Least-privilege assessment access
The assessment uses read scopes to inspect configuration. It does not request write scopes, does not mutate your org, and does not auto-remediate in v1.
Security and privacy
The assessment should reduce risk, not create another one.
Atomation's Okta posture assessment is designed around least privilege, tenant isolation, frozen report artifacts, and no third-party AI egress for raw identity data.
Deterministic findings
Findings are produced by versioned checks against captured snapshot evidence. Optional AI-assisted summaries are labeled and never determine findings.
No third-party AI data egress
Narrative summaries run on Atomation-controlled infrastructure. Customer identity data is not sent to external AI services for report generation.
Tenant isolation
Customer data, reports, credentials, snapshots, and portal access are isolated by tenant. Public pages never name customers or expose customer evidence.
Careful compliance claims
Security controls are being designed with third-party assurance expectations in mind, but Atomation does not claim certifications, authorizations, endorsements, or partner statuses it does not hold.
Access model
Read-only means read-only.
The v1 assessment does not connect to Okta with write permissions. If remediation is requested later, that is a separate approved service path with separate scope and controls.
| Area | Position |
|---|---|
| Okta connection | Read-only API service app used to inspect configuration and evidence. |
| Org changes | No write scopes and no automatic remediation in the assessment path. |
| AI narrative | Generated from controlled findings summaries inside the selected data boundary. |
| Reports | Frozen report artifacts exported as PDF, Word, or Markdown for repeatable evidence. |
Compliance claim discipline
Atomation can help assess identity controls for regulated environments, but it does not claim certifications, authorizations, or hosting statuses it does not hold. Regulated deployments require the correct customer-approved boundary, controls, and review process.
Get started
Want the security model reviewed before you connect Okta?
Book a free discovery call. We'll map your workflow, find the highest-value automation, and show you the smallest useful first build — no obligation.