Overview

As part of our commitment to continuous improvement, Okta will continue to review and improve our security and customer communication procedures. A key component is maintaining a current Primary Security Contact and CIO/CISO Contact for all customers.

The CIO/CISO Contact is a new contact available starting July 25, 2024, for non-regulated environments and starting November 7, 2024, for regulated environments. For more information on the different Okta Contacts, refer to Okta Contact Definitions.

To ensure we have the most current security contacts for your organization, a self-service solution is available to enable customer Super Admins to proactively provide the most current primary security contact and CIO/CISO information via the Okta Support Center or GovCloud Okta Support Center. 

If you need to add a new contact not listed, do not have access to the Okta Support Center, or are a Customer Identity Cloud only customer, please contact your Okta account representative to do so.
 

Primary Security Contact

A Primary Security Contact is a person or group in a customer’s organization who is responsible for receiving notifications and maintaining systems security and privacy compliance and can respond in the event of a security and/or privacy incident. The individual(s) could be a leader or member of the Security, Privacy, Compliance, or IT teams, depending on how the customer is organized. This contact may receive notices as set forth under the notices provision of your contract with Okta.

CIO/CISO Contact

The CIO/CISO Contact is the C-level or most senior person accountable in your organization for security who can be contacted to discuss critical security-related items, such as to join a web conference or phone call.

Solution

The following video demonstrates how to define your Primary Security and CIO/CISO Contact.

How a Super Admin can access the Primary Security and CIO/CISO Contact Information on the Okta Support Center or GovCloud Okta Support Center: 

1. To access the Support Center, log in to your Okta Admin Dashboard, click the “?” icon, then click Help Center.
2. From the Okta Support Center or GovCloud Okta Support Center, under your profile, click My account contacts.

3. As a Super Admin, you will be able to see your organization’s contact information, which includes a list of your primary security contacts, CIO/CISO contacts, and IT contacts.

4. If you do not see a contact, you are able to search by clicking on the “search contacts” button and typing the name of the individual you wish to add. NOTE: You can identify multiple contacts as the primary security contacts by selecting and updating them individually. It is recommended to have only one CIO/CISO contact. 

5. Once you select the contact, click Add Contact.

6. Specify the type of contact being added, Primary Security Contact and/or Primary CIO/CISO Contact, and press Confirm. 

7. A pop-up confirmation will display, and the contact will now show in the table. 

8. If you need to add a new contact not currently listed in Okta’s system, click Add new contact.

9. To remove an existing Primary Security or CIO/CISO Contact, click on the remove icon. You can only remove primary security and CIO/CISO contacts from the table. If you need to remove a Primary IT contact, please reach out to your CSM or Account Executive.

Once you add or remove a primary security or CIO/CISO contact, you will receive an email notification with the updates made.

NOTE: If additional contact information, such as a phone number or email address, needs to be updated, contact your CSM or Account Executive.
 

Non Super Admins accessing this page

If someone who is not a Super Admin for your company accesses this page, they will be prompted with the following message:
 

Why is it important

The Primary Security Contact may be used to alert your security and privacy team if Okta identifies a specific threat to your organization requiring notification.  For example, we may notify the Security and Privacy Contact to confirm impact during a security and/or privacy incident, or if we observe that your organization’s environment within the Okta service is the target of a specific attack, or if Okta proactively identifies a customer configuration that leaves your organization exposed to potential attacks.

Customers provide a primary security contact to Okta when a contract is signed, but as people change roles and companies in their careers, these named contacts can change, possibly preventing Okta from effectively communicating security-related information to customers. Okta encourages customers to periodically review their primary security contact to ensure the named individual remains accurate. 

The CIO/CISO Contact is a new contact that is available starting on July 25th, 2024, for non-regulated environments and starting on November 7, 2024, for regulated environments. The CIO/CISO contact is a C-level or most senior person accountable for security in your organization who can be contacted when there is a critical security event or incident, such as to join a web conference or phone call. The CIO/CISO will only be contacted during a critical security event or incident. They will also have access to the Okta Success Hub for personalized videos, personalized business value security snapshots, industry insights, trends, and more. 

Security is always top of mind for Okta and we want to ensure we are doing our part when it comes to security and communication procedures.

Related References

• Okta Contact Definitions