Okta
- $100 – $75,000 per vulnerability
Okta Workflows & Access Certifications Added to the Scope
Hello Researchers!
We have exciting news. We are adding more to our scope!
Today, we are adding Okta Workflows & Access Certifications.
| Name | URL | Description | Change |
|---|---|---|---|
| Okta Workflows | bugcrowd-oie-%username%-#.workflows.oktapreview.com | Documentation can be found here | Added |
| Access Certifications | bugcrowd-oie-%username%-#.oktapreview.com | Documentation can be found here | Added |
These features will be available in your Okta OIE orgs. If you haven't registered for an Okta OIE org, you can follow the instructions under the Okta OIE target group.
Workflows
To access you can go to Okta Admin Dashboard -> Workflow -> Workflows Console
Testing for Denial of Service issues and testing with any sort of automation is STRICTLY out of scope. This will result in an immediate removal from Okta Workflows and in some cases, the Okta bug bounty program.
Focus Areas for Workflows
- Ability to perform SSRF with Flo cards
- Ability to provision and deprovision Workflow orgs
- Performing Flo actions across orgs
- Viewing sensitive information across orgs
- Ability to escape from sandbox using API Endpoint & Return Raw
Access Certifications
To access you can go to Okta Admin Dashboard -> Identity Governance -> Access Certifications
As always, please be sure to review the program brief in detail, and if you have any questions, please reach out support@bugcrowd.com.
Happy Hunting!
