Back

Okta Identity Threat Protection

ITDR

Read Docs
Read Datasheet
OVERVIEW
SpyCloud’s integration with Okta Identity Threat Protection (ITP) uses the Shared Signals Framework (SSF) to convert identity exposure data – from infostealer malware, phishing kits, third-party breaches, and combolists – into actionable risk signals that flow directly into Okta’s risk engine. Okta ITP continuously ingests those signals to update user risk levels, trigger adaptive authentication, and initiate automated remediation.
HOW IT WORKS
  • Real-Time Risk Updates
    SpyCloud transforms exposures into standardized SSF signals that Okta ITP uses to adjust user risk dynamically
  • Customizable Risk Mapping
    Tailor risk levels and response actions (step-up MFA, password reset, session revocation, or account suspension) to align with your organization’s security policies
  • Prevent Authentication Bypass
    Trigger Universal Logout before a hijacked session reaches your environment to prevent authentication bypass
  • Noise Reduction Controls
    Filter out weak or low-value exposures to focus on meaningful risk signals.
  • Zero engineering overhead
    SpyCloud manages the integration end to end; no Workflows to build or maintain
BENEFITS
  • Collect: SpyCloud recaptures identity data directly from the criminal underground
  • Match + classify: Exposures are matched against your SpyCloud Watchlist and classified by type and risk level: Low (breach), Medium (phishing), High (malware), Critical (your Okta tenant URL discovered in malware or phished data)
  • Signal: SpyCloud transmits a JWT-signed Security Event Token (SET) to your Okta ITP SSF receiver endpoint
  • Respond: Okta ITP evaluates the signal against your entity risk policy and acts automatically: step-up MFA, forced password reset, Universal Logout, session revocation, or downstream Workflow trigger