Evidence

Okta, Inc. is an American identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, websites, web services, and devices. It was founded in 2009 and had its initial public offering in 2017.

Microsoft Entra ID is a cloud-based identity and access management (IAM) solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services, such as Microsoft 365, Dynamics 365, Microsoft Azure, and third-party services.

Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver. It was a publicly traded company until getting acquired by Thoma Bravo and taken private in October 2022.

Identity and access management or Identity management (IdM) is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IAM systems fall under the overarching umbrellas of IT security and data management.

JumpCloud is an American enterprise software company headquartered in Louisville, Colorado. The company was formally launched in 2013. JumpCloud offers a cloud-based directory platform that centralizes identity, access, and device management for both human and non-human identities.

Gartner Magic Quadrant for Access Management. A graphical competitive positioning of Leaders, Visionaries, Niche Players and Challengers (December 2024 edition).

GLEIF fuzzy/exact-match lookups returning LEIs for Microsoft (INR2EJN1ERAN0W5ZP974), Okta (549300N8J06I8MRHU620), Ping Identity (254900DJEBSADAC6R313), SailPoint (529900U0N6Y2D8P43A67), CyberArk (529900YEXNDM894PWS93), IBM (VGRQXHF3J8VDLUA7XE92), Oracle (1Z4GXXU7ZHVWFCD8TV52).

On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer's Okta account. The threat actor (Lapsus$) had access to a Sitel support engineer's laptop from January 16-21, 2022.

A threat actor gained unauthorized access to files inside Okta's customer support system associated with 134 Okta customers, or less than 1% of Okta customers. Subsequent disclosure (Nov 29 2023) confirmed names and email addresses of all Okta customer-support system users were also exfiltrated.

Scattered Spider threat actors use social engineering to convince IT helpdesk personnel to reset passwords and/or MFA tokens. Notable targets included MGM Resorts and Caesars Entertainment in September 2023.

Thoma Bravo will acquire SailPoint for $65.25 per share in an all-cash transaction that values SailPoint at an equity value of approximately $6.9 billion. Closing in the second half of 2022.

Software investor Thoma Bravo acquired ForgeRock in an all-cash transaction valued at approximately $2.3 billion and combined ForgeRock into its portfolio company Ping Identity (August 23, 2023).

CyberArk intends to acquire Venafi for an enterprise value of approximately $1.54 billion in a combination of cash and CyberArk shares. Deal closed October 1, 2024 per CyberArk Q4 2024 investor materials.

Announced July 30, 2025 at approximately $25 billion. Completed February 11, 2026. The addition of the CyberArk Identity Security Platform enables Palo Alto Networks to secure every identity across the enterprise — human, machine, and AI.

Beginning May 15, 2023, Storm-0558 used forged authentication tokens to access user email from approximately 25 organizations, including government agencies. State Department detected the activity via enhanced (G5) logging.

Azure Active Directory (Azure AD) is being renamed to Microsoft Entra ID as part of our commitment to simplify secure access experiences. Announced July 11, 2023.

Thoma Bravo-backed SailPoint raised $1.38 billion in an upsized IPO and began trading on Nasdaq under ticker SAIL on February 13, 2025 at a $12.8 billion market value.

Cisco acquired Duo Security for $2.35 billion in cash and assumed equity awards for 100% of Duo's outstanding shares, warrants and equity. Closed October 1, 2018.

Okta, Inc. today (May 3, 2021) announced the successful completion of its acquisition of Auth0. All-stock transaction valued at approximately $6.5 billion at announcement.

On acquisition completion, ForgeRock merged into Ping Identity. Thoma Bravo buys third identity company this year with $2.3B ForgeRock acquisition.

The FIDO Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that 'help reduce the world's over-reliance on passwords.'

NIST Special Publication 800-207, Zero Trust Architecture, Date Published: August 2020. The U.S. federal-government anchor publication for ZTA reference architectures.

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. OpenID Connect (built on OAuth 2.0) was finalized in 2014.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). It defines an API that websites use to authenticate with WebAuthn credentials (passkeys) and outlines what WebAuthn authenticators should do.

Apple, Google and Microsoft today (May 5, 2022) announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Originally, only centralized domain management used Active Directory; it has since become an umbrella for various directory-based identity-related services.

Privileged Access Management (PAM) is a type of identity management and branch of cybersecurity that focuses on the control, monitoring, and protection of privileged accounts within an organization.

Zero trust architecture (ZTA) is a design and implementation strategy of IT systems. The principle is that users and devices should not be trusted by default, even if they are connected to a privileged network such as a corporate LAN.

CVE-2022-26923, CVE-2021-42287, CVE-2021-42278 — three Microsoft Active Directory Domain Services privilege-escalation vulnerabilities catalogued in KEV with known ransomware-campaign use for the two 2021 CVEs.

Phishing is the most common credential-related attack. Stolen credentials remain among the most prevalent initial-access vectors in confirmed data breaches.

Multi-factor authentication (MFA), also known as two-factor authentication (2FA), is an electronic authentication method in which a user is granted access only after successfully presenting two or more distinct types of evidence.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.