okta
22
In Scope
17
Out of Scope
In-Scope Assets (22)
| Asset | Category | Bounty | Quick Links | |
|---|---|---|---|---|
| Desktop MFA for Windows | OTHER | Yes | - | |
| Desktop MFA for macOS | OTHER | Yes | - | |
| Okta On-Prem Agents ( AD, LDAP, RDP, IWA ) | OTHER | Yes | - | |
| Okta Verify (Windows) | OTHER | Yes | - | |
| Password Sync for macOS | OTHER | Yes | - | |
| bugcrowd-pam-###.oktapreview.com | URL | Yes | ||
| bugcrowd-pam-###.pam.oktapreview.com | URL | Yes | ||
| http://app.scaleft.com/ | URL | Yes | ||
| https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | Yes | - | |
| https://apps.apple.com/us/app/okta-verify/id490179405 | OTHER | Yes | - | |
| https://bugcrowd-pam-###-admin.oktapreview.com | URL | Yes | ||
| https://bugcrowd-pam-###.at.oktapreview.com | URL | Yes | ||
| https://bugcrowd-pam-###.oktapreview.com | URL | Yes | ||
| https://bugcrowd-pam-###.workflows.oktapreview.com | URL | Yes | ||
| https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm | OTHER | Yes | - | |
| https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm | OTHER | Yes | - | |
| https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm | OTHER | Yes | - | |
| https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US | ANDROID | Yes | ||
| https://support.okta.com | URL | Yes | ||
| https://www.okta.com/fastpass/ | OTHER | Yes | - | |
| https://www.okta.com/products/advanced-server-access/ | URL | Yes | ||
| personal.trexcloud.com | URL | Yes |
Out-of-Scope Assets (17)
| Asset | Category | Bounty | |
|---|---|---|---|
| *.okta.com | URL | Yes | |
| *.trexcloud.com | URL | Yes | |
| Anything not explicitly called out above as in-scope | OTHER | Yes | |
| AtSpoke - Entitlement bundles as a resource in access requests | URL | Yes | |
| AtSpoke - Okta Workflows actions in access requests | URL | Yes | |
| Backend Okta non-app infrastructure | OTHER | Yes | |
| Network layer issues | OTHER | Yes | |
| bugcrowd-%username%-1.oktapreview.com | URL | Yes | |
| bugcrowd-%username%-2.oktapreview.com | URL | Yes | |
| developer.okta.com | URL | Yes | |
| https://app.scaleft.com/p/signup | URL | Yes | |
| https://github.com/oktadev | URL | Yes | |
| https://scaleft.com | URL | Yes | |
| login.okta.com | URL | Yes | |
| pages.okta.com | URL | Yes | |
| trust.okta.com | URL | Yes | |
| www.okta.com (static site) | URL | Yes |
Scope Changes (196)
Mar 5, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | https://scaleft.com | URL | Out of Scope | 22:25 |
| Added | anything not explicitly called out above as in-scope | OTHER | Out of Scope | 22:25 |
| Added | network layer issues | OTHER | Out of Scope | 22:25 |
| Added | anything not explicitly called out above as in-scope | OTHER | Out of Scope | 22:25 |
| Added | personal.trexcloud.com | URL | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23.at.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://www.okta.com/products/advanced-server-access | URL | In Scope | 22:25 |
| Added | https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm | OTHER | In Scope | 22:25 |
| Added | https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm | OTHER | In Scope | 22:25 |
| Added | https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm | OTHER | In Scope | 22:25 |
| Added | https://github.com/oktadev | URL | Out of Scope | 22:25 |
| Added | desktop mfa for windows | OTHER | In Scope | 22:25 |
| Added | https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US | ANDROID | In Scope | 22:25 |
| Added | bugcrowd-%username%-1.oktapreview.com | URL | Out of Scope | 22:25 |
| Added | trust.okta.com | URL | Out of Scope | 22:25 |
| Added | atspoke - okta workflows actions in access requests | URL | Out of Scope | 22:25 |
| Added | atspoke - entitlement bundles as a resource in access requests | URL | Out of Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23.workflows.oktapreview.com | URL | In Scope | 22:25 |
| Added | password sync for macos | OTHER | In Scope | 22:25 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 22:25 |
| Added | bugcrowd-%username%-2.oktapreview.com | URL | Out of Scope | 22:25 |
| Added | *.okta.com | WILDCARD | Out of Scope | 22:25 |
