Okta, Inc.

Last updated
Okta, Inc.
FormerlySaasure Inc. (2009–2010)
Company type Public
Industry Software
FoundedJanuary 2009;15 years ago (2009-01)
Founders
  • Todd McKinnon
  • Frederic Kerrest
Headquarters 100 First Plaza
San Francisco, California, U.S.
Area served
Worldwide
Key people
  • Todd McKinnon (CEO)
  • Frederic Kerrest (COO)
ProductsSingle Sign-On
RevenueIncrease2.svg US$2.26 billion (2024)
Increase Negative.svg US$516 million (2024)
Increase Negative.svg US$355 million (2024)
Total assets Decrease2.svg US$8.99 billion (2024)
Total equity Increase2.svg US$5.89 billion (2024)
Number of employees
5,908 (2024)
Website okta.com
Footnotes /references
Financials as of January 31,2024. [1]

Okta, Inc. (formerly SaaSure Inc.) is an American identity and access management company based in San Francisco. [2] It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website, web services, and devices. [3] It was founded in 2009 and had its initial public offering in 2017, reaching a valuation of over $6 billion. [4]

Contents

Products and services

Okta sells 10 products, [5] including Single-Sign-On, Universal Directory, Advanced Server Access (formerly ScaleFT [6] ), API Access Management, Authentication, User Management, B2B Integration, Multi-factor-Authentication, Lifecycle Management, and Access Gateway.

Okta sells six services, including a single-sign-on service that allows users to log into a variety of systems using a single centralized process. For example, the company claims the ability to log into Gmail, Workday, Salesforce and Slack with one login. [7] [8] It also offers API authentication services. [9]

Okta's services are built on top of the Amazon Web Services cloud. [10]

Okta primarily targets enterprise businesses. Claimed customers as of 2020 include Zoominfo, JetBlue, Nordstrom, MGM Resorts International, and the U.S. Department of Justice. [11]

Okta runs an annual “Oktane” user conference, which in 2018 featured former US President Barack Obama as a keynote speaker. [12] [13] [14]

Operations

Okta is headquartered in San Francisco. [15] It also has offices in San Jose, Bellevue, Toronto, Washington D.C., Chicago, Bengaluru, London, Amsterdam, Sydney, Paris, and Stockholm. [16]

History

Logo until 2022 Okta logo.svg
Logo until 2022

Okta was co-founded in 2009 by Todd McKinnon and Frederic Kerrest, who previously worked together at Salesforce. [17]

In 2015, the company raised US $75 million in venture capital from Andreessen Horowitz, Greylock Partners, and Sequoia Capital, at a total initial valuation of US$1.2 billion. [18]

In 2017, Okta's initial public offering priced at $17.00 per share, trading up on its first day, to raise an additional US$187 million. [19] [20] At the time of its IPO, Sequoia Capital was the biggest shareholder, with a 21.2 percent stake. [21]

In January 2019, Okta's CEO announced that the company has over 100 million registered users. [22]

In August 2020, Okta announced that it plans to let most of its employees work remotely on a permanent basis as a result of the COVID-19 pandemic. [23]

In March 2021, Okta signed a definitive agreement to acquire Auth0 for $[ clarify ]6.5 billion. [24] The deal closed in May 2021. [25]

In December 2023, Okta acquired security firm Spera for approximately $100–130 million. [26]

Security incidents

On March 9, 2021, hacking collective "Advanced Persistent Threat 69420" breached an Okta office network through a security failure in the company's Verkada camera setup. [27] They were able to download security footage from the cameras. [28] One member of the group, Maia Arson Crimew, also revealed that the group had gained root shell access to the network. [29] In a blog post the next-day, Okta Chief Security Officer David Bradbury minimized the root shell as an "internal support tool" of the camera manufacturer Verkada. [28] However, the shell would have given the hackers full access to execute any commands on the network, and Cloudflare admitted that a similiar hack by the group on that company's network provided them with the same level of access. [30] Bradbury also said that the threat was contained to an isolated network.

On March 22, 2022, the hacking group LAPSUS$ posted screenshots claiming to be from Okta internal systems. [31] The next day, Okta concluded that a maximum of 366 of their customers data may potentially have been impacted, further stating that the breach originated with a computer used by one of Okta's third-party customer support engineers to which the hackers had access. [32]

In December 2022, Okta's source code was stolen when a hacker gained access to their GitHub repository. [33]

In early October 2023, Okta was notified of a breach resulting in hackers stealing HTTP access tokens from Okta's support platform by BeyondTrust. Okta denied the incident for a number of weeks, but later recognized that a breach had occurred. [34] Customers impacted by the Okta breach included Caesars Entertainment, MGM Resorts International, 1Password and Cloudflare. [35] [36] [37] On November 29th, 2023, it was known that the security incident affected all Okta customers. [38] [39]

Related Research Articles

Foundever is a privately owned contact center company headquartered in Luxembourg City. It provides outsourced sales, technical support, customer service, and other business processes for large companies. The company has 170,000 employees and $4 billion in revenue.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

GlobalSign is a certificate authority and a provider of internet identity and security products. As of January 2015, Globalsign was the 4th largest certificate authority in the world, according to Netcraft.

