Is Okta HIPAA compliant?
BAA on select plansPHI with conditionsSOC 2 Type II
Will Okta sign a HIPAA BAA?
Sometimes — Okta signs a HIPAA BAA only on specific plans or add-ons.
Okta makes a BAA available to customers who purchase Okta services operating within its Regulated/HIPAA cell (a FedRAMP-aligned dedicated environment), at additional cost.
PHI eligibility
PHI/HIPAA-related identity data may be handled only under a signed BAA on the Regulated cell; standard cells are not covered.
SOC 2
SOC 2 Type II
Trust center
Sub-processors
—
Notes
BAA is tied to the Regulated cell (dedicated instances); avoid placing PHI in usernames/attributes/logs. SOC 2 report available on request via Okta Trust.
Get notified when this changes
We track Okta's BAA and HIPAA status. Leave your email and we'll send one note if the verdict on this page changes.
How to request and sign a BAA with Okta
Sometimes — Okta signs a HIPAA BAA only on specific plans or add-ons.
Request routeBy request — via trust center or support
- 1Get on a qualifying planOkta makes a BAA available to customers who purchase Okta services operating within its Regulated/HIPAA cell (a FedRAMP-aligned dedicated environment), at additional cost.
- 2Request the Business Associate AgreementOkta provides the BAA on request. Open a request through Okta's trust center and ask for the current Business Associate Agreement covering your plan.
- 3Confirm what PHI is allowed before you store anyPHI/HIPAA-related identity data may be handled only under a signed BAA on the Regulated cell; standard cells are not covered. Match your configuration to this scope before putting protected health information into Okta.
Last verified 2026-05-31 · Plan tiers and BAA terms change often — confirm the current process directly with Okta before you rely on it. This is cited public information, not legal advice.
Frequently asked questions
Does Okta sign a HIPAA Business Associate Agreement (BAA)?
Sometimes — Okta signs a HIPAA BAA only on specific plans or add-ons. Okta makes a BAA available to customers who purchase Okta services operating within its Regulated/HIPAA cell (a FedRAMP-aligned dedicated environment), at additional cost.
Is Okta HIPAA compliant?
Okta can be HIPAA-compliant only on the specific plans or add-ons where it will sign a Business Associate Agreement (BAA). PHI/HIPAA-related identity data may be handled only under a signed BAA on the Regulated cell; standard cells are not covered.
Can you store PHI (protected health information) in Okta?
PHI/HIPAA-related identity data may be handled only under a signed BAA on the Regulated cell; standard cells are not covered.
Is Okta SOC 2 certified?
Okta reports a SOC 2 Type II attestation according to its public security documentation.
How do I request a HIPAA BAA from Okta?
Okta provides the BAA on request. Open a request through Okta's trust center and ask for the current Business Associate Agreement covering your plan. Confirm current terms directly with Okta before storing PHI.
What plan do I need to sign a BAA with Okta?
Okta makes a BAA available to customers who purchase Okta services operating within its Regulated/HIPAA cell (a FedRAMP-aligned dedicated environment), at additional cost.
Sources
https://www.okta.com/hipaa/
https://trust.okta.com/compliance
This page is cited public information, not legal or compliance advice. A BAA's availability can depend on your specific plan, region, and contract. Always confirm current terms with Okta before processing protected health information.
Check another vendor
See all HIPAA compliant identity & SSO providers →
Browse all 105 vendors by category →