On Signal | Field Glossary

Six Buyer Lines

Offices are back up to speed after the long weekend, and summer QBRs are already filling the calendar. You will hear at least one of these six phrases before the quarter closes.

Each card covers a single moment on a call: a buyer drops a phrase about AI agents or non-human identities, and you have about ten seconds to decide whether you lean in or change the subject. The translation unpacks what they're actually telling you. The question keeps you in discovery without pretending you're the SE. Scan before the call, or pull one up mid-conversation. The whole point is staying in the room long enough to find what's there.

Six Buyer Lines

Offices are back up to speed after the long weekend, and summer QBRs are already filling the calendar. You will hear at least one of these six phrases before the quarter closes.

Each card covers a single moment on a call: a buyer drops a phrase about AI agents or non-human identities, and you have about ten seconds to decide whether you lean in or change the subject. The translation unpacks what they're actually telling you. The question keeps you in discovery without pretending you're the SE. Scan before the call, or pull one up mid-conversation. The whole point is staying in the room long enough to find what's there.

Non-Human Identities

"We're Worried About Our Non-Human Identities"

They mean: Machine accounts, API keys, and automated processes are multiplying faster than anyone is governing them. Ask this: "How are you currently tracking which systems those identities can reach?" Their answer tells you whether this is an inventory problem or an access control problem.

Shadow AI

"We've Got Some Shadow AI Concerns"

They mean: Employees are connecting AI tools to agency systems without IT knowing, creating ungoverned access no one is watching. Ask this: "Do you know which employees have connected AI tools to agency data in the last 90 days?" The 90-day window makes it concrete and answerable.

Agent Protocol

"Are You Familiar With MCP?"

They mean: They're evaluating Model Context Protocol, the open standard that lets AI agents plug into enterprise tools, and they want to know who governs those connections. Ask this: "When an agent connects through MCP, who controls what data it can access?"

Kill Switch

"We Need a Kill Switch for Our Agents"

They mean: They want instant revocation of an AI agent's access the moment it misbehaves or gets compromised. Ask this: "If one of your AI agents were compromised tomorrow, how quickly can you revoke its access across every system it touches?" Speed of answer here is the whole signal.

Zero Trust

"Where Does This Fit