Okta, Inc., a leading independent identity provider, has announced new updates to the Okta Platform aimed at helping businesses secure AI agents and other non-human identities. The new features bring a unified, end-to-end identity security fabric to organisations, allowing them to manage and protect all types of identities, including AI agents, API keys, and employees.
With the use of generative AI continuing to rise, the number of non-human identities is expected to grow rapidly. Deloitte forecasts that by 2027, half of all companies using generative AI will adopt agents in some form. Some businesses are already deploying hundreds of AI sales development representatives and thousands of customer service agents.
Non-human identities, such as service accounts, shared accounts, break-glass identities, API keys, access tokens, and automation tools, are often difficult to secure. Many of these identities are non-federated, lack multi-factor authentication, and rely on static credentials that are rarely updated. These vulnerabilities, combined with excessive access privileges, create attractive targets for cyber attackers. In 2023, only 15% of organisations reported confidence in their ability to secure these identities.
As the number of devices and identity types grows, managing this complexity becomes increasingly challenging. Okta believes that organisations now need to implement an identity security fabric – a unified framework designed to secure, manage, and govern both human and non-human identities across their ecosystems at scale.
“Amid the excitement of embracing the next wave of generative AI, companies are moving quickly to deploy agentic use cases, often overlooking the critical need to secure these systems and control the sprawl of non-human identities,” said Arnab Bose, Chief Product Officer, Okta Platform at Okta. “By bringing these identities into the identity security fabric, the Okta Platform can help organisations secure the rising digital labour force with the same rigour and vigilance as the human workforce.”
Expanding capabilities for stronger identity security
The rise of cloud services, SaaS applications, remote work, and now non-human identities has reshaped the security landscape. Organisations are no longer working with uniform tech stacks, which would present risks of their own. Instead, fragmented systems have created complexity, security gaps, and a broader attack surface, making it harder for security teams to maintain oversight.
An extensible identity security fabric allows organisations to connect diverse security tools across their enterprise while building tailored technology stacks. To achieve this, businesses need advanced identity tools, including posture management, threat protection, privileged access, governance, and device access.
Okta’s new and enhanced platform capabilities offer comprehensive security for both human and non-human identities, with solutions that are seamlessly interconnected and fully integrated throughout the organisation.
Among the latest features is Identity Security Posture Management (ISPM) and Okta Privileged Access. These updates provide an end-to-end solution for protecting AI agents and other non-human identities, such as service accounts, shared accounts, break-glass identities, API keys, access tokens, and automation tools. Companies can now better discover, secure, and manage these identities, ensuring AI-driven automation and machine-to-machine interactions are governed under Zero Trust policies. The tools also deliver continuous monitoring of risks and vulnerabilities associated with non-human identities.
Additionally, Okta is introducing Separation of Duties (SoD) within Okta Identity Governance, now available to customers in GA preview. SoD ensures that users do not accumulate conflicting access permissions, helping to prevent fraud, meet regulatory compliance requirements, and reduce the risk of insider threats by enforcing policies based on pre-defined business rules.
Secure Device Features are also being launched under Early Access. These updates within Okta Device Access and Adaptive MFA aim to minimise MFA fatigue and the risk of credential theft. By integrating device context and hardware protection into Zero Trust access control, they offer a more secure and seamless user experience.
Securing every application with integrated identity solutions
Recognising that no enterprise has a fully homogenous technology environment, Okta emphasises the need for deep and secure identity integrations across all applications in use. This approach brings together user context, resources, policies, and risk signals across infrastructure, apps, APIs, and more, regardless of the identity type.
To support this, Okta is making Secure Identity Integrations (SII) generally available. These integrations offer a high level of out-of-the-box security for critical business applications. Available within the Okta Integration Network, companies can now quickly configure deep integrations for platforms such as Google Workspace, Microsoft 365, and Salesforce. These integrations go beyond traditional single sign-on and lifecycle management, enabling businesses to manage user privileges, identify hidden risks, and respond to threats through built-in remediation and universal logout features.
By extending its identity security fabric to non-human identities, Okta is helping organisations face the growing challenges of the AI era with greater confidence and resilience.
