Okta Status

We sincerely apologize for any impact this incident has caused to you, your business, and your customers. At Okta trust and transparency are our top priorities. Outlined below are the facts regarding this incident. We are committed to implementing improvements to the service to prevent future occurrences of this incident. Detection and Impact: On June 2nd, 2026, at 2:36 AM PT, Okta internal monitoring alerted our team to elevated errors in the OK9 environment. During this period, administrators and end users may have experienced intermittent 500 Internal Server errors when trying to access Okta services. Additionally, Admins may have encountered error messages when fetching certain records. Root Cause Summary: The incident was triggered by a misconfiguration introduced during a scheduled maintenance of the environment. This maintenance introduced an error that caused connectivity issues within specific infrastructure components. Only a small percentage of the infrastructure was affected during this period. Remediation Steps: Okta's engineering team identified and isolated impacted infrastructure at 4:01AM PT. These actions successfully addressed the issue, and normal operations were restored by 4:17 AM PT. Preventative Actions: In order to prevent similar incidents from happening again, Okta is currently reviewing the following: Incident response processes, procedures, and investigation tools to more rapidly diagnose similar issues in the future. Risk evaluation processes to include expanding error types and adding additional appropriate corresponding alerts and monitoring associated with vulnerability updates. These learnings work to prevent similar incidents from happening again and, in cases like these, allow Okta to respond faster when possible. Duration (# of minutes): 100

We sincerely apologize for any impact this incident has caused to you, your business, and your customers. At Okta, trust and transparency are our top priorities. Outlined below are the facts regarding this incident. We are committed to implementing improvements to the service to prevent future occurrences of this incident. Detection and Impact: On April 30th, 2026, at 10:57 AM PT, Okta internal monitoring alerted our team of login issues for users accessing Okta Preview Cell 1. During this period, customers may have received 500 errors for query timeouts and were unable to log in. Root Cause Summary: The incident stemmed from a database query change. The updated query intermittently exceeded its timeout limit across several login endpoints. Consequently, users experienced 500 errors and were unable to log in. Remediation Steps: Upon receiving the alerts, Okta Engineering immediately launched an investigation. By 1:02 PM PT, the team took initial mitigation steps to resolve the issue, however these steps did not resolve the issue. The incident response team continued to triage and diagnose the issue and identified the root cause related to the updated database query change at 4:50 PM PT. The team reverted the new query behavior at 5:00 PM PT in Preview Cell 1, and full service functionality was restored by 5:05 PM PT. Preventative Actions: In order to prevent similar incidents from happening again, Okta is currently reviewing the following: -Reviewing incident response processes and investigation tools to more rapidly diagnose similar issues in the future -Risk evaluation processes associated with query updates -Alerts and monitors associated with the database proxy These learnings work to prevent similar incidents from happening again and, in cases like these, allow Okta to respond faster when possible. Duration (# of minutes): 375

We sincerely apologize for any impact this incident has caused to you, your business, or your customers. At Okta, trust and transparency are our top priorities. Outlined below is the RCA summary for a recent incident where a third-party provider or downstream service experienced an issue that impacted the Okta service. We are committed to implementing improvements to the service to prevent similar occurrences. Detection and Impact: Customers using the third-party service Kolide began reporting that attempts to sign in to their orgs redirected to an unrelated tenant and received an HTTP 400 error with the message “Login Failed - 400: Bad Request Error Code: GENERAL_NONSUCCESS” Root Cause Summary: Kolide has confirmed for Okta that an incident occurred with their Device Trust SAML authentication system, resulting in some users being redirected to an incorrect service provider after completing authentication. This resulted in users receiving a 400 error. Kolide reported that users were unable to access their intended application, any unauthorized applications, or any unauthorized environments. Remediation Steps: Okta Support advised customers that they could temporarily disable their Kolide integrations to allow their users to successfully access their services. Timing: Kolide reports: Incident start: April 22, 2026, at 8:24 AM PDT Incident resolved: April 22, 2026, at 8:30 AM PDT Duration (# of minutes): 6 Minutes

