What is Identity Threat Protection with Okta AI (ITP)?

Okta Identity Threat Protection with Okta AI (ITP) is a new Workforce Identity Cloud (WIC) product that continuously monitors your organization for real-time Identity-based threats and provides an adaptive threat response based on the risk level. ITP ingests signals from some security systems and uses advanced machine learning (ML) for real-time detection, dynamic risk scoring, and inline response to attacks. It provides comprehensive identity threat analytics, detections, and risks.

ITP is now generally available for Okta practitioners. 

How does it extend Okta’s current security framework? 

ITP continuously evaluates your session against global session and authentication policies to identify context changes during the user sign-in and after authentication. 

• ITP provides a framework to configure Entity risk policy to monitor your org for specific threats and configure automatic actions in response to identified risks. 
• ITP provides an option to configure real-time adaptive responses to remediate identity threats. You can select universal logout to terminate the user’s access to some apps or run a predefined threat response Okta Workflow. If the global session or authentication policy requires additional verification, the user is automatically prompted for Multi-Factor Authentication (MFA). 
• ITP introduces a new tab, Risk, to display risk detections associated with a user. Additionally, it provides new dashboard widgets and reports to identify at-risk users, associated risk levels, and the type of risk detection.  

What risk types does ITP evaluate?

ITP evaluates the following risks for threat detection: 

• Login Risks: The risk is calculated at the initial point of authentication to protect your applications against unauthorized access. This is an existing capability of Okta. 
• Session Risks: The risk is calculated by continuously reevaluating the probability of compromise throughout an active Okta session, such as suspicious activities that occur post-authentication.
• Entity Risks: The risk is calculated by evaluating risk across the entire spectrum of a user identity, such as an individual's credit score. It provides a holistic assessment of the probability a user account is compromised aggregated across sessions, devices, and applications.

Available Resources

• Set up ITP Guide
• ITP Observability Guide
• ITP Product Hub 
• ITP Product Documentation