HomepageOkta logo

Okta's comprehensive approach to security

Every Okta customer benefits from our investment in world-leading security capabilities.

Okta operates under a shared security responsibility model, under which Okta is responsible for the secure delivery of the Identity Cloud and its underlying infrastructure, while customers are provided the broadest range of configurable policy options to secure access to applications according to their requirements.

Our vision is to empower customers to safely use any technology. We are committed to supporting best-of-breed security tools and evolving the native security features built-in to the identity cloud.



This technical whitepaper introduces Okta’s approach to managing the security of the Okta cloud.


Shared Responsibility Model

Software Development Security

Encryption Architecture

Tenant Network Segregation


Okta is committed to providing all customers with access to system logs, which can be searched from the admin console or streamed to third-party security tools.


Exporting Okta Log Data

Streaming Okta Log Data

Okta's Data Retention Policy


Okta aggressively hunts for bugs in our software using four concurrent security programs: internal tests, third-party audits, public bug bounty program, and a highly-responsive customer bug reporting program. We support customer pentesting of Okta and provide test environments for that purpose.


Security Whitepaper: Penetration Tests

Okta's Vulnerability Reporting Policy

Okta's Bug Bounty Program


Okta’s data protection meets the highest industry standards, complying with FedRAMP and NIST 800-53, HIPAA, ISO 27001/27017/27018 and GDPR requirements.


Okta+Privacy and Privacy Policy

GDPR-compliant Data Processing Addendum (DPA)

Security and Privacy Documentation

Sub-processor Information

Want to dive deeper into Okta’s approach to security? Follow the links below:

Okta Security Technical Whitepaper
Download the whitepaper

How Okta Designed a Comprehensive Approach to Security
Download the whitepaper

Okta SecOps on Security: Protecting Your Okta Orgs
Watch the presentation

Hands-on security training: Advanced Security: Protect the Modern Perimeter with Okta
Register now

Security Deep-Dive: Adaptive Authentication for Enhanced Security
Watch the presentation

Okta Security Advisories
Learn more

How we work with AWS to improve security
Watch the video