Okta disaster recovery
Okta is designed with a highly resilient architecture that ensures service continuity during regional infrastructure outages. Okta provides all customers with Standard Disaster Recovery across two regions. Each region contains an active-active-active deployment across three availability zones.
When a primary region and availability zones within that region fail due to an infrastructure outage, Okta initiates a failover to a secondary disaster recovery region. This process usually takes one hour to complete after Okta identifies the outage. When an org is failed over, admins have read-only access to the Admin Console. Users can continue to access their apps, but they can't reset their passwords. After the org's primary region is available again, Okta initiates a failback to that region. See Understanding Okta's "Read-only Mode".
Disaster recovery regions
These are the primary and secondary disaster recovery regions for each Production cell:
|
Cell |
Primary region |
Disaster recovery region |
|---|---|---|
| EU1 | Frankfurt | Ireland |
| OK1 | North Virginia | Oregon |
| OK2 | North Virginia | Ohio |
| OK3 | North Virginia | Ohio |
| OK4 | North Virginia | Oregon |
| OK6 | Ohio | North Virginia |
| OK7 | Oregon | Ohio |
| OK8 | Sydney | Melbourne |
| OK9 | Ireland | Frankfurt |
| OK11 | Ohio | Oregon |
| OK12 | Oregon | North Virginia |
| OK14 | Oregon | North Virginia |
| OK16 | Tokyo | Osaka |
| OK18 | Montreal | Calgary |
| OK19 | Mumbai | Hyderabad |
Guidelines and limitations
-
Okta disaster recovery remediates AWS infrastructure, storage, or networking issues that impact core Okta products. When these issues occur, your org may experience elevated authentication failure rates, degraded latency, or HTTP error codes.
-
Okta disaster recovery doesn't protect orgs against the following scenarios:
-
Denial of service or distributed denial of service attacks (sometimes called "request floods")
-
Issues that are related to third-party vendors and app connection
-
Bad actors who delete or modify data
-
Configuration errors
-
-
If your server or network policies restrict traffic to certain IPs, Okta recommends that you allow access to the Okta cell IPs. See Allow access to Okta IP addresses.
Enhanced Disaster Recovery
For customers with more rigorous uptime requirements, Enhanced Disaster Recovery significantly reduces the Recovery Time Objective from one hour to five minutes. In the event of a regional failure, Okta initiates a failover for the affected Production orgs within five minutes.
Enhanced Disaster Recovery doesn't support the following Okta products:
-
Okta Privileged Access (OPA)
-
Advanced Server Access
-
Identity Security Posture Management (ISPM)
-
Okta Workflows
-
Okta Identity Governance (OIG)
-
DynamicScale
-
Identity Threat Protection (ITP)
-
Auth0 Customer Identity Cloud
-
Preview orgs
Self-service Enhanced Disaster Recovery
Early Access release. See Enable self-service features.
Okta provides a self-service app and APIs that admins can use to initiate failover and failback on their Production orgs. When this feature is enabled, the Okta Disaster Recovery Admin app appears on the Okta End-User Dashboard for authorized admins. Okta recommends that admins bookmark the Okta Disaster Recovery Admin app in case their Production org isn't available during an outage.
If you use the Okta Disaster Recovery Admin app to initiate failover for your org, you're responsible for initiating the failback after the disaster is mitigated.
Admins can access the app using any of these authenticators:
-
Okta Verify
-
Okta FastPass
-
Google Authenticator
-
FIDO2 authenticators
-
Email
-
SMS
-
Call factors
-
Security question
-
YubiKey