This article provides common questions about the capabilities Okta has implemented to rapidly communicate with customers in the event of a significant security-related concern, and how our customers can receive these communications.

How do customers sign-up for rapid communication alerts?

Okta maintains a security and privacy contact for all customers to communicate with using direct contact methods in their profile – such as email and SMS – and previously requested that any updates/changes be provided. An organization’s Super Admin can add or update their organization’s security and privacy contact(s) and preferred contact information. Please refer to our Knowledge Base article for instructions. In addition, all Super Admins for an organization have access to in-product notifications which may also be used for rapid communication alerts. 

What type of information is provided via these communication capabilities?

Two information categories will be communicated via these new methods:

1. Notification about a significant security concern that may impact Okta and its customers.

2. Okta product security recommendations, such as how to implement new configuration best practices or improve the security posture.

After initial notifications about any significant security concern, pursuant messages will direct customers to our website for ongoing updates. 

How are customers contacted with the new communication capabilities?

The method by which we contact our customers depends on the information we are communicating, as outlined below:

• For notifications and updates about a significant security concern, we will use the direct contact information in your profile: email, SMS, or phone call.* Additionally, we will augment these direct communications with an in-product notification, such as a banner on the Okta dashboard.

• For Okta product security recommendations, we use in-product notifications to communicate this information. 

*In our notifications, you will be asked to acknowledge receipt of certain messages by replying to an SMS or clicking an email link. If no acknowledgment is received, our system will send messages to the other contact methods in your profile.

Who receives rapid communication alerts?

• In the event of a significant security concern, we contact an organization’s security & privacy contact(s) and primary IT contact(s) via the information* in their profile: email**, SMS***, phone call****.

• For Okta product security recommendations delivered via in-product notifications, these are available to all Super Admins assigned to an organization.

*Our system requires up-to-date contact information in your organization’s profile to successfully communicate with you using these capabilities. We ask all customers’ Super Admin to maintain the security and privacy contact(s) and preferred communication methods by following the instructions in our Knowledge Base article.

**Emails will be sent from noreply@securityalerts.okta.com or noreply@okta.com

***Text alerts are sent from SMS numbers or short codes that vary by country. In the US, SMS text communications will be sent from 893-61

**** Phone calls will come from +1 415-915-9255