Okta

NIST SP 800-63B §4.2: "AAL2 provides high confidence that the claimant controls authenticator(s) bound to the subscriber's account. Proof of possession and control of two distinct authentication factors is required through secure authentication protocol(s). Approved cryptographic techniques are required at AAL2 and above." §4.3: "AAL3 provides very high confidence that the claimant controls authenticator(s). AAL3 authentication SHALL use a hardware-based authenticator and an authenticator that provides verifier impersonation resistance." §5.2.5: "Verifier impersonation resistance... requires that the communication channel between the claimant and the verifier be authenticated." Okta supports AAL2+ with MFA and AAL3 with FIDO2/WebAuthn security keys.

Security configuration baseline for Okta tenants. Covers MFA policies, session management, admin access controls, and API token security.

Official hardening guide covering admin security, MFA enforcement, API token management, audit logging, and network zones.

SOC 2 CC6.1: "The entity implements logical access security software, infrastructure, and architectures over protected information assets." CC6.2: "Prior to issuing system credentials and granting system access, the entity registers and authorizes new internal and external users." CC6.3: "The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles." NIST CSF PR.AC-1 maps to CC6.1/CC6.2 - Okta implements identity lifecycle management aligned with SOC 2 TSC requirements.

ISO 27001:2022 A.5.15: "Rules to control physical and logical access to information shall be established and implemented." A.5.16: "Identities shall be managed through its lifecycle." A.5.17: "Authentication information shall be controlled through a management process." A.5.18: "Access rights shall be defined and implemented according to business and security requirements." Okta supports ISO 27001 access control requirements through centralized identity governance.