Okta Secure Identity Commitment 2025

Keypoints

• This annual report is structured like a security commitment roadmap: it starts with an executive summary, explains the threat landscape and strategic rationale, then breaks into four core pillars—products and services, corporate infrastructure hardening, customer best practices, and industry elevation—followed by a conclusion and ongoing updates.
• The report frames identity as the primary enterprise security entry point and positions identity protection as mission-critical infrastructure for workforce and consumer applications.
• A major statistic is that Okta detected and blocked more than 1.5 billion identity-based attacks from August 1 through October 31, 2025 using ThreatInsight.
• Okta’s Enhanced Dynamic Zones blocked more than 290 million malicious or risky access attempts in the same period, including abuse from residential proxies and VPNs.
• Operational scale is emphasized through 99.99% uptime, 24×7 global support, and support for more than 10 billion logins per month.
• A recurring theme is the rapid evolution of attacker tradecraft, including credential stuffing, bot activity, phishing-as-a-service, consent phishing, ransomware targeting help desks, and North Korean IT worker operations.
• The report repeatedly stresses that AI is expanding both attack and defense capabilities, with new content focused on AI agents, shadow AI, deepfakes, and agentic authorization risks.
• Okta is treating AI agents as a new identity class, introducing governance and control-plane concepts to prevent them from becoming hidden “superusers.”
• Another major theme is phishing resistance: Okta highlights FastPass, FIDO2, passkeys, YubiKeys, and passwordless workflows as key defenses against modern identity attacks.
• The report notes growing concern over consent phishing and OAuth abuse, with Cross-App Access presented as a way to secure agent-to-app and app-to-app connections.
• Corporate hardening measures include expanded SSO, local administrator lockdown, MDM enforcement for devices accessing corporate resources, stronger laptop protections, improved logging, and vulnerability management automation.
• Okta also expanded monitoring and response capabilities with a new security incident case management tool, a new threat intelligence platform, and dark web monitoring.
• The report shows a strong focus on third-party and SaaS risk, including assessments of critical SaaS applications, OSS scanning, third-party library controls, and controls for service accounts.
• Customer guidance centers on configuration hygiene and identity best practices, including administrative session protection, IP/ASN binding, secure onboarding and offboarding, and secure account recovery using identity verification.
• Educational content is used as a major defensive lever, with publications on phishing, deepfakes, ransomware, non-human identities, secure sign-in trends, and SaaS hygiene.
• A key trend is the rise of non-human identities and AI-enabled automation, which the report treats as an expanding security frontier requiring dedicated policies and visibility.
• Okta also emphasizes industry collaboration through IPSIE, the CISA Secure by Design pledge, NIST alignment, OpenID Foundation standards work, and the World Economic Forum’s Partnership Against Cybercrime.
• Philanthropic and industry-development efforts are tied to security outcomes, including support for nonprofits, cybersecurity talent pipelines, learning grants, and research on hiring talent without four-year degrees.
• The report’s recurring takeaway is that identity security is no longer a narrow product concern; it is the foundation for enterprise trust, Zero Trust, AI governance, and resilient digital operations.