• $100 – $25,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Program stats

148 vulnerabilities rewarded

Validation within 10 days
75% of submissions are accepted or rejected within 10 days

$1,777.27 average payout (last 3 months)

Latest hall of famers

Recently joined this program

625 total


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

We believe community researcher participation and building a secure foundation plays an integral role in protecting our customers and their data. We appreciate all security submissions and strive to respond in an expedient manner.

Okta is a cloud-based identity service that connects people to their applications from any device, anywhere, anytime. The Okta Identity Cloud provides directory services, single sign-on, strong authentication, provisioning, mobile device management and API access management. It comes with built-in reporting, and integrates deeply with cloud, mobile and on-premises applications, directories and identity management systems.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In addition to the above standard disclosure terms, by participating in this program, you're agreeing to abide by Okta's Vulnerability Disclosure Policy and Supplemental Terms.

This bounty requires explicit permission to disclose the results of a submission.