Okta Identity Security Posture Management (ISPM) proactively identifies vulnerabilities and security gaps before exploitation occurs. ISPM provides visibility into identity posture across Okta, third-party identity providers, and cloud environments to help discover and prioritize identity issues based on real-world impact.
- Okta Identity Engine (OIE)
- Identity Security Posture Management (ISPM)
What is ISPM?
Okta Identity Security Posture Management (ISPM), formerly Spera, empowers organizations to take a proactive stance in reducing the identity attack surface. As organizations embrace multi-cloud and Software as a Service (SaaS) environments, security teams often struggle to maintain visibility and control over the identity landscape. Fragmented identity data creates blind spots, dormant accounts contribute to vulnerabilities, and administrators lack confidence that tools like Multi-Factor Authentication (MFA) function properly.
ISPM addresses these challenges by providing centralized visibility, proactive vulnerability detection, and rapid issue prioritization through the following capabilities:
- Proactively assesses identity risk posture.
- Continuously uncovers critical misconfigurations and gaps, such as inconsistent MFA enforcement and account sprawl.
- Prioritizes and remediates the most pressing issues based on risk severity.
- Provides a centralized view of identity security posture across the entire ecosystem, including Okta, third-party identity providers such as Amazon Web Services (AWS) and Azure Active Directory (Azure AD), and cloud environments like Salesforce, Microsoft Office 365 (O365), and GitHub.
- Detects vulnerabilities, misconfigurations, and policy violations.
- Offers a fast path to the prioritization and resolution of critical identity security issues, such as excessive privileged access.
How does ISPM integrate with identity providers and cloud environments?
Review the following diagram to understand how ISPM integrates with various identity providers and cloud environments to centralize identity security posture data.
NOTE: To proactively reduce an organization's identity attack surface, ISPM may assign a priority or risk level to threats, vulnerabilities, or users; make recommendations for remedial actions; and provide information about how security threats relate to compliance standards and frameworks. In doing so, ISPM is not providing legal, security, or compliance advice. Okta does not guarantee the identification of every security threat, and using ISPM does not guarantee compliance with standards, frameworks, or regulations applicable to the business. Administrators can find information regarding contractual assurances in the Master Subscription Agreement and related contract documents.