LastPass is a password manager application owned by GoTo. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

<span class="mw-page-title-main">Multi-factor authentication</span> Method of computer access control

Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.

<span class="mw-page-title-main">Mimecast</span> Jersey-domiciled information technology company

Mimecast Limited is an American–British, Jersey-domiciled company specializing in cloud-based email management for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.

Twilio Inc. is an American cloud communications company based in San Francisco, California, which provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs.

Imperva, Inc. is an American cyber security software and services company which provides protection to enterprise data and application software. The company is headquartered in San Mateo, California.

<span class="mw-page-title-main">Cloudflare</span> American technology company

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration services. Cloudflare's headquarters are in San Francisco, California. According to The Hill, Cloudflare is used by more than 20 percent of the Internet for its web security services, as of 2022.

BetterCloud, an independent software vendor based in New York, NY and with engineering offices in Atlanta, GA, builds unified SaaS management software. A venture-backed startup, BetterCloud has raised $187 million in total funding, with the most recent round was led by Warburg Pincus with series F funding with $75 million raised to date. A previous round of funding was done in April 2018 which was led by Bain Capital Ventures. In December 2016, BetterCloud completed pivot from G Suite to general SaaS management.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

Cloudbleed was a Cloudflare buffer overflow disclosed by Project Zero on February 17, 2017. Cloudflare's code disclosed the contents of memory that contained the private information of other customers, such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. As a result, data from Cloudflare customers was leaked to all other Cloudflare customers that had access to server memory. This occurred, according to numbers provided by Cloudflare at the time, more than 18,000,000 times before the problem was corrected. Some of the leaked data was cached by search engines.

Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver, Colorado, United States with development offices in Vancouver, British Columbia, Tel Aviv, Israel, Austin, Texas, Denver, Colorado, Boston, Massachusetts and Edinburgh, Scotland. Ping also has European operations with offices in London, Paris, and Switzerland as well as offices in Bangalore, Melbourne, and Tokyo, serving Asia-pacific. It was a publicly traded company until getting acquired by Thoma Bravo and taken private in October 2022.

Teleport is an open-source tool for providing zero trust access to servers and cloud applications using SSH, Kubernetes and HTTPS. It can eliminate the need for VPNs by providing a single gateway to access computing infrastructure via SSH, Kubernetes clusters, and cloud applications via a built-in proxy.

Verkada Inc. is a San Mateo, CA-based company that develops cloud-based building security and operating systems. The company combines security equipment such as video cameras, access control systems and environmental sensors, with cloud based machine vision and artificial intelligence.

maia arson crimew Swiss hacker (born 1999)

Maia arson crimew, formerly known as Tillie Kottmann, is a Swiss developer and computer hacker. Crimew is known for leaking source code and other data from companies such as Intel and Nissan, and for discovering a 2019 copy of the United States government's No Fly List on an unsecured CommuteAir server. Crimew was also part of a group that hacked into Verkada in March 2021 and accessed more than 150,000 cameras. She is also the founding developer of the Lawnchair application launcher for Android.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.

NordLayer, formerly known as NordVPN Teams, is a network access security service with applications for Microsoft Windows, macOS, Linux, Android and iOS. The software is marketed as a privacy and security tool running on zero trust architecture providing protection on hybrid and multi-cloud cloud environments.