| Added | backend okta non-app infrastructure | OTHER | Out of Scope | 22:25 |
| Added | bugcrowd-pam-###.oktapreview.com | URL | In Scope | 22:25 |
| Added | desktop mfa for macos | OTHER | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23-admin.oktapreview.com | URL | In Scope | 22:25 |
| Added | *.trexcloud.com | WILDCARD | Out of Scope | 22:25 |
| Added | bugcrowd-pam-###.pam.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://support.okta.com | URL | In Scope | 22:25 |
| Added | https://www.okta.com/fastpass | URL | In Scope | 22:25 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 22:25 |
| Added | developer.okta.com | URL | Out of Scope | 22:25 |
| Added | okta on-prem agents ( ad, ldap, rdp, iwa ) | OTHER | In Scope | 22:25 |
| Added | pages.okta.com | URL | Out of Scope | 22:25 |
| Added | www.okta.com (static site) | URL | Out of Scope | 22:25 |
| Added | http://app.scaleft.com/ | URL | In Scope | 22:25 |
| Added | https://app.scaleft.com/p/signup | URL | Out of Scope | 22:25 |
| Added | okta verify (windows) | OTHER | In Scope | 22:25 |
| Added | login.okta.com | URL | Out of Scope | 22:25 |
| Added | personal.trexcloud.com | URL | In Scope | 22:25 |
| Added | bugcrowd-pam-###.oktapreview.com | URL | In Scope | 22:25 |
| Added | bugcrowd-pam-###.pam.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23.workflows.oktapreview.com | URL | In Scope | 22:25 |
| Added | desktop mfa for windows | OTHER | In Scope | 22:25 |
| Added | desktop mfa for macos | OTHER | In Scope | 22:25 |
| Added | password sync for macos | OTHER | In Scope | 22:25 |
| Added | https://support.okta.com | URL | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23.at.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://www.okta.com/fastpass | OTHER | In Scope | 22:25 |
| Added | https://bugcrowd-pam-#%23%23-admin.oktapreview.com | URL | In Scope | 22:25 |
| Added | https://www.okta.com/products/advanced-server-access | URL | In Scope | 22:25 |
| Added | http://app.scaleft.com/ | URL | In Scope | 22:25 |
| Added | https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm | OTHER | In Scope | 22:25 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 22:25 |
| Added | https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US | ANDROID | In Scope | 22:25 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | OTHER | In Scope | 22:25 |
| Added | okta verify (windows) | OTHER | In Scope | 22:25 |
| Added | okta on-prem agents ( ad, ldap, rdp, iwa ) | OTHER | In Scope | 22:25 |
| Added | https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm | OTHER | In Scope | 22:25 |
| Added | https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm | OTHER | In Scope | 22:25 |
| Added | bugcrowd-%username%-1.oktapreview.com | URL | Out of Scope | 22:25 |
| Added | bugcrowd-%username%-2.oktapreview.com | URL | Out of Scope | 22:25 |
| Added | *.okta.com | URL | Out of Scope | 22:25 |
| Added | *.trexcloud.com | URL | Out of Scope | 22:25 |
| Added | login.okta.com | URL | Out of Scope | 22:25 |
| Added | pages.okta.com | URL | Out of Scope | 22:25 |
| Added | developer.okta.com | URL | Out of Scope | 22:25 |
| Added | trust.okta.com | URL | Out of Scope | 22:25 |
| Added | www.okta.com (static site) | URL | Out of Scope | 22:25 |
| Added | https://scaleft.com | URL | Out of Scope | 22:25 |
| Added | https://app.scaleft.com/p/signup | URL | Out of Scope | 22:25 |
| Added | https://github.com/oktadev | URL | Out of Scope | 22:25 |
| Added | backend okta non-app infrastructure | OTHER | Out of Scope | 22:25 |
| Added | network layer issues | OTHER | Out of Scope | 22:25 |
| Added | atspoke - okta workflows actions in access requests | URL | Out of Scope | 22:25 |
| Added | atspoke - entitlement bundles as a resource in access requests | URL | Out of Scope | 22:25 |
Feb 25, 2026
| Change | Asset | Category | Scope | Time |
|---|---|---|---|---|
| Added | atspoke - okta workflows actions in access requests | URL | Out of Scope | 19:08 |
| Added | bugcrowd-pam-###.pam.oktapreview.com | URL | In Scope | 19:08 |
| Added | desktop mfa for windows | OTHER | In Scope | 19:08 |
