Okta's comprehensive approach to security
Every Okta customer benefits from our investment in world-leading security capabilities.
Okta operates under a shared security responsibility model, under which Okta is responsible for the secure delivery of the Identity Cloud and its underlying infrastructure, while customers are provided the broadest range of configurable policy options to secure access to applications according to their requirements.
Our vision is to empower customers to safely use any technology. We are committed to supporting best-of-breed security tools and evolving the native security features built-in to the identity cloud.
Okta complies with a range of industry-standard certifications and authorizations.
Okta's Security Documentation for Current Customers
Okta’s SOC 3 Report + Standard Security Questionnaires
Okta's Service Certifications: SOC2, ISO 27001, CSA-Star, FedRAMP ...
Okta Deepens Commitment to Public Sector with DISA IL4 Provisional Authorization
This Security Technical Whitepaper introduces Okta’s approach to managing the security of the Okta cloud.
SYSTEM LOGS & DATA RETENTION
Okta is committed to providing all customers with access to system logs, which can be searched from the admin console or streamed to third-party security tools.
RESILIENCE & AVAILABILITY
Learn about Okta’s approach to scaling the identity cloud.
Not All Cloud Services Are Built Alike
Scaling Okta to 50 Billion Users
How Okta Builds and Runs Scalable Infrastructure
PRODUCT SECURITY FEATURES
Okta provides a broad array of policy configurations for admins to choose from.
Okta Classic security features
Okta Identity Engine security features
HealthInsight Tasks and Recommendations
Supported platforms, browsers, and operating system
Sign the Okta certificate with your own CA (BYO SAML)
VULNERABILITY POLICY & PENETRATION TESTING
Okta aggressively hunts for bugs in our software using four concurrent security programs: internal tests, third-party audits, public bug bounty program, and a highly-responsive customer bug reporting program. We support customer pentesting of Okta and provide test environments for that purpose.
Security Whitepaper: Penetration Tests
Okta's Vulnerability Reporting Policy
Our guides to secure configuration of Okta-related services.
Set up and manage Okta's LDAP Interface
Getting the most out of Okta ThreatInsight
PRIVACY & DATA SECURITY
Okta’s data protection meets the highest industry standards, complying with FedRAMP and NIST 800-53, HIPAA, ISO 27001/27017/27018 and GDPR requirements.
GDPR-compliant Data Processing Addendum (DPA)
Security and Privacy Documentation
PRODUCT INFO & RELEASE NOTES
Release Notes: Okta Classic and Okta Identity Engine
AWS Data Center Controls and Global Infrastructure
AWS KMS cryptographic details
AWS Artifact: Central resource for AWS compliance (SOC 2 report)