Okta, Inc.

Okta, Inc. (formerly SaaSure Inc.) is an American identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website, web services, and devices. It was founded in 2009 and had its initial public offering in 2017, reaching a valuation of over $6 billion.

Products and services
Okta sells six services, including a single-sign-on service that allows users to log into a variety of systems using a single centralized process. For example, the company claims the ability to log into Gmail, Workday, Salesforce and Slack with one login. It also offers API authentication services.

Okta's services are built on top of the Amazon Web Services cloud.

Okta primarily targets enterprise businesses. Claimed customers as of 2020 include Zoominfo, JetBlue, Nordstrom, MGM Resorts International, and the U.S. Department of Justice.

Okta runs an annual “Oktane” user conference, which in 2018 featured former US President Barack Obama as a keynote speaker.

History
Okta was co-founded in 2009 by Todd McKinnon and Frederic Kerrest, who previously worked together at Salesforce.

In 2015, the company raised US $75 million in venture capital from Andreessen Horowitz, Greylock Partners, and Sequoia Capital, at a total initial valuation of US$1.2 billion.

In 2017, Okta's initial public offering priced at $17.00 per share, trading up on its first day, to raise an additional US$187 million. At the time of its IPO, Sequoia Capital was the biggest shareholder, with a 21.2 percent stake.

In January 2019, Okta's CEO announced that the company has over 100 million registered users.

In August 2020, Okta announced that it plans to let most of its employees work remotely on a permanent basis as a result of the COVID-19 pandemic.

In March 2021, Okta signed a definitive agreement to acquire Auth0 for $6.5 billion. The deal closed in May 2021.

In August 2021, Okta signed a definitive agreement to acquire atSpoke for $90 million.

In December 2023, Okta acquired security firm Spera for approximately $100–130 million.

Security incidents
On March 9, 2021, hacking collective "Advanced Persistent Threat 69420" breached an Okta office network through a security failure in the company's Verkada camera setup. They were able to download security footage from the cameras. One member of the group, Maia Arson Crimew, also revealed that the group had gained root shell access to the network. In a blog post the next-day, Okta Chief Security Officer David Bradbury minimized the root shell as an "internal support tool" of the camera manufacturer Verkada. However, the shell would have given the hackers full access to execute any commands on the network, and Cloudflare admitted that a similar hack by the group on that company's network provided them with the same level of access. Bradbury also said that the threat was contained to an isolated network.

On March 22, 2022, the hacking group LAPSUS$ posted screenshots claiming to be from Okta internal systems. The next day, Okta concluded that a maximum of 366 of their customers data may potentially have been impacted, further stating that the breach originated with a computer used by one of Okta's third-party customer support engineers to which the hackers had access.

In December 2022, Okta's source code was stolen when a hacker gained access to their GitHub repository.

In early October 2023, Okta was notified of a breach resulting in hackers stealing HTTP access tokens from Okta's support platform by BeyondTrust. Okta denied the incident for a number of weeks, but later recognized that a breach had occurred. Customers impacted by the Okta breach included Caesars Entertainment, MGM Resorts International, 1Password and Cloudflare. On November 29th, 2023, it was known that the security incident affected all Okta customers.