Self-service Okta enrollment, recovery and re-authentication with Deepfake Defense™ identity verification. Eliminate IT tickets, enhance account security, and improve user experiences.
Try it now
How to use it
North Korean operatives and other bad actors are posing as remote IT workers to infiltrate companies around the world. Once hired and onboarded, they funnel money back to the North Korean regime, steal company data and secrets, and deploy ransomware. In fact, Gartner predicts that 1 in 4 job candidates will be fake by 2028.
Nametag uncovers North Korean IT workers and other bad actors before they can set passwords and enroll in multi-factor authentication with Okta and your other identity directories. Deepfake Defense™ identity verification prevents imposters from continuing, while legitimate users can proceed to provision their accounts without IT support. Only Nametag protects both password and MFA enrollment.
By default, Okta allows administrators to enable self-service password reset (SSPR) with authentication performed via email or SMS + a security question. This is convenient for users, but email and SMS are notoriously easy to intercept or exploit, and security questions can't be trusted since the answers are readily available online. To reset a user’s multi-factor authentication, an Okta admin must use the admin console to do it manually, creating an enormous burden and cost for IT support teams.
Nametag covers these gaps with self-service account recovery backed by Deepfake Defense™ identity verification. Employees simply verify their identity with Nametag, then reset their Okta passwords and MFA, all on their own. Deepfake Defense stops AI-powered bad actors, while self-service workflows eliminates the need for helpdesk intervention. What's more, Nametag works across all of your identity directories. So if you use another identity provider on top of Okta, you're covered with Nametag.
Okta account lockouts can be annoying and costly. They affect employees, helpdesks, IT and security teams alike. The lockout challenge is a hard one to solve: if IT makes it too easy to unlock an account, threat actors could exploit this. But if the unlock process is too long and cumbersome, frustrated employees will make their voices heard.
Nametag provides a more flexible, more secure way to enable self-service Okta account unlocks. Employees quickly verify their identity using Nametag’s ultra-secure solution and then unlock their own account. It's fast and intuive for users, using only what they already have in their pocket: their smartphone and their photo ID.
As AI agents are empowered with increasing autonomy and access to sensitive resources, enterprise IT and security teams need to know exactly who is behind particular AI actions. A global Okta survey in August 2025 found that 91% of organizations already use AI agents, but only 10% have mature strategies to secure them.
Nametag Signa for Okta pairs Okta’s policy engine for AI with Nametag’s Deepfake Defense identity verification technology to ensure that a Verified Human Signature is behind AI sessions and actions. Use Okta to configure and assign authentication, sign-in and access request policies that require users to authenticate through Nametag in defined AI scenarios. The result is an auditable chain of trust linking AI actions back to the humans responsible for them.
Okta offers many options for fulfilling MFA policies. But all of them can be exploited via bypass kits, push fatigue, classic phishing, and other common attack methods. Even phishing-resistant MFA factors can be bypassed by calling your helpdesk. And every Okta MFA factor requires a reset if a person changes their phone.
Nametag can be used as an external authentication method (MFA factor) for Okta. Use Nametag as the second MFA factor at high-risk moments like accessing your Okta admin environment, or when you detect suspicious behavior like potential North Korean IT workers. Nametag creates a higher level of assurance and is more flexible than any other MFA method. Even if someone loses or changes their phone, they can still verify themselves through Nametag without having to be pre-enrolled or download an app.