Oktane 25: Identity Meets AI

Published October 8, 2025
Oktane 25: Identity Meets AI Image
LinkedIn Facebook Twitter Copy link
arrow icon Explore more insights

Insight summary and table of contents

Summary

At Oktane 2025, Okta declared that identity now includes AI agents, not just people, unveiling new tools to govern bots, enhance Zero Trust, and secure every login in a fast-evolving threat landscape. If your AI intern needs MFA, it's time to rethink identity.

Contents

  1. The Opening Act: Jeremy Renner Gets Real
  2. Todd McKinnon: Identity Has New Players
  3. Sessions, Panels, and Hallway Wisdom
  4. Top Takeaways from Oktane 2025

Oktane used to call San Francisco’s Moscone Center home, but since last year, the conference packed its bags and headed for Las Vegas (because of course it did). Honestly, a city that never sleeps feels like the perfect backdrop for an identity conference where no one gets to sleep on security.

The theme for Oktane 2025 was clear: “Okta secures AI.” Translation: identity isn’t just about people anymore; now your AI agents, bots, and probably your future toaster need an access badge, too.

The Opening Act: Jeremy Renner Gets Real

Forget the usual CEO monologue this time around. Oktane opened with actor Jeremy Renner telling a raw, funny, and at times gut-punching story about his near-fatal accident and the weirdness of having his identity cloned by AI scammers.

He joked about being “crushed to death” and how digital identity can be as fragile as the human kind. It was a surprisingly human start for a tech conference, less “buzzwords per minute” and more “don’t let AI pretend to be me.”

Todd McKinnon: Identity Has New Players

Okta’s CEO, Todd McKinnon, came on stage with the big vision:

Okta wants to be “the most secure company in the world.”

AI agents are no longer science fiction. They’re real, they’re logging in, and they need governance just like employees.

Okta’s answer is a unified Identity Security Fabric that covers humans, machines, and AI agents under one policy umbrella.

He also talked about a new phenomenon, AI FOMO, which was refreshingly honest. (“Hi, my name’s Todd, and I feel like AI is moving faster than me.” Relatable.)

New Toys in the Okta Toolbox

Like any good conference, Oktane came with shiny product announcements. Here are the headliners:

  • AI Agents as First-Class Identities: Okta introduced “Okta for AI Agents,” a solution to manage AI agents securely. Agents are now considered identities, with storage in Okta’s Universal Directory, governed access, and auditing.
  • Identity-First Security and Zero Trust: Identity is being framed as the new control plane/perimeter in an AI-driven world. Zero trust models, identity governance, posture management, etc., are major focuses.
  • Okta extending tools like Identity Security Posture Management (ISPM), including to on-premises systems like Active Directory.
  • Cross App Access: Think of this as setting ground rules for agents before they run wild. It lets IT define what an agent can do across multiple apps, consistency beats chaos.
  • Passwordless Improvements with Passkeys: Goodbye “forgot my password” emails, hello fewer help desk tickets (and fewer exasperated IT admins).
  • Identity Threat Protection for Customer Identity: Okta is extending its threat detection beyond employees to your end users.
  • Identity Security Posture Management for AD: Yes, even on-prem AD gets some AI-era love.

Sessions, Panels, and Hallway Wisdom

Some sessions leaned technical (like “AI Agents that Just Work”), others leaned existential (like “Identity-First or Frontline Failure”), but all circled back to the same theme: identity is the front door for both innovation and attack.

A standout: Lululemon shared their journey to passkeys, proving that removing passwords can actually make people like logging in. (Imagine that.)

Okta didn’t just talk theory; they dropped quite a few features, some already live, others in early access. From their “Launch Week: Oktane Edition” blog and related posts.

A screenshot of a computer AI-generated content may be incorrect.

In the hallways, the chatter was less about protocols and more like:

  • “Wait… so my AI intern needs multi-factor auth now?”
  • “Yep. Don’t forget to invite your bot to security awareness training.”

Walking into the expo hall was like entering a micro-city of identity and AI. Vendors lit up booths with flashy lights, giant screens, and product demos that dared you to walk away.

Okta’s Hub & Expo Hall was described as the heart of networking and vendor exploration. IDMWORKS partners were all around the expo hall and had many engaging conversations about our current work and future work together.

Okta’s partnership with McLaren got a flashy moment: there was an actual F1 car (or something close enough to get people stopping in their tracks).

Between the theatrics, there were serious demos: agents logging in, identity policies being shaped live, APIs being secured, and product teams showing how their tools tie into the new “agent + human” identity world.

Big Picture: Why Oktane 2025 Mattered

The message was simple but powerful: AI isn’t just the shiny new tool, it’s also the new identity type. And unless we treat agents with the same guardrails we give humans, we’re handing attackers the keys to the castle.

The rise of AI agents (non-human identities) is creating new risk vectors. Organizations that don’t address how to authenticate, authorize, monitor those will be vulnerable. Oktane 25 is Okta’s statement that this is a strategic priority.

Identity is now more central: it’s not just user login security anymore, but securing systems, agents, automation. Okta is pushing identity‐first security.

Standards and governance are being called out as lagging behind deployment; Okta is attempting to close that gap

Oktane 25 managed to make that point with the right mix of drama (thanks, Hollywood), vision (thanks, Todd), and product updates (thanks, engineers).

Plus, there was a DJ. Because nothing says “identity security” like walking into a keynote with bass drops.

Top Takeaways from Oktane 2025

Inventory Your Non-Human Identities and AI Agents

Even before new tools fully roll out, find what bots, scripts, service accounts, etc you have. Who owns them, what do they access? This baseline will help when you have the tools to govern them better.

Review Your Access and Permissions Policies

For both human and non-human identities. Least privilege, periodic review / certification, separation of duties. With more agent-to-app communication (via XAA etc), the blast radius if compromised can grow.

Prepare Your Identity Governance and Audit Processes

Okta is pushing tools that will make governance over AI agents possible, but you’ll need processes to use them: who reviews, how often, remediation workflows, etc.

Stay Up to Date on Standards

Keep tabs on standards like Cross App Access, Verifiable Digital Credentials, agent identity / session lifecycle standards. These will probably influence what tools and integrations are supported (or required) later, and may affect compliance.

Training and Operational Changes

Admins, devs, security teams will need to understand new capabilities, how they affect workflows (e.g. onboarding agents, access reviews, policy enforcement). Also logging / monitoring / alerting mechanisms may need adjusting.

If you couldn’t make it, you can still catch Oktane Online for replays. But the takeaway is clear: identity is no longer just about people. At Oktane 25, Okta fundamentally told us, “Your bots are now employees. Please onboard responsibly.”

LinkedIn Facebook Twitter Copy link