Okta incident

Incidents on customers utilizing Crowdstrike Falcon on Windows

Major Resolved View vendor source →

Okta experienced a major incident on July 19, 2024 affecting Core Platform and Third Party, lasting 12h 11m. The incident has been resolved; the full update timeline is below.

Started
Jul 19, 2024, 06:30 AM UTC
Resolved
Jul 19, 2024, 06:41 PM UTC
Duration
12h 11m
Detected by Pingoru
Jul 19, 2024, 06:30 AM UTC

Affected components

Core PlatformThird Party

Update timeline

  1. resolved Jul 19, 2024, 06:30 AM UTC

    As previously noted, the issue to today’s Crowdstrike outage did not impact the Okta service, but it could have impacted any Okta Windows- related agents used. Crowdstrike has provided a workaround to the issue and instructed all customers to follow the steps found here: https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19 Affected cells: okta-emea.com:1, okta.com:1, okta.com:2, okta.com:3, okta.com:4, okta.com:6, okta.com:7, oktapreview.com:1, oktapreview.com:2, okta.com:8, okta.com:9, okta.com:11, okta.com:12, oktapreview.com:3, okta.com:14, okta.com:16, okta.com:17

  2. resolved Jul 26, 2024, 04:45 PM UTC

    Following is the RCA summary for a recent incident where a third-party provider or downstream service experienced an issue that impacted the Okta service Timing: Incident detection start: July 19, 2024, at 07:06 AM UTC Detection: Okta customers reliant on delegated authentication began reporting that they were unable to log in to Okta, and Okta teams were able to correlate these symptoms with CrowdStrike outage reports. Impact: Okta customers with Okta agents hosted on a Windows system affected by CrowdStrike’s Falcon sensor may have experienced an inability to perform actions that rely on an active Okta agent. CrowdStrike’s Falcon sensor disruptions would prevent the Okta agent from running. Notably, user sign-on reliant on delegated authentication could fail, leaving users unable to sign in to Okta. Root Cause: CrowdStrike released a sensor configuration update to Windows systems, which triggered a logic error resulting in system crashes (BSOD) on impacted systems. The issue affected systems running Falcon sensor for Windows version 7.11 and above that downloaded the updated configuration between 04:09 UTC and 05:27 UTC on July 19, 2024. Any Okta agents installed on an impacted Windows system would be unable to run until the CrowdStrike issue was resolved. Remediation Steps: CrowdStrike remediated the sensor configuration update error at 05:27 UTC on July 19, 2024. Okta Support advised impacted customers to remediate the systems affected by CrowdStrike in order to get the Okta agents running again. Customers seeking ways to mitigate disruptions to delegated authentication can review when caching is used here: https://support.okta.com/help/s/article/Cache-AD-Credentials-using-Delegated-Authentication More details, as provided by CrowdStrike, can be found here: https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/