Okta Breached Password Detection

Access Management, Okta WIC Platform, Workflows 1 Minute

Okta recently made its Breached Password Detection Functionality generally available. This functionality is enabled by default. If your user’s credentials appear in a list, Okta notifies you by recording the security.breached_credential.detected event in the System Log.

By default, Okta expires the user’s credentials and requires the user to reset their password the next time they attempt to sign in with their username and password. Additionally, this event can be used to trigger a Workflow or action in a downstream SOAR platform. Detailed instructions for configuring a workflow are available in

Published by Toby Allen

Toby Allen is a Solutions Engineer at Okta focussed on enabling simple secure access to technology everywhere powered by Identity. While working in the communications space for 15 years he developed a keen interest in security, particularly in his 5 years working with communications APIs at Twilio and is a CISSP and CCSP. In 2022 he transitioned fulling into the security space at Okta with Identity as the core enabler of Zero trust and secure access. Holding both an MBA and multiple technical certifications he is able to bridge the gap between executives and technical teams to deliver value to his customers.

Published

2 thoughts on “Okta Breached Password Detection

  1. Correct me if I am wrong, but I believe this Workflow and EventType will only be applicable to Okta-sourced users with passwords created in Okta. AD-sourced or LDAP-sourced users will not be identified with this event type, right?

    Reply

    1. Directory Sourced Users (AD/LDAP) even with delegated Authentication if they put the username/password into Okta can trigger this messaging. You can even see the note linked on the documentation page “For AD-sourced users to reset their password after entering a breached password, you need to enable self-service password reset in your org.”

      Reply

Leave a Reply