References

  1. "Okta Form 10-K for the fiscal year ended January 31, 2024". March 1, 2024.
  2. Rivas, Teresa (December 6, 2017). "Okta CEO Is Feeling Optimistic. Looks Like Investors Are Too". Barron's. Retrieved April 8, 2018.
  3. Bridgwater, Adrian (May 23, 2018). "Okta Insists Identity 'Goes Beyond' Passwords". Forbes. Retrieved March 6, 2019.
  4. "OKTA SEC Filings - Okta Inc - Class A- Annual Report, Proxy Statement, Prospectus". fintel.io. Retrieved 2023-07-28.
  5. "Cloud Identity and Access Management (IAM) Products | Okta". www.okta.com. Retrieved 2021-05-21.
  6. "Okta Acquires ScaleFT to Bring Zero Trust to the Enterprise | Okta". www.okta.com. Retrieved 2021-05-21.
  7. Ray, Tiernan. "Okta CEO: 'We Exist Because It's a Heterogenous World'" . Retrieved 2018-04-08.
  8. Ray, Tiernan. "Okta: A Bigger Deal Than Oracle Someday?" . Retrieved 2018-04-08.
  9. "Okta Wants To Go Big And Go It Alone in Enterprise Software". Fortune. Retrieved 2018-04-08.
  10. "This Enterprise Software Unicorn Just Filed to Go Public". Fortune. Retrieved 2018-04-08.
  11. "Okta Identity Cloud Securely Connects JetBlue to its Customers". Venturebeat. 2018-03-07. Retrieved 2019-06-26.
  12. Bridgwater, Adrian. "Inside Privacy: Okta CEO Takes Hardcore Line On Identity Management". Forbes. Retrieved 2018-04-08.
  13. Bort, Julie. "I followed the CEO of $6 billion Okta around and learned the secrets of a tech conference that landed President Obama as a speaker". BusinessInsider. Retrieved 2019-06-26.
  14. Thadani, Trisha. "Barack Obama is speaking at a tech conference, but not one you'd expect". SFChronicle. Retrieved 2019-06-26.
  15. "Okta Inc: Company Profile". Bloomberg. Retrieved 2018-04-08.
  16. "Get in Touch - Contact Information". okta. Retrieved 2018-04-12.
  17. "Okta CEO McKinnon on the Tech IPO Landscape and Data Security" . Retrieved 2018-04-08.
  18. Ovide, Shira (2015-09-08). "Okta Raises $75 Million, Boosting Valuation to Nearly $1.2 Billion". WSJ. Retrieved 2018-04-08.
  19. "Okta shares soar nearly 39 percent in first day of trading". www.bizjournals.com. Retrieved 2018-04-08.
  20. Balakrishnan, Anita (2017-04-07). "Okta skyrockets more than 38% after IPO". CNBC. Retrieved 2018-04-08.
  21. "Okta shares soar nearly 39 percent in first day of trading". www.bizjournals.com. Retrieved 2018-04-08.
  22. Gurdus, Elizabeth (2019-01-24). "Okta CEO: We now have over 100 million registered users". www.cnbc.com. Retrieved 2019-01-25.
  23. Brian Fung (27 August 2020). "Software company Okta will let most of its 2,600 employees work remotely permanently". CNN. Retrieved 2020-09-15.
  24. Dignan, Larry. "Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud". ZDNet. Retrieved 2021-03-09.
  25. "Okta's Auth0 deal closes: Inside the 8-year, $6.5 billion courtship". Fortune. May 3, 2021. Archived from the original on 4 May 2021. Retrieved 23 June 2022.
  26. "Okta snatches up security firm Spera, reportedly for over $100M". TechCrunch. 2023-12-19. Retrieved 2023-12-19.
  27. Turton, William (2021-03-09). "Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals". Bloomberg. Retrieved 2021-03-10.
  28. 1 2 Bradbury, David (2021-03-10). "A CSO's perspective on the recent Verkada cyber attack". Okta Security. Archived from the original on 2021-03-17. Retrieved 2021-03-16.
  29. Paresh, Dave (2021-03-10). "Tesla says Shanghai factory not hacked after breach of Verkada surveillance cameras". Reuters. Retrieved 2021-03-17.
  30. Graham-Cumming, John (2021-03-10). "About the March 8 & 9, 2021 Verkada camera hack". The Cloudflare Blog. Archived from the original on 2021-03-10. Retrieved 2021-03-17.
  31. "Authentication firm Okta probes report of digital breach". CNN. Retrieved 22 March 2022.
  32. Camacho, Antonio Ruiz (2022-03-23). "Okta Says Hundreds of Customers May Have Been Exposed by January Breach". CNET .
  33. "Okta had another security incident, this time involving stolen source code".
  34. "Hackers Stole Access Tokens from Okta's Support Unit". krebsonsecurity .
  35. Goswami, Rohan (2023-10-23). "Okta cybersecurity breach wipes out more than $2 billion in market cap". CNBC.
  36. Zaman, Sourov (2023-10-20). "How Cloudflare mitigated yet another Okta compromise". The Cloudflare Blog. Archived from the original on 2023-10-24. Retrieved 2023-10-25.
  37. GREIG, JONATHAN (2023-10-24). "How 1Password, Cloudflare affected by Okta compromise" . Retrieved 2023-10-25.
  38. Identity management company Okta reveals far more extensive hack of its systems
  39. Okta admits hackers accessed data on all customers during recent breach
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.