Okta Breached Password Detection

Okta recently made its Breached Password Detection Functionality generally available. This functionality is enabled by default. If your user’s credentials appear in a list, Okta notifies you by recording the security.breached_credential.detected event in the System Log.

By default, Okta expires the user’s credentials and requires the user to reset their password the next time they attempt to sign in with their username and password. Additionally, this event can be used to trigger a Workflow or action in a downstream SOAR platform. Detailed instructions for configuring a workflow are available in

• This Blog Post: Send Notifications for a Breached Password Event with Okta Workflows
• This Workflow Template on Gitbub