Obsidian Security incident

Certain Okta rules unexpectedly changed to passing

Minor Resolved View vendor source →

Obsidian Security experienced a minor incident on August 15, 2024 affecting Posture Management, lasting 2h 17m. The incident has been resolved; the full update timeline is below.

Started
Aug 15, 2024, 09:48 PM UTC
Resolved
Aug 16, 2024, 12:05 AM UTC
Duration
2h 17m
Detected by Pingoru
Aug 15, 2024, 09:48 PM UTC

Affected components

Posture Management

Update timeline

  1. investigating Aug 15, 2024, 09:48 PM UTC

    We are currently investigating an issue impacting a subset of Okta posture rules. Impacted customers may find that the rules noted below will have unexpectedly moved from a failing to passing state. In the course of addressing the underlying cause, and rules being reverted to their proper state, posture drift alerts may be received. #Global session policies with long max session lifetime #Global session policies without MFA required #Policies in Okta with zero assigned rules #Global session policies with long session timeout #Users only covered by the default global session sign-on rule # Sign-on policies with MFA required on new devices only

  2. identified Aug 15, 2024, 09:48 PM UTC

    The issue has been identified and a fix is being implemented.

  3. identified Aug 15, 2024, 09:53 PM UTC

    The root cause has been identified, and a fix is currently under review.

  4. resolved Aug 16, 2024, 12:05 AM UTC

    The incident has been resolved. Thank you for your cooperation. If you experience any further issues, please don't hesitate to reach out to our support team