Okta
- $100 – $75,000 per vulnerability
Okta - BONUS, Recap, Updates, and Upcoming Targets for 02/2024
Hello Researchers!
In 2023, we had an amazing year and we would like to say thank you to all of the researchers who participated in our bug bounty program and we definitely appreciate every single one of you. Bonus information can be found at the end of this announcement.
Here is a recap of 2023:
- From June - August 2023, we ran a 2-3x multiplier event
- We've added 8 products to the scope of our program
- Okta OIE
- Advanced Server Access
- AtSpoke
- Access Certifications
- Okta Support Portal
- Workflows
- Okta Verify Fastpass
- Okta Device Access
| Name | URL | Change |
|---|---|---|
| Okta OIE | bugcrowd-oie-%username%-#.oktapreview.com | Added |
| Advanced Server Access | app.scaleft.com | Added |
| AtSpoke | bugcrowd-oie-%username%-#.at.oktapreview.com | Added |
| Access Certifications | bugcrowd-oie-%username%-#.oktapreview.com | Added |
| Okta Support Portal | support.okta.com | Added |
| Okta Workflows | bugcrowd-oie-%username%-#.workflows.oktapreview.com | Added |
| Okta Verify Fastpass | Fastpass Documentation | Added |
| Okta Device Access | ODA Documentation | Added |
Phew, that is a lot of functionality you can test!
Registration Information
To start testing on those features you will need to register for an OIE org here Register Here.
- You will need to claim your security codes which is available at the very bottom of the program brief. You will be provided with 5 security codes, use one at a time on the registration page.
- Make sure to use your Bugcrowd ID and NOT your email. For example,
rohkand notrohk@bugcrowdninja.com - Afterwards, refer to the "DO THIS FIRST!" section
To start testing on Okta Support Portal
- Register Here for a Free Trial organization
- You MUST use your @bugcrowdninja.com email address
- Developer Edition orgs are only used to log into support.okta.com
Additional products and features will be added to the program throughout 2024 and we will send out an announcement. So, keep an eye out!
Bonus
We will be providing bonuses for the following targets until end of February 2024.
Bonus Pay Table (Added on top of the normal bounty)
| Target | P1 | P2 | P3 | P4 |
|---|---|---|---|---|
| Okta OIE | $1,000 | $1,000 | $500 | $250 |
| Advanced Server Access | $1,500 | $1,500 | $500 | $250 |
| AtSpoke | $1,500 | $1,500 | $500 | $250 |
| Workflows | $1,500 | $1,500 | $500 | $250 |
| Okta Device Access | $1,500 | $1,500 | $500 | $250 |
| Okta Support Portal | $1,500 | $1,500 | $500 | $250 |
For example, if you reported a P3 for Okta OIE and we've determined the bounty to be $2,500, we will add an additional $500 on top for a total of $3,000.
All eligible reports will be awarded based on severity, to be determined by Okta in its sole discretion.
Keep in mind that no two bugs are created equal. The Okta Security team will determine the nature and impact of the bugs to identify the appropriate payouts around these guidelines. Awards are granted entirely at the discretion of Okta.
Thank you!
Once again, we appreciate all of the researchers who participated in our program and will be looking forward to your next submissions. Thank you!
If you have any questions or run into any issues registering for an Okta OIE organization, please reach out to support@bugcrowd.com.
