Breached credentials protection
This feature helps you detect and remediate credential breaches in your Okta environment, and lets you customize the Okta response.
Okta monitors third-party lists of public data breaches for username-password combinations in your org. When a user signs in, Okta checks if their credentials appear in a list. If so, Okta expires the password according to the password policy configuration and ends all of their related Okta sessions. Okta records the security.breached_credential.detected event in the System Log, and the user is required to reset their password the next time they attempt to sign in.
This feature is only available in password policies used for Okta and Active Directory authentication providers. It isn't available in password policies used for LDAP authentication providers.
How it works
Breached credentials protection is a security setting in your password policy.
The password authenticator is active by default for Okta users, and its policy controls password requirements like complexity, age, minimum length, and lock out settings. The breached credentials protection feature adds Password Security options to this policy, so that you can expire the password early or perform custom actions through Okta Workflows in the event of a breach. Okta provides sample credentials that you can use to test your Password Security settings.
After you configure the feature, Okta begins detection and remediation whenever the credentials are used to sign in. Because the check happens during sign-in requests only, this feature doesn't retroactively check for breached credentials.
Topics
Configure breached credentials protection