A one-year progress update on Okta's commitment to the CISA Secure by Design Pledge.

Introducing the Okta Security Detection Catalog, a repository of detection queries designed to help Okta customers.

This is the third iteration in our blog series. This blog article explores how the Okta Security Customer Audit further enhances the Customer Trust function, driving even greater transparency and confidence in our security practices to meet our customers' regulatory and compliance requirements.

Okta recently announced our partnership with DISA, which has resulted in the release of the Okta Identity as a Service (IDaaS) Security Technical Implementation Guide (STIG) an an effort to secure baselines for the industry.

This blog article provides a brief overview of the DORA regulation, outlines how Okta can support compliance adherence, and introduces our new Factsheet, a helpful resource for satisfying DORA's regulated requirements.

Nobody does GenAI quite like a fake IT worker.

Trusted App Filters accounts for Identity-based attacks arising from compromised hardware. This blog article provides insights and resources on preventing and detecting Cross Device Authentication (CDA) authentication attacks.

What was once considered a controversial topic has gained widespread appeal as a crucial practice in the ongoing fight against threat actors and vulnerability exploitation. Ethical hackers and security researchers are revolutionizing today’s vulnerability management programs and reducing online risks by participating in Bug Bounty programs and disclosing vulnerabilities responsibly.

Cyber safety begins with healthy cybersecurity habits. Early adoption of good habits can protect our youth from online threats like cyberbullying, exposure to inappropriate content, and identity theft. This blog article introduces Okta's Cyber Kidz program, which was launched earlier this year in Sydney, Australia. Okta’s commitment to security from the ground up is demonstrated by empowering the next generation with essential cybersecurity skills.

On March 21, 2025, Vercel disclosed a critical security vulnerability (CVE-2025-29927) which makes it possible to bypass authorization checks within a Next.js application if the authorization check occurs in middleware. Note: The Okta service is not affected by this vulnerability.