| Added | https://bugcrowd-pam-#%23%23.at.oktapreview.com | URL | In Scope | 19:08 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 19:08 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 19:08 |
| Added | bugcrowd-%username%-2.oktapreview.com | URL | Out of Scope | 19:08 |
| Added | https://scaleft.com | URL | Out of Scope | 19:08 |
| Added | personal.trexcloud.com | URL | In Scope | 19:08 |
| Added | https://bugcrowd-pam-#%23%23.workflows.oktapreview.com | URL | In Scope | 19:08 |
| Added | https://support.okta.com | URL | In Scope | 19:08 |
| Added | https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US | ANDROID | In Scope | 19:08 |
| Added | login.okta.com | URL | Out of Scope | 19:08 |
| Added | https://app.scaleft.com/p/signup | URL | Out of Scope | 19:08 |
| Added | network layer issues | OTHER | Out of Scope | 19:08 |
| Added | password sync for macos | OTHER | In Scope | 19:08 |
| Added | http://app.scaleft.com/ | URL | In Scope | 19:08 |
| Added | *.okta.com | WILDCARD | Out of Scope | 19:08 |
| Added | pages.okta.com | URL | Out of Scope | 19:08 |
| Added | atspoke - entitlement bundles as a resource in access requests | URL | Out of Scope | 19:08 |
| Added | https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm | OTHER | In Scope | 19:08 |
| Added | okta on-prem agents ( ad, ldap, rdp, iwa ) | OTHER | In Scope | 19:08 |
| Added | anything not explicitly called out above as in-scope | OTHER | Out of Scope | 19:08 |
| Added | https://bugcrowd-pam-#%23%23-admin.oktapreview.com | URL | In Scope | 19:08 |
| Added | *.trexcloud.com | WILDCARD | Out of Scope | 19:08 |
| Added | trust.okta.com | URL | Out of Scope | 19:08 |
| Added | https://bugcrowd-pam-#%23%23.oktapreview.com | URL | In Scope | 19:08 |
| Added | https://www.okta.com/products/advanced-server-access | URL | In Scope | 19:08 |
| Added | https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm | OTHER | In Scope | 19:08 |
| Added | https://github.com/oktadev | URL | Out of Scope | 19:08 |
| Added | backend okta non-app infrastructure | OTHER | Out of Scope | 19:08 |
| Added | desktop mfa for macos | OTHER | In Scope | 19:08 |
| Added | https://www.okta.com/fastpass | URL | In Scope | 19:08 |
| Added | okta verify (windows) | OTHER | In Scope | 19:08 |
| Added | https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm | OTHER | In Scope | 19:08 |
| Added | bugcrowd-%username%-1.oktapreview.com | URL | Out of Scope | 19:08 |
| Added | developer.okta.com | URL | Out of Scope | 19:08 |
| Added | www.okta.com (static site) | URL | Out of Scope | 19:08 |
| Added | bugcrowd-pam-###.oktapreview.com | URL | In Scope | 19:08 |
| Program Removed | — | — | — | 17:22 |
| Added | personal.trexcloud.com | URL | In Scope | 16:58 |
| Added | bugcrowd-pam-###.oktapreview.com | URL | In Scope | 16:58 |
| Added | bugcrowd-pam-###.pam.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23.workflows.oktapreview.com | URL | In Scope | 16:58 |
| Added | desktop mfa for windows | OTHER | In Scope | 16:58 |
| Added | password sync for macos | OTHER | In Scope | 16:58 |
| Added | https://support.okta.com | URL | In Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23.at.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://www.okta.com/fastpass | OTHER | In Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23-admin.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://www.okta.com/products/advanced-server-access | URL | In Scope | 16:58 |
| Added | http://app.scaleft.com/ | URL | In Scope | 16:58 |
| Added | https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm | OTHER | In Scope | 16:58 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 16:58 |
| Added | https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US | ANDROID | In Scope | 16:58 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | OTHER | In Scope | 16:58 |
| Added | okta verify (windows) | OTHER | In Scope | 16:58 |
| Added | okta on-prem agents ( ad, ldap, rdp, iwa ) | OTHER | In Scope | 16:58 |
| Added | https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm | OTHER | In Scope | 16:58 |
| Added | https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm | OTHER | In Scope | 16:58 |
