Okta Links AI Features to Big Contracts

The offering, named Identity Threat Protection with Okta AI (ITP), moves beyond simple login checks by continuously evaluating user sessions for threats. It analyzes a constant stream of signals about user behavior and device health to detect risks that arise after initial authentication. This AI-driven system is designed to identify anomalies such as impossible travel logins, AI-powered phishing attempts, and unusual access patterns. When a high-risk event is detected, ITP can trigger automated actions like forcing a step-up authentication, initiating a password reset, or performing a "Universal Logout" to terminate all of a user's active sessions immediately. A key technical component is its use of the Shared Signals Framework (SSF), which allows ITP to ingest risk signals from third-party security tools like CrowdStrike and Zscaler. This creates a unified view of user risk and generates enriched event data within the Okta System Log, providing high-fidelity log sources for SIEM platforms. For Splunk engineers, these detailed logs from the Okta System Log API can be ingested to build advanced detection rules. The event data includes rich context on device posture, IP reputation, and specific user actions, enabling the creation of dashboards that monitor for identity-based threats like session hijacking and token theft. This aligns directly with the DoD's Zero Trust "User" pillar, which mandates continuous identity verification and behavioral analytics. Okta's ability to provide real-time risk assessment and automated responses helps satisfy DoD requirements for dynamic, context-aware access control. Okta offers a specific "Okta for Government High" platform, which is FedRAMP High authorized and hosted on AWS GovCloud. This solution supports government-mandated authentication methods like PIV/CAC cards and meets FIPS 140-2 security requirements, facilitating adoption within DoD environments.