Okta Identity Engine offers admins the ability to vary authentication flows to applications based on everything from group membership, device management, device posture, network zones, risk evaluation, user behaviour and more. Generally speaking, the more context evaluated at the point of access, the better the security outcome. That’s what this whole zero trust journey is about: all the stars should align before a legitimate user can access a sensitive resource. The flip-side of this is that...

During a security incident, it's critical that SOC analysts (or Okta admins) can rapidly identify all activity associated with a suspicious session, user or IP.  We are often asked to provide some sort of "cheat sheet" for new analysts that are unfamiliar with the extensive library of events available in Okta's Event Library. The following blog post re-publishes a support article that offers a few of these shortcuts. Okta Security will be following up this article with a post on events...

SUMMARY: In alignment with our core value of transparency, we are sharing context and details around a recent security event affecting Okta code repositories. There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No action is required by customers. SCOPE: The security event detailed below pertains to Okta Workforce Identity Cloud (WIC) code repositories. It does not pertain to any Auth0 (Customer Identity Cloud) products. EVENT: In early December 2022, GitHub...

In the last two installments in our series on phishing resistance, we discussed phishing resistant authenticators and how to gather signals about phishing lures directly from your users. Now let’s drill down into detection and response: what signals does Okta’s System Log provide that are indicative of in-flight phishing campaigns? Okta’s Defensive Cyber Operations team routinely identifies phishing infrastructure configured to imitate an Okta sign-in page and proactively notify Okta customers...

The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6). The two CVE’s are listed below: CVE-2022-3602 CVE-2022-3786 Response Okta’s engineering teams have applied patches and other mitigations, where required. Customer Guidance For both CVEs, the severity level has been listed as “high” and the following information has been made available: OpenSSL versions 3.0.0 to...

All applications require a highly-privileged administrator role to deploy and maintain that application. The monitoring and oversight (audit) of actions performed by users with these roles is a cornerstone of any well-designed security program. A number of research projects have highlighted ways in which the most privileged administrators in Okta could, if unchecked, abuse their privilege in some way. These research efforts serve to reinforce some long-held security principles: most notably...

Transparency is a core value at Okta. In April 2022, Okta committed to a range of initiatives that aim to drive greater transparency in how we respond to security incidents. One of those commitments was to provide our customers with insights into all the things our customer support teams do behind the scenes to deliver the unrivaled experience that is the Okta Identity Cloud. Under 2.6 in our Security Action Plan: “Okta will enhance the Okta System Log so that every customer support...

In the wake of recent security events at Uber and Twilio, organizations are understandably interested in pivoting to authenticators that offer the most resistance to phishing attacks. In this second part of our series on phishing resistance, we consider the human element. All organizations should aspire to a state in which technical and operational controls reduce the burden on end users to identify and respond appropriately to social engineering. Large numbers of Okta customers are pivoting...

Notification of Auth0 Code Repository Archives Security Event: No Customer Action Required, Auth0 Fully Operational. In alignment with our core value of transparency, we are communicating about a recent security event related to certain Auth0 archival code repositories; there is no impact to customer data. This does not impact any other Okta products.