Fed Ramp Question: Saviynt is not FedRamp certified and if a customer uses the Saviynt API’s to connect to Okta what is Okta’s position on connecting to Okta FedRamp if you are not FedRamp certified. I read the FAQ on FedRamp but it is really not clear since Okta owns the cert so what is the Okta requirements for systems to connect to the customers FedRamp Okta Org. The customer is under the impression that if they accept and document the risk that is enough by internal security but they the customer do not own the cert, Okta does and it would seem Okta would have strict guidelines on making connections that are either not FedRamp compliant of FedRamp certified. It also appears risk mitigation would have to be documented and agreed to by both the customer security and Okta Security.
