Statement on SonicWall’s Use of Okta Products & Services

First Published:04/06/2022

Last Updated:04/06/2022

SonicWall thoroughly reviews and verifies the impact external vulnerabilities have on the company, partners, customers and end-users. The recent Okta breach has caused concern for organizations leveraging Okta two-factor authentication or other related services.

However, SonicWall can confirm it does not use Okta internally for two-factor or multifactor authentication, single sign-on (SSO) or other related Okta services or products.

For full transparency, SonicWall does:

Use Okta and Auth0 for IdP authentication in Cloud Edge Secure Access. Auth0 was acquired by Okta in May 2021. Okta CSO David Bradbury confirmed in an official statement that Auth0 customers are not impacted: “There is no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers.”
Allow Okta as an available option for enabling SAML via SSO for customers using Secure Mobile Access (SMA). Customers who have decided on an Okta implementation for SSO in their environment are urged to contact Okta to determine if they are part of the impacted customer base. Okta has confirmed they have proactively reached out to all impacted organizations.

For additional information on product and industry vulnerabilities, please visit the PSIRT Portal.

Previous Notice

Security Notice: Spring Remote Code Execution CVE-2022-22963 and CVE-2022-22965

Next Notice

Security Notice: SonicWall Global VPN Client DLL Search Order Hijacking via Application Installer

Statement on SonicWall’s Use of Okta Products & Services

Follow Us

Subscribe to newsletter

Stay In Touch