Last week, attendees flocked to Oktane 2025, Okta’s annual customer and partner jamboree in Las Vegas. This report gives a high-level summary of some of the main announcements, key themes, and takeaways from the event.
Omdia view
Summary
Last week, attendees flocked to Oktane 2025, Okta’s annual customer and partner jamboree in Las Vegas. It was the largest Oktane event in terms of number of attendees. This report gives a high-level summary of some of the main announcements, key themes, and takeaways from the event. Omdia’s Identity Security subscribers are very welcome to set up an inquiry to learn more from the team.
Oktane 2025’s three main themes
Oktane 2025 focused on three main themes, with all presenters staying admirably on point to get the messaging across to attendees. In Todd McKinnon’s (CEO and Co-Founder of Okta) keynote speech he positioned identity security as foundational to safe AI adoption. He described AI “as the biggest platform shift since the internet—bigger than mobile, cloud, and social.” The three main themes were identity security fabric, the importance of open standards, and AI agents and the role of Auth0.
Using an identity security fabric
One of the key themes was mentioned numerous times during Oktane was identity security fabric. An identity fabric can be described as a unified, comprehensive approach that spans all identity types, use cases, and resources to achieve zero identity-based attacks. It integrates:
- access management,
- privilege access management,
- identity governance,
- posture management, and
- identity threat protection,
and orchestrates shared risk signals and coordinated actions (e.g., universal logout). The vision is to create a comprehensive identity fabric that secures every identity type, including
- workforce (B2E)
- customer (B2C)
- partner (B2B)
- non-human (NHI), and, as a special case within NHI,
- AI agents.
According to Okta, this fabric aims to cover all identity use cases (e.g., access, governance, detection, response) across every organizational resource, from on-premises systems to cloud workloads. Furthermore, the Okta platform is positioned as the product that will bring this conceptual "identity fabric" to life. Omdia believes that the goal of the “identity fabric” is a good one, but is less enamored of the marketing spiel around this narrative!
The importance of open standards
A core message in a lot of the presentations was Okta’s commitment to building open standards, such as the System for Cross-domain Identity Management (SCIM). Okta’s longstanding engagement with standards (e.g., Fed, SAML, OpenID Connect) continues with pioneering work on Interoperability Profiling for Secure Identity in the Enterprise (IPSIE), (for further reading, see Oktane 2024 below.)
The first draft of IPSIE Session Lifecycle 1 has been published by the OpenID Foundation delivering:
- standards-based single sign-on
- enforceable session lifecycle, and
- authentication method transparency.
The IPSIE effort continues the trajectory of aligning identity practices with open standards, ensuring consistent session handling and authentication transparency across ecosystems. By defining lifecycle controls and method visibility, organizations can enforce security policies consistently and audit behavior.
Another standard which was given a lot of airtime was Cross App Access (XAA), which was launched at Okta’s Identity Summit in August 2025. XAA is a protocol that proposes a way of bringing security to the expanding world of agentic AI. It has been in development for a couple of years. This protocol, created as an open-source initiative based on the OAuth standard, imposes policy-based controls on which assets can be accessed by which agents. Early access to XAA will happen in January 2026. XAA will be built directly into Auth0 providing out-of-the-box control and visibility for two key scenarios:
- B2B apps, giving enterprise customers centralized IT control and visibility into which agents and apps can connect, without the need for no custom integrations.
- internal agents, securely connecting a company’s agents to apps when using a supported IdP like Okta.
Omdia believes that standards are essential for providing IT and security teams with the visibility and control to manage new technologies, particularly AI agents.
AI agents and the role of Auth0
The final theme that was discussed extensively was AI agents and the role of Auth0. AI agents can be defined as programs that make non-deterministic decisions about resources, which in turn means that, while they can streamline processes and promote automation, they can also introduce new security risks like "injector prompt" attacks.
During Oktane, numerous presenters were advocating for agents to be built on a standard to give IT and security teams the ability to manage them effectively, with Auth0 positioned to be a key part of such a strategy. Shiven Ramji, President of Auth0, stated that “it functions as a security accelerator for developers building agents or apps, providing standards-based security "out of the box." He went on to argue that “this allows developers to meet enterprise customer demands for visibility and integration with their existing Identity Provider (IdP).” It was also announced that Auth0 delivers cross-app access (XAA) support out of the box, enabling developers building agents or agentic services to be fabric-ready, with the appropriate security and visibility. Omdia believes that this aligns with integrating standards into products and simplifying adoption.
Conclusion
Today, Okta is the leading independent identity security company with revenue of $2.76bn (ending July 2025). Okta has successfully differentiated itself through superior user experience, vendor neutrality, and cloud-native capabilities. While it faces significant pressure from Microsoft's market dominance, Okta continues to find success by focusing on:
- Multi-cloud and hybrid environmentswhere vendor neutrality is valued
- Mid-market and enterprise customersseeking best-of-breed solutions
- Innovation in AI-driven securityand comprehensive identity threat detection
- Strategic acquisitionsto expand platform capabilities
The company's strong financial performance, continued innovation, and focus on emerging security challenges position it well to maintain its role as a leading alternative to Microsoft's dominant platform, particularly for organizations prioritizing flexibility and specialized identity security capabilities. Okta is continuing to add new capabilities into new areas which it has entered such as Privileged Access Management (PAM). This included the acquisition of Axiom Security at the start of September 2025. The Axiom Security PAM product helps organizations eliminate standing privileges and secure access to critical infrastructure. Omdia believes that further acquisitions will be required in order to stay ahead of the curve in the fast-evolving area of identity security which is being turbocharged by AI agents and agentic AI!
Appendix
Oktane 2025: Notable announcements
There were a multitude of product announcements from Oktane 2025 and these can be found here: https://www.okta.com/resources/okta-platform-release-overview-q3-2025/.
Further reading
2026 Trends to Watch: Identity, Authentication, Access (September 2025)
Cybersecurity Decision Maker Survey 2025: Identity, Authentication, Access (September 2025)
“Okta proposes a security protocol for AI agents with Cross App Access” (August 2025)
“Oktane 2024: A new chapter in identity security” (November 2024)
“Oktane 2023 recap: AI with identity” (October 2023)
Omdia Universe: Identity-as-a-Service Solution, 2023 (June 2023)
“Okta bets $6.5bn on Auth) to Bolster its B2C offering” (June 2021)
Author
Don Tait, Senior Analyst, Data and Identity Security
