/engagements/okta

RawAI Enhanced

In Scope

Out of Scope

In-Scope Assets (22)

Asset	Category	Bounty	Quick Links
Desktop MFA for Windows	OTHER	Yes	-
Desktop MFA for macOS	OTHER	Yes	-
Okta On-Prem Agents ( AD, LDAP, RDP, IWA )	OTHER	Yes	-
Okta Verify (Windows)	OTHER	Yes	-
Password Sync for macOS	OTHER	Yes	-
bugcrowd-pam-###.oktapreview.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
bugcrowd-pam-###.pam.oktapreview.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
http://app.scaleft.com/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://apps.apple.com/us/app/okta-verify/id490179405	IOS	Yes	-
https://apps.apple.com/us/app/okta-verify/id490179405	OTHER	Yes	-
https://bugcrowd-pam-###-admin.oktapreview.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bugcrowd-pam-###.at.oktapreview.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bugcrowd-pam-###.oktapreview.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://bugcrowd-pam-###.workflows.oktapreview.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htm	OTHER	Yes	-
https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htm	OTHER	Yes	-
https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htm	OTHER	Yes	-
https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=US	ANDROID	Yes	Play Store APKPure APKMirror
https://support.okta.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
https://www.okta.com/fastpass/	OTHER	Yes	-
https://www.okta.com/products/advanced-server-access/	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa
personal.trexcloud.com	URL	Yes	crt.sh Google Shodan SecurityTrails Wayback DNSdumpster VirusTotal AlienVault OTX GitHub Fofa

Out-of-Scope Assets (17)

Asset	Category	Bounty
*.okta.com	URL	Yes
*.trexcloud.com	URL	Yes
Anything not explicitly called out above as in-scope	OTHER	Yes
AtSpoke - Entitlement bundles as a resource in access requests	URL	Yes
AtSpoke - Okta Workflows actions in access requests	URL	Yes
Backend Okta non-app infrastructure	OTHER	Yes
Network layer issues	OTHER	Yes
bugcrowd-%username%-1.oktapreview.com	URL	Yes
bugcrowd-%username%-2.oktapreview.com	URL	Yes
developer.okta.com	URL	Yes
https://app.scaleft.com/p/signup	URL	Yes
https://github.com/oktadev	URL	Yes
https://scaleft.com	URL	Yes
login.okta.com	URL	Yes
pages.okta.com	URL	Yes
trust.okta.com	URL	Yes
www.okta.com (static site)	URL	Yes