Raising the Bar for our Industry with IPSIE

Okta’s vision of building a world where anyone can safely use any technology, powered by their Identity, continues to be our guiding factor. Today, almost 20,000 customers rely on Okta’s industry-leading Identity solutions worldwide in nearly every industry sector.

Early last year, Okta announced the Okta Secure Identity Commitment (OSIC), a long-term pledge to lead the industry in the fight against Identity attacks. The Commitment consists of four pillars, including Raising the bar for our industry. We’re committed to making this a reality.

The rise in Identity-based attacks

Based on Okta’s internal reporting, Okta detects and blocks over 3 billion attacks per month. We protect over 800 million unique monthly users from cyber threats, ranging from credential stuffing to malicious bots. Enterprise anonymized data confirmed that over a 90-day period, we reduced credential stuffing attempts and malicious bot traffic by more than 90% for some of our largest customers.

From year to year, motivated threat actors employ new and innovative techniques in their ongoing efforts to gain unauthorized access. In a 2024 report in which Okta participated, Verizon concluded 68% of breaches involved a human element, and 24% involved the use of stolen credentials.

At Okta, we continue to live our corporate values by enforcing industry best practices; 100% of Okta employees use phishing-resistant authentication solutions like Okta FastPass with device assurance and Adaptive Multi-Factor Authentication (AMFA). To learn more about MFA and phishing-resistant authentication, download our Secure Sign-In Trends Report 2024.

A new industry standard

To set the stage and advance the tech sector, the OpenID Foundation (OIDF) recently announced the formation of a new working group with support from Okta, Ping Identity, Microsoft, SGNL, Beyond Identity, and Capital One. The Interoperability Profiling for Secure Identity in the Enterprise, or IPSIE, is the name of the OpenID Foundation working group tasked with establishing this new Identity standard.

Last year’s Oktane messaging heavily focused on the theme of possibility. When introducing Okta’s commitment to IPSIE at Oktane24 in Las Vegas, Okta CEO and Co-Founder Todd McKinnon said, “The goal with IPSIE is to standardize identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone.” 

To support the integration of critical identity security capabilities in SaaS applications, the IPSIE working group intends to collaboratively focus on:

• Single sign-on

• Lifecycle management

• Entitlements, such as Governance and Privileged Access

• Risk signal sharing

• Session termination

Today, representatives from 25 unique companies are coming together each week to collaborate with meaningful discussion in pursuit of advancing this innovative industry standard. Open and available to all, the IPSIE working group has the potential to transform enterprise SaaS security.

Joining forces and coming together

Andrew Carnegie expressed his belief in collaboration as a powerful force for achieving greater success by famously stating, “Teamwork is the ability to work together toward a common vision. The ability to direct individual accomplishments toward organizational objectives. It is the fuel that allows common people to attain uncommon results.”

IPSIE aims at fostering a more open, consistent, flexible SaaS ecosystem by empowering organizations to adhere to a higher level of security, more seamlessly and efficiently integrating amongst tech stacks. It also increases visibility across the Identity threat surface to better help protect against cyber attacks. Okta is excited to support and participate in the working group because we believe that a unifying industry standard is the key to fostering an open ecosystem, where it’s both seamless and efficient to build and use enterprise apps that are secure by default.

We recently published integrations with 50 leading enterprise SaaS applications including Google, Microsoft Office 365, Slack and Salesforce that support modern identity best practices aimed at enhancing security and reducing operational burden. Each integration takes just seconds to set up and requires virtually no ongoing maintenance, giving enterprises instant access to capabilities for their most-used apps such as Universal Logout with the ability to immediately terminate user sessions when a threat is detected. These integrations best meet the tech landscape and customers where they are today, while better protecting systems and data going forward.

We’ll keep you posted

As we continue to progress on the new IPSIE standard within the OpenID Foundation working group, take comfort in knowing we will continue to keep you updated. Okta is committed to working with third-party standards bodies, Identity providers and SaaS vendors to continue to get you more visibility of evolving threats. The working group aims to have the first set of draft specifications published in early 2025.

Join us in our fight against Identity-based attacks, and learn more on how to get involved with the OpenID Foundation working group to tackle key Identity security challenges in today’s enterprise environments.