Okta

In Scope

• personal.trexcloud.com web bounty-eligible
• bugcrowd-pam-###.oktapreview.com web bounty-eligible
• bugcrowd-pam-###.pam.oktapreview.com web bounty-eligible
• https://bugcrowd-pam-###.workflows.oktapreview.com web bounty-eligible
• Desktop MFA for Windows other bounty-eligible
• Desktop MFA for macOS other bounty-eligible
• Password Sync for macOS other bounty-eligible
• support.okta.com web bounty-eligible
• https://bugcrowd-pam-###.at.oktapreview.com web bounty-eligible
• https://bugcrowd-pam-###.oktapreview.com web bounty-eligible
• Okta Verify Fastpass other bounty-eligible
• https://bugcrowd-pam-###-admin.oktapreview.com web bounty-eligible
• Advanced Server Access (ASA) / (ScaleFT) web bounty-eligible
• http://app.scaleft.com/ web bounty-eligible
• Advanced Server Access Client / Agents other bounty-eligible
• Okta Verify (iOS) mobile bounty-eligible
• Okta Verify (Android) mobile bounty-eligible
• Okta Verify (Mac OS) other bounty-eligible
• Okta Verify (Windows) other bounty-eligible
• Okta On-Prem Agents ( AD, LDAP, RDP, IWA ) other bounty-eligible
• and 2 more targets

Out of Scope

bugcrowd-%username%-1.oktapreview.com, bugcrowd-%username%-2.oktapreview.com, *.okta.com, *.trexcloud.com, login.okta.com, pages.okta.com, developer.okta.com, trust.okta.com, www.okta.com (static site), https://scaleft.com, https://app.scaleft.com/p/signup, https://github.com/oktadev, Backend Okta non-app infrastructure, Network layer issues, AtSpoke - Okta Workflows actions in access requests, AtSpoke - Entitlement bundles as a resource in access requests, Anything not explicitly called out above as in-scope