Okta

  • $100 – $25,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Program stats

169 vulnerabilities rewarded

Validation within about 1 month
75% of submissions are accepted or rejected within about 1 month

$234.37 average payout (last 3 months)

Latest hall of famers

Recently joined this program

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

We believe community researcher participation and building a secure foundation plays an integral role in protecting our customers and their data. We appreciate all security submissions and strive to respond in an expedient manner.

Okta is a cloud-based identity service that connects people to their applications from any device, anywhere, anytime. The Okta Identity Cloud provides directory services, single sign-on, strong authentication, provisioning, mobile device management and API access management. It comes with built-in reporting, and integrates deeply with cloud, mobile and on-premises applications, directories and identity management systems.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In addition to the above standard disclosure terms, by participating in this program, you're agreeing to abide by Okta's Vulnerability Disclosure Policy and Supplemental Terms.

This bounty requires explicit permission to disclose the results of a submission.