FEATURES

Okta provides a broad array of policy configurations for admins to choose from.

 

Okta Classic security features

Okta Identity Engine security features

HealthInsight Tasks and Recommendations

Supported platforms, browsers, and operating system

Sign the Okta certificate with your own CA (BYO SAML)

Okta Passkey Management: A New Feature Flag

VULNERABILITY POLICY & PENETRATION TESTING

Okta aggressively hunts for bugs in our software using four concurrent security programs: internal tests, third-party audits, public bug bounty program, and a highly-responsive customer bug reporting program. We support customer pentesting of Okta and provide test environments for that purpose.

 

Okta's Vulnerability Reporting Policy

Okta's Bug Bounty Program:
https://bugcrowd.com/okta & https://bugcrowd.com/auth0-okta

Okta's Product Security PGP key

DEPLOYMENT GUIDES

Our guides to secure configuration of Okta-related services.

 

Active Directory Integration

Set up and manage Okta's LDAP Interface

Securing Office 365 with Okta

Getting the most out of Okta ThreatInsight

Configure Trusted Origins

How to Mitigate Toll Fraud when Using Okta for Voice Authentication

PRIVACY & DATA SECURITY

Okta’s data protection meets the highest industry standards, complying with FedRAMP and NIST 800-53, HIPAA, ISO 27001/27017/27018 and GDPR requirements.

 

 

Okta+Privacy and Privacy Policy

GDPR-compliant Data Processing Addendum (DPA)

Security and Privacy Documentation

Sub-processor Information

Product Roadmap

Release Notes: Okta Classic and Okta Identity Engine

Okta WIC Developer Documentation

Okta CIC Developer Documentation

AWS Data Center Controls and Global Infrastructure

AWS KMS cryptographic details

AWS Artifact: Central resource for AWS compliance (SOC2 report)