Oktane, Identity, AI/ML

Okta beefs up its platform, takes it on-prem at Oktane

Okta SVP of Product Design Kristen Swanson speaking at Oktane 2025.

Okta SVP of Product Design Kristen Swanson speaking at Oktane 2025. Credit: Paul Wagenseil/SC Media

Please visit our Oktane 2025 page for complete coverage of the event.

Top executives from Okta ran through recent and brand-new updates to the Okta Platform at the Oktane 2025 conference in Las Vegas last week, highlighting features such as Cross App Access, Secure Identity Integrations, on-premises access and the extension of many of Okta's enterprise features to its customer-facing offering, Okta Customer Identity.

"We've been saying it for years: To get security right, you have to get identity right," said Kristen Swanson, Senior Vice President of Product Design and Research at Okta.

Keeping AI agents in check

Swanson asked how many in the keynote audience were already deploying AI agents in their organizations, and many hands went up. But she reminded the Oktane attendees that AI agents are "unpredictable, non-deterministic, connected to all of your tools and data, and being deployed faster than we can secure them."

"In this year's Okta AI at Work report, almost every organization rolling out AI agents stated that they don't have a strategy or a roadmap for managing them," Swanson pointed out. "Identity remains the security perimeter, but the old categories of tools will not work for these new problems."

Fortunately, Swanson said, Okta's experience and expertise has let it develop new tools that will work to manage and control AI agents.

"We've secured non-human identities for years. You know, those rogue service accounts and static credentials," she said. "And we've secured those unpredictable, non-deterministic identities for years, too: Humans. With the arrival of AI agents, we need to combine these two capabilities and provide security for non-human, non-deterministic entities."

The result is, Swanson said, is the "identity security fabric" that Okta unveiled this past April, when it was defined in a blog post as "a unified framework for securing, managing, and governing both non-human and human identities across ecosystems at scale."

Swanson explained that the identity security fabric can best be achieved by taking all of Okta's offerings as a bundle in the form of the Okta Platform.

"Working with a problem of this scale requires a holistic approach," she said. "Duct-taping a bunch of point solutions together, it just won't work."

She took a subtle swipe at competitors who might be offering similar identity-management platforms.

"Buyer beware, a consolidated contract that checks the box on a laundry list of features is not the same as a unified identity security platform," Swanson said. "You need a platform that delivers comprehensive security outcomes. This means a single platform for every identity type, every identity use case, and every resource type fused together with end-to-end orchestration."

And she didn't hold back on enthusiasm for her own company's products.

"Achieving end-to-end security outcomes through seamless orchestration is the only way to navigate our AI-enabled future," she added. "Okta already has a suite of products beyond core access management. From posture management to governance, privileged access, device access, and identity threat protection. Each is individually excellent, but collectively, they are spectacular."

Working with other SaaS apps

Swanson touted Okta's Secure Identity Integrations, a recent rollout of deep integration between Okta and some 50 commonly used business SaaS applications such as Google Workspace, Zoom, Slack and Salesforce, as well as Okta for AI Agents, which her boss, Okta Co-Founder and CEO Todd McKinnon, had unveiled earlier that day on the same stage.

She brought out Box Chief Technology Officer Ben Kus, whose own SaaS product has an Okta Secure Identity Integration and whose company uses Okta in the office.

"Our whole life is unstructured data," said Kus, who explained that AI has finally made it possible to quickly search through a jumble of documents, images, audio, video and other files.

But, he admitted, there's a danger in not knowing what AI agents have access to, and who has access to AI agents.

"If you don't get this kind of thing correct, then you end up not being able to deploy AI agents," Kus said.

"Working with Okta and the different frameworks and the different products you just announced, we think it's critical to build not just a bunch of security AI agents, but a bunch of security AI agents that work together in an AI agent ecosystem," Kus added. "We think this is a big part of what every enterprise has been thinking about going forward."

The business case for managing AI agents

Swanson handed the mike to Jack Hirsch, Okta Vice President of Product, who spoke about how strict management of AI helped organizations move forward more quickly.

"The conversations we're having are not just about risk. They're about ambition," Hirsch said. "But as security leaders, you know that a wave of uncontrolled, invisible agents creates unacceptable security gaps. And the core challenge is this: How do you say yes to the business without losing control?"

However, he added, the solutions already exist, and the best practices to secure AI agents are not new.

"In every conversation with our customers, we hear the same three needs for AI agents," he said. "Visibility: Where are they and who owns them? Control: What apps and data can they access? And governance: How do we keep them and their access secure over time?"

Okta's platform provides each of those things, Hirsch said, and smooths the way toward success.

"This is how we help you say yes to the business," he said. "With Okta, you can finally have a security framework that enables rather than inhibits AI adoption. With Okta, you can secure the end-to-end thread for AI agents before, during, and after authentication."

One of the keys to Okta's AI management is Cross App Access, the company's name for a draft extension to the OAuth authorization standard that directly manages AI agents and will be broadly available in 2026. Hirsch explained that Cross App Access delivers what he called "three critical benefits."

"First, admins are back in control," he said. "It replaces those end-user consents with a centralized set of security policies that you define and manage. Second, it eliminates all standing access. Policies are enforced in real time for every single connection. And third, users no longer see those dreaded thousands of OAuth consent screens. This removes the risk of poor authorization and is a massive improvement in user experience."

Hirsch detailed how many features that Okta has offered for its business and enterprise customers are now being ported to Okta Customer Identity, its identity-management software for online retailers. Among those features are passkeys, identity governance, identity and threat protection and advanced directory management. 

"We're extending the Identity Security Fabric to cover every customer and every partner you work with before, during, and after authentication," he said.

And, he added, Okta itself was using AI to detect and remediate suspicious behavior in user sessions.

"At Okta, we are both doing security for AI, but also AI for security," Hirsch said.

To infinity, and beyond

Finally, Okta Chief Technology Officer and Head of Engineering Abhi Sawant to announce that Okta's Identity Security Posture Management (ISPM) service was no longer confined to cloud, web and SaaS applications, but to on-premises assets too.

"An identity security fabric must extend to every single resource in your enterprise," Sawant said. "That's because for many of you, your biggest challenges and risks are not in the cloud. They're in the on-premises environment you've been relying on for decades."

This applies even to Microsoft Active Directory, Sawant said. And as a bonus, Okta Access Gateway would now work offline for on-prem cases.

In the cloud, he added, ISPM will also now cover applications and services compatible with the SCIM protocol (once short for Secure Cloud Identity Management, now System for Cross-domain Identity Management).

This extends Okta identity protection from the ground up to the sky, Sawant said.

"A scattered collection of point solutions is no longer a viable strategy," he said. "You need a single identity security fabric that secures every identity and every use case, from your customers, employees, partners, and yes, AI agents. One that protects every source, from the cloud to your on-premises environment."

Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Related

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Basic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Digest AuthenticationDigital CertificateDiscretionary Access Control (DAC)

You can skip this ad in 5 seconds