Okta
BitLyft AIR® v1.20 expanded Okta identity protection with 13 new detection policies and Compromised Okta Account Automations — enabling automated containment the moment identity threats are detected.
13
Detection Policies
1
Automated Playbook
v1.20
Available Since
Automated Identity Threat Response for Okta
Okta is the front door to your applications. When an Okta identity is compromised, attackers gain access to every application protected by it. BitLyft AIR® v1.20 introduced 13 new Okta detection policies targeting the most common attack patterns — impossible travel, credential stuffing, MFA bypass, privilege abuse, and more.
Combined with the Compromised Okta Account Automation, AIR® can detect a threat, suspend the account, revoke sessions, clear MFA factors, and notify the analyst — all without manual steps.
13 Out-of-the-Box Detection Policies
Impossible Travel Login
High-Risk IP Sign-In
Brute Force Attack
Credential Stuffing
Account Lockout Spike
New Device or Location Login
Admin Role Assigned
MFA Disabled for User
Suspicious API Token Activity
Policy Modification by Admin
Application Access Anomaly
Phishing-Resistant MFA Bypass Attempt
Privileged Account Sign-In Anomaly
Compromised Okta Account Automation
When a detection policy triggers on an Okta identity event, the Compromised Account Automation executes a full response workflow — from enrichment to containment to analyst notification.
Detect Threat
A detection policy identifies a high-risk Okta event such as impossible travel or credential stuffing.
Enrich Context
AIR® pulls user details, device, and IP reputation data to assess the severity.
Contain Account
The user is suspended in Okta, active sessions are revoked, and MFA factors are cleared if compromised.
Notify & Document
The analyst receives a case with full context, actions taken, and recommended next steps.
Protect your Okta identities automatically.
See how AIR® detects and responds to Okta identity threats in real time — without analyst intervention.
Schedule a Demo