Okta, Inc., the leading independent identity partner, announced a series of powerful new capabilities in the Okta Platform designed to secure AI agents and other non-human identities. These enhancements deliver the same level of visibility, control, governance, and automation traditionally reserved for human users, enabling organizations to adopt a unified identity security framework across their entire digital ecosystem—from employees and contractors to API keys and AI-driven agents.
Addressing the Growing Security Challenge of Non-Human Identities
With the use of generative AI rapidly expanding, the number of non-human identities in the enterprise is expected to skyrocket. A Deloitte report forecasts that by 2027, half of all companies leveraging GenAI will also implement AI agents in some form. Many businesses are already deploying hundreds of AI-powered sales development representatives (SDRs) and thousands of virtual customer service agents.
Unlike human identities, non-human entities such as service accounts, shared credentials, break-glass identities, API keys, access tokens, and automation scripts are notoriously difficult to secure. These identities often lack multi-factor authentication, rely on static credentials, and are non-federated—making them prime targets for cyber threats. Exacerbating the risk is their tendency to operate with excessive privileges, resulting in an expanded attack surface and greater blast radius in the event of a breach.
Alarmingly, a recent report found that only 15% of organizations are confident in their ability to effectively secure these non-human identities.
As digital environments grow more complex, and as machines, bots, and agents seek access to increasingly sensitive data, organizations are confronting a surge in identity sprawl. To navigate this new landscape, enterprises need a robust identity security fabric—a unified approach to managing and securing both human and non-human identities at scale.
“Amid the excitement of embracing the next wave of generative AI, companies are moving quickly to deploy agentic use cases, often overlooking the critical need to secure these systems and control the sprawl of non-human identities,” said Arnab Bose, Chief Product Officer, Okta Platform at Okta. “By bringing these identities into the identity security fabric, the Okta Platform can help organizations secure the rising digital labor force with the same rigor and vigilance as the human workforce.”
Also Read: Aviatrix & Megaport Secure Hybrid Edge, Enable Zero Trust
Expanding Identity Security Across All Types of Users
As cloud adoption, SaaS tools, and hybrid work continue to evolve, securing the enterprise has become more fragmented and complex. Traditional, homogeneous technology environments are increasingly rare—and even when they do exist, they come with their own security pitfalls.
This fragmentation creates blind spots, gaps in coverage, and an ever-widening attack surface. Okta’s identity security fabric enables businesses to bridge those gaps by integrating best-in-class security tools, ensuring consistent governance across users and systems.
To meet these demands, Okta is rolling out new platform capabilities that bring together identity posture management, threat mitigation, privileged access, device security, and more—providing a comprehensive solution for every identity type.
What’s New: Key Enhancements to the Okta Platform
Identity Security Posture Management and Okta Privileged Access
New features help organizations discover, manage, and secure non-human identities such as AI agents, automation tools, and API credentials. These capabilities ensure that machine-to-machine communications are governed by Zero Trust principles, while continuously monitoring risks and potential vulnerabilities.
Separation of Duties (SoD)
Now available in GA preview, Okta Identity Governance introduces Separation of Duties (SoD) to reduce the risk of insider threats and compliance breaches. By enforcing access controls based on business rules, SoD ensures users don’t accumulate conflicting roles or permissions that could lead to misuse.
Secure Device Features
Available in Early Access, new Secure Device Features under Okta Device Access and Adaptive MFA integrate device context and hardware protection to streamline authentication, reduce MFA fatigue, and guard against credential theft. These enhancements support Zero Trust access by leveraging contextual signals from users’ devices.
Secure Identity Integrations (SII)
Now generally available, Okta Secure Identity Integrations offer pre-built, out-of-the-box integrations for critical business applications like Microsoft 365, Salesforce, and Google Workspace. These integrations go beyond traditional SSO and lifecycle management, enabling businesses to manage user permissions, uncover hidden risks, and swiftly contain threats using universal logout and automated remediation tools.
Securing Every Identity, in Every Environment
In today’s diverse tech environments, no single organization uses just one set of tools. That’s why Okta’s secure identity integrations are built to unify user context, policies, and risk signals across apps, APIs, and infrastructure—regardless of whether the identity belongs to a human or a machine.
With its latest platform advancements, Okta continues to lead the way in helping enterprises build resilient, scalable identity infrastructures capable of securing the digital workforce of the future—human and non-human alike.