Statement on SonicWall’s Use of Okta Products & Services

First Published:04/06/2022 Last Updated:04/06/2022

SonicWall thoroughly reviews and verifies the impact external vulnerabilities have on the company, partners, customers and end-users. The recent Okta breach has caused concern for organizations leveraging Okta two-factor authentication or other related services.

However, SonicWall can confirm it does not use Okta internally for two-factor or multifactor authentication, single sign-on (SSO) or other related Okta services or products.

For full transparency, SonicWall does:

  • Use Okta and Auth0 for IdP authentication in Cloud Edge Secure Access. Auth0 was acquired by Okta in May 2021. Okta CSO David Bradbury confirmed in an official statement that Auth0 customers are not impacted: “There is no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers.”
  • Allow Okta as an available option for enabling SAML via SSO for customers using Secure Mobile Access (SMA). Customers who have decided on an Okta implementation for SSO in their environment are urged to contact Okta to determine if they are part of the impacted customer base. Okta has confirmed they have proactively reached out to all impacted organizations

For additional information on product and industry vulnerabilities, please visit the PSIRT Portal.