New Okta Platform Innovations Extend Identity Security Fabric to Non-Human Identities in an Agentic AI Future

LONDON--(BUSINESS WIRE)--Okta, Inc. (NASDAQ: OKTA), the leading independent Identity partner, today announced new Okta Platform capabilities to help businesses secure AI agents and other non-human identities with the same level of visibility, control, governance, and automation as human ones. The Okta Platform will now bring a unified, end-to-end identity security fabric to organizations for managing and securing all types of identities across their ecosystem, from AI agents to API keys to employees.

Why it Matters:

• The number of non-human identities is set to grow exponentially, with Deloitte¹ forecasting that by 2027, half of all companies using GenAI will also adopt agents in some capacity. Some companies have already begun deploying hundreds of AI-SDRs and thousands of customer service agents.
• Non-human identities (i.e., service accounts, shared accounts, break-glass identities, API keys, access tokens, and automation tools) are inherently difficult to secure because they are often non-federated, lack MFA, and have static credentials that aren’t regularly rotated. These factors, combined with excessive privileges and a high blast radius, create an attractive attack vector for adversaries.
• Last year, only 15% of organizations² said they remain confident in their ability to secure them.
• With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl.
• Now more than ever, organizations will need to implement an identity security fabric, which is defined as a unified framework for securing, managing, and governing both non-human and human identities across ecosystems at scale.

“Amid the excitement of embracing the next wave of generative AI, companies are moving quickly to deploy agentic use cases, often overlooking the critical need to secure these systems and control the sprawl of non-human identities,” said Arnab Bose, Chief Product Officer, Okta Platform at Okta. “By bringing these identities into the identity security fabric, the Okta Platform can help organizations secure the rising digital labor force with the same rigor and vigilance as the human workforce.”

Comprehensive Identity Security Capabilities for Managing Every Type of Identity

The rapid adoption of cloud services, SaaS applications, remote work, and now the rise of non-human identities has transformed the security landscape. Homogeneous tech stacks don’t exist, and would present their own set of security risks.

This fragmentation creates complexity, gaps in security tools, and an expanded attack surface, making it harder for security teams to maintain a holistic view of their security posture. An extensible identity security fabric enables organizations to build best-in-breed stacks and connect disparate security tools across the enterprise. However, to be effective, companies need the right identity tools, including posture management, threat protection, privileged access, governance, device access, and more.

With new and enhanced Okta Platform capabilities, organizations can have more comprehensive security for all identities—human and non-human—with solutions that are seamlessly interconnected and fully integrated across the business.

What’s New – Identity Security Posture Management and Okta Privileged Access

New capabilities for Identity Security Posture Management and Okta Privileged Access provide companies with a comprehensive, end-to-end solution for protecting AI agents and other non-human identities, including service accounts, shared accounts, break-glass identities, API keys, access tokens, and automation tools.

Organizations can better discover, secure, and manage non-human identities, while ensuring AI-driven automation and machine-to-machine interactions remain governed under Zero Trust policies. These tools also continuously monitor NHI risks and vulnerabilities.

What’s New - Separation of Duties

Available today for customers in GA preview, Separation of Duties (SoD) in Okta Identity Governance (OIG) helps ensure that users do not accumulate conflicting access permissions that could introduce security risks or compliance violations. By enforcing SoD policies based on pre-defined business rules, SoD helps organizations prevent fraud, maintain regulatory compliance, and reduce the risk of insider threats.

What’s New – Secure Device Features

Available today for customers in Early Access, Okta is releasing new Secure Device Features under Okta Device Access and Adaptive MFA that minimize MFA fatigue and the risk of credential theft by seamlessly integrating device context and hardware protection for Zero Trust access control. These features integrate with the customer’s ecosystem of tools to gather signals that inform access policies and continuous risk assessment and enforcement.

Protecting Identities, Across Every Application and Environment

Since no enterprise today has a fully homogeneous tech stack, organizations need deep and secure identity integrations into every single application they use. This approach unifies user context, resources, policies and risk signals across infrastructure, apps, APIs, and more regardless of the identity types.

What’s New - Secure Identity Integrations (SII)

Generally available today for customers, Okta Secure Identity Integrations provide an unprecedented level of comprehensive, out-of-the-box security integrations for the most business-critical applications. Now available as a collection in the Okta Integration Network, companies can quickly configure deep integrations for applications, like Google Workspace, Microsoft 365, and Salesforce, that go beyond SSO and lifecycle management to manage user privileges, uncover hidden risks, and rapidly contain threats with built-in remediation and universal logout.

Other New Innovations:

• On-prem Connector: Available today for customers in Early Access, Okta On-prem Connector is a new out-of-the-box connector that allows customers to integrate their on-premises apps with Okta Identity Governance, enabling the discovery, visibility, and management of fine-grained application entitlements within Okta.

¹ Autonomous generative AI agents: Under development, Deloitte, November 19, 2024.
² CSA and Astrix Research: The State of Non-Human Identity Security, Cloud Security Alliance and Astrix, September 12, 2024.

Disclaimer: Any products, features, functionalities, certifications, authorizations, or attestations referenced in this material that are not currently generally available or have not yet been obtained or are not currently maintained may not be delivered or obtained on time or at all. Product roadmaps do not represent a commitment, obligation or promise to deliver any product, feature, functionality, certification or attestation and you should not rely on them to make your purchase decisions.

About Okta

Okta, Inc. is The World’s Identity Company™. We secure Identity, so everyone is free to safely use any technology. Our customer and workforce solutions empower businesses and developers to use the power of Identity to drive security, efficiencies, and success — all while protecting their users, employees, and partners. Learn why the world’s leading brands trust Okta for authentication, authorization, and more at okta.com.