| Added | bugcrowd-%username%-1.oktapreview.com | URL | Out of Scope | 16:58 |
| Added | bugcrowd-%username%-2.oktapreview.com | URL | Out of Scope | 16:58 |
| Added | *.okta.com | URL | Out of Scope | 16:58 |
| Added | *.trexcloud.com | URL | Out of Scope | 16:58 |
| Added | login.okta.com | URL | Out of Scope | 16:58 |
| Added | pages.okta.com | URL | Out of Scope | 16:58 |
| Added | developer.okta.com | URL | Out of Scope | 16:58 |
| Added | trust.okta.com | URL | Out of Scope | 16:58 |
| Added | www.okta.com (static site) | URL | Out of Scope | 16:58 |
| Added | https://scaleft.com | URL | Out of Scope | 16:58 |
| Added | https://app.scaleft.com/p/signup | URL | Out of Scope | 16:58 |
| Added | https://github.com/oktadev | URL | Out of Scope | 16:58 |
| Added | backend okta non-app infrastructure | OTHER | Out of Scope | 16:58 |
| Added | network layer issues | OTHER | Out of Scope | 16:58 |
| Added | atspoke - okta workflows actions in access requests | URL | Out of Scope | 16:58 |
| Added | atspoke - entitlement bundles as a resource in access requests | URL | Out of Scope | 16:58 |
| Added | anything not explicitly called out above as in-scope | OTHER | Out of Scope | 16:58 |
| Added | backend okta non-app infrastructure | OTHER | Out of Scope | 16:58 |
| Added | atspoke - entitlement bundles as a resource in access requests | OTHER | Out of Scope | 16:58 |
| Added | personal.trexcloud.com | URL | In Scope | 16:58 |
| Added | bugcrowd-pam-###.pam.oktapreview.com | URL | In Scope | 16:58 |
| Added | desktop mfa for macos | OTHER | In Scope | 16:58 |
| Added | https://www.okta.com/fastpass | URL | In Scope | 16:58 |
| Added | okta on-prem agents ( ad, ldap, rdp, iwa ) | OTHER | In Scope | 16:58 |
| Added | bugcrowd-%username%-2.oktapreview.com | URL | Out of Scope | 16:58 |
| Added | trust.okta.com | URL | Out of Scope | 16:58 |
| Added | password sync for macos | OTHER | In Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23-admin.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://www.okta.com/products/advanced-server-access | URL | In Scope | 16:58 |
| Added | okta verify (windows) | OTHER | In Scope | 16:58 |
| Added | pages.okta.com | URL | Out of Scope | 16:58 |
| Added | bugcrowd-pam-###.oktapreview.com | URL | In Scope | 16:58 |
| Added | desktop mfa for windows | OTHER | In Scope | 16:58 |
| Added | https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US | ANDROID | In Scope | 16:58 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 16:58 |
| Added | https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm | URL | In Scope | 16:58 |
| Added | https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm | URL | In Scope | 16:58 |
| Added | bugcrowd-%username%-1.oktapreview.com | URL | Out of Scope | 16:58 |
| Added | login.okta.com | URL | Out of Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23.at.oktapreview.com | URL | In Scope | 16:58 |
| Added | http://app.scaleft.com/ | URL | In Scope | 16:58 |
| Added | *.okta.com | WILDCARD | Out of Scope | 16:58 |
| Added | *.trexcloud.com | WILDCARD | Out of Scope | 16:58 |
| Added | https://scaleft.com | URL | Out of Scope | 16:58 |
| Added | network layer issues | OTHER | Out of Scope | 16:58 |
| Added | atspoke - okta workflows actions in access requests | OTHER | Out of Scope | 16:58 |
| Added | anything not explicitly called out above as in-scope | OTHER | Out of Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23.workflows.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://support.okta.com | URL | In Scope | 16:58 |
| Added | https://bugcrowd-pam-#%23%23.oktapreview.com | URL | In Scope | 16:58 |
| Added | https://apps.apple.com/us/app/okta-verify/id490179405 | IOS | In Scope | 16:58 |
| Added | www.okta.com (static site) | URL | Out of Scope | 16:58 |
| Added | https://app.scaleft.com/p/signup | URL | Out of Scope | 16:58 |
| Added | developer.okta.com | URL | Out of Scope | 16:58 |
| Added | https://github.com/oktadev | URL | Out of Scope | 16:58 |
| Added | https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm | URL | In Scope | 16:58 |
| Added | desktop mfa for macos | OTHER | In Scope | 16:58 |