We sincerely apologize for any impact this incident has caused to you, your business, or your customers. At Okta, trust and transparency are our top priorities. Outlined below are the facts regarding this incident. We are committed to implementing improvements to the service to prevent future occurrences of this kind. Detection and Impact: On April 13, 2026, at 11:51 AM PST, an incident was reported where Okta Identity Governance (OIG) access requests stalled in the "In Progress" state indefinitely across all environments. The system accepted initial submissions and first-level approvals, but failed to trigger subsequent automated tasks like assigning users to apps/groups or running delegated workflows. . Root Cause Summary: During a recent update deployment, new tasks inadvertently moved to a 'LOCKED' status without implementing the necessary logic to transition them back to 'OPEN.' This caused the tasks to become permanently hidden, preventing the automated execution of the action associated with them. Remediation Steps: Okta's engineering teams promptly responded, initiating immediate detection and diagnosis. Corrective measures, including a code fix deployed to all cells, were implemented to prevent any new access requests from becoming stuck. A remediation migration successfully transitioned most affected requests to a fixed state. Normal functionality was fully restored by April 13, 2026, at 5:18 PM PST, following the completion of a final migration to unblock remaining requests.On April 14, 2026, Okta took further steps to resolve in-flight requests that were stuck, moving them to a final, terminal state. Preventative Actions: Okta is taking several steps to prevent this issue from recurring. These include enhanced testing, deployment of safeguards, and improvements to our monitoring and alerting systems. Duration (# of minutes): 434

We sincerely apologize for any impact this incident has caused to you, your business, or your customers. At Okta, trust and transparency are our top priorities. Outlined below is the RCA summary for a recent incident where a third-party provider or downstream service experienced an issue that impacted the Okta service. We are committed to implementing improvements to the service to prevent similar occurrences. Detection and Impact: Okta internal monitoring alerted our engineering team to disruptions to the Okta status page and the commercial support portal. Okta Engineering identified a service disruption with our third-party provider and confirmed the impact. During the disruption, customer admins were unable to access the Okta Support Center (support.okta.com) to log support cases or view the primary status page (status.okta.com). Root Cause Summary: Okta's third-party provider, responsible for hosting the Okta Support Center and status page, experienced a service disruption. The third-party provider identified a version mismatch between their application and database layers as the technical trigger. This mismatch resulted in internal server errors and login failures, rendering the Okta Support Center and status page inaccessible for a portion of their disruption. Remediation Steps: Okta teams posted an admin banner within the Okta Admin Console to provide visibility into the disruption and offer a phone number for customers who needed to log support cases manually while the Okta Support Center was unavailable. Services were fully restored after the third-party provider successfully deployed a fix-forward release to the impacted infrastructure, which restored login access. Preventive Actions: As part of Okta's commitment to operational resilience, we have optimized our vendor engagement matrix to accelerate incident mitigation and downstream coordination. We are also conducting an expanded audit of external dependencies to formalize alternative response procedures within our disaster recovery plans. Simultaneously, Engineering has enhanced real-time monitoring and alerting for service endpoints, enabling faster detection and resolution. Timing: Incident start: March 16, 2026, at 08:58 PM PDT Incident resolved: March 16, 2026, at 11:34 PM PDT Duration (# of minutes): 156 minutes

We sincerely apologize for any impact this incident has caused to you, your business, or your customers. At Okta, trust and transparency are our top priorities. Outlined below are the facts regarding this incident. We are committed to implementing improvements to the service to prevent future occurrences of this kind. Detection and Impact On March 13, 2026, at 10:49 AM PT, Okta detected a service degradation that prevented some customers on the OK1 and EU1 cells from performing directory operations, viewing or searching for users, groups, and devices in the Okta Admin Console. Customers may have experienced "Invalid search query" messages or 5xx errors. This issue also affected several API endpoints related to users, groups, and devices, which may have impacted customer integrations relying on this functionality. End-user authentication was not impacted. Root Cause Summary The root cause of this incident was a planned configuration change that exposed a bug in the underlying service, resulting in system errors and disrupting both directory-based APIs. Remediation Steps Upon detection, Okta's engineering teams initiated incident response procedures. Once the problematic configuration change was identified as the source of the errors, it was immediately reverted. After the reversion was applied and verified, full functionality was restored to all impacted customers. Preventative Actions Okta is taking steps to prevent future occurrences of this kind, including enhancing our testing processes, hardening and improving our configuration rollout strategy, and upgrading our monitoring and alerting systems for enhanced detection. Start Time: 03/13/2026 10:17 AM PT End Time: 03/13/2026 11:21 AM PT Duration (# of minutes): 64

