Overview
Identity informs access. Access protects data.
Our partnership delivers continuous identity-aware zero trust across every user, device, and application.
Our Vision
Our joint vision
Secure every identity, verify all access, protect all data
Streamline access and user experience
Simplify authenticated access to applications through integrations for single sign-on (SSO) and automated provisioning.
Deliver adaptive zero trust security
Dynamically manage access to all applications based on real-time risk signals and user context.
Enhance identity-based threat detection and response
Bidirectionally share threat intelligence to detect and mitigate identity-based threats like credential compromise and insider risks.
Challenges
Enterprise challenges we address together
Poor user access controls—especially during workforce changes or mergers—and a lack of visibility into network traffic leave organizations vulnerable to attacks.
The proliferation of diverse enterprise applications challenges IT with complex access management and creates inconsistent user experiences.
Overprivileged users and inconsistent access controls amplify the risk of identity-based threats, enabling lateral movement.
Static access policies fail to detect critical indicators of compromise, violating the “never trust, always verify” principle of zero trust.
Solution Overview
How we do it
Our joint defense-in-depth integration framework
Use Cases
Use case deep dives
Simplify authentication and automate provisioning
Enable zero trust access to applications, regardless of the user, device, or location.
user access integrations
OIDC and SAML integrations authenticate user identity and auto-provision new users into Zscaler by syncing with the organization’s Active Directory.
SCIM integration automatically syncs users and groups, streamlining life cycle tasks (provisioning/deprovisioning) to keep access updated.
Bidirectional identity and risk context exchange between Zscaler and Okta platforms
Both platforms leverage bidirectional intelligence for synchronized security enforcement actions.
Bidirectional Intel Exchange
Okta ITP continuously shares credential changes, MFA failures, account suspensions, and session revocations for compromised users, with Zscaler.
Zscaler continuously shares high-fidelity network telemetry and deception-induced threat intelligence with Okta.
Access control integration
Zscaler ingests Okta signals to enforce adaptive access in real time.
access control integration
The Adaptive Access Engine ingests user context signals from Okta to continually assess risk.
Okta’s OIDC-based integration triggers step-up authentication for stronger verification when risk signals detect threats.
Zscaler processes the context signals to enforce adaptive access controls for internet (ZIA) and private applications (ZPA), adjusting policies in real time.
Zscaler and Okta's unified threat response with deception-driven identity defense
Zscaler detects identity misuse on the endpoint and network while Okta ITP takes identity/session actions.
Unified threat response
Zscaler Deception uses lures and decoys to detect identity misuse, diverting the threat actor from real assets and gathering intelligence on their actions.
Zscaler shares high-fidelity alerts to Okta for risk evaluation and policy adjustments at the identity layer. Risk telemetry flows from ITP to ZTE, even without triggering Deception.
Okta ITP enforces protective actions such as universal logout while Zscaler adjusts policies to prevent unlawful application access.
Holistic exposure management with Okta
holistic exposure management
Prioritize exposure findings with added context of user access data from Okta.
Identify security control gaps, such as assets missing SSO.
Expedite remediation by understanding impacted users.
Benefits
Maximizing exceptional security outcomes for customers
Benefits of the Zscaler-Okta alliance
Improve user experience
Elevate user productivity with seamless SSO/MFA and automated, accurate provisioning, ensuring instant, secure access to all required applications.
Minimize the attack surface
Reduce attack surface exposure, enforce adaptive zero trust, and leverage rich identity-based threat intel to find signals in the noise.
Reduce risk across network and identity
Get early insights to neutralize identity and network based zero-day threats, ensuring resilient and proactive defenses.
Drive secure M&A divestitures
Automate identity and access separation, optimizing costs and accelerating transaction closure.
Why Zscaler
Why Zscaler and Okta for M&A
Eliminate the need to establish the Active Directory trust between two organizations or clone AD across organizations. Okta integrates with the Active Directory Agent and imports the user and Active Directory groups into Okta.
Accelerate time to value, bringing deal value/ synergies to the forefront and aligning business demands for maximum value capture. Okta provisions access to applications using the imported Active Directory groups from AD.
Mitigate and control risks by keeping your shields up, even when connecting cross-organizational assets and users. Okta Universal Directory unifies identity and access and can be leveraged as a single source of truth.
Optimize costs and simplify integration/separation projects. API access enables Okta Workflow Automation to streamline user, group, and IT provisioning with fewer manual steps and faster onboarding.
Customer Success Stories
What customers are saying
Learn how customers are leveraging the Zscaler and Okta integrations to deliver fast, secure access, lower costs, and advance their zero trust strategies.
DXC Technology
Zscaler and Okta provide DXC users with fast, secure access to internet and SaaS applications anywhere.
Read the story
Guaranteed Rate
Guaranteed Rate blocks millions of threats and gains 2-3x faster access to apps with Zscaler and Okta.
Read the story
Ciena
Ciena reduced their support tickets by 70% after implementing ZPA to replace their VPNs and using Okta for SSO.
Read the story
Careem
Zscaler and Okta deliver seamless authentication and security as part of Careem’s zero trust solution.
Read the story