Security Baselines

I am trying to locate some documentation to help a security team review and monitor OKTA server configurations. I do not see any baseline documentation and the Center for Internet Security has not published on.

Can someone point me to any resources that will help a security audit the implementation of OKTA within an Enterprise?

Thank you.

The sound of crickets is deafening.

Hello, Matt Raible here from the Developer Relations team. Sorry for not responding sooner, I was traveling in Morocco last week. I’m not sure we have the documentation you’re looking for. However, I assume you don’t really want to audit documentation and that you’d rather audit the actual servers. Is there anything preventing you from running tests against our servers? You can sign up for a free developer account at