On February 4th, 2026, at 3:33 AM PT, Okta received customer reports of authentication failures within the OK9 (EMEA) cell. Customers attempting to access LDAP interface services encountered certificate validation errors related to hostname mismatches, preventing successful authentication. Root Cause Summary: The incident was triggered by a misconfiguration introduced during a scheduled update of our LDAP interface to a new configuration source on February 4th 2:24 AM PT. This update inadvertently applied an incorrect SSL certificate profile to the LDAP interface within the OK9 environment. This misconfiguration caused certificate validity errors, resulting in connection issues when attempting to use LDAP services. Remediation Steps: Once the source of the issue was identified, Okta engineering team rolled back changes at 4:07 AM PT. These actions successfully addressed the issue and restored normal operations by 4:26 AM PT. Preventative Actions: To prevent future incidents, Okta has updated synthetic tests and enhanced monitoring. Teams also plan to add new tooling to improve changes to the LDAP service certificates. In addition, we are reviewing our internal processes and procedures, refining our automated rollback processes to further reduce the customer impact time for similar issues in the future. Duration (# of minutes): Total Duration (Minutes): 122 minutes Actual Time: 02:24 AM PT - 04:26 AM PT

No update message available.

Following is the RCA summary for a recent incident where a third-party provider or downstream service experienced an issue that impacted the Okta service Timing: Incident start: January 22, 2026, at 10:55 AM PST Incident resolved: January 22, 202,6 at 7:50 PM PST Detection: The issue was initially identified through customer reports that they were not receiving expected email notifications. Okta Engineering confirmed the service disruption after internal monitoring indicated a high volume of deferred email delivery attempts to specific third-party domains. Impact: Customers across all Okta cells with email addresses hosted by Microsoft Exchange Online may have experienced intermittent delays or failures in receiving automated email notifications, such as Multi-Factor Authentication (MFA) codes and enrollment links. Okta services remained healthy and attempted to resend deferred messages. Root Cause: Microsoft reports that it experienced a service issue within its North American data centers during a planned maintenance activity. As a result, emails sent from Okta to the affected provider resulted in “soft bounce” errors, indicating that the provider's servers were temporarily unable to accept the messages. Remediation Steps: To mitigate the impact on users attempting to sign in, Okta recommended using alternative MFA factors, such as Okta Verify, security keys, or SMS, to bypass delays associated with email delivery. Okta Engineering continuously monitored the third-party provider's recovery efforts and validated that mail delivery returned to baseline levels once the provider stabilized their environment.

Following is the RCA summary for a recent incident where a third-party provider or downstream service experienced an issue that impacted the Okta service. Timing: Incident start: January 19, 2026, at 10:10 AM PST Incident resolved: January 20, 2026, at 11:49 AM PST Detection: Okta teams were notified via customer cases and an increase in Google Workspace import errors. Impact: Any customers performing Google Workspace imports during the incident window may have encountered an error stating “UserImportJob: Failed to download users. Json field=primaryEmail does not exist for object=[...]” Root Cause: Google Workspaces, a third-party provider, confirmed that a faulty code change introduced caused certain fields, such as primary email addresses, to be missing in API call results. As a result, Okta imports from Google Workspace could not complete, leading to import failures. Google provides additional details for this disruption: https://www.google.com/appsstatus/dashboard/incidents/9q5n4sfDnxYzHj8FxEua Remediation Steps: Okta teams soon identified that a provider-side disruption was the cause of the incident and opened a formal support case to track the resolution. The third-party provider resolved the incident by rolling back a faulty code change and restoring the missing metadata. Recovery occurred in stages, with some customers successfully remediated before others. Okta teams monitored the recovery in real-time and confirmed successful import signals across multiple impacted customers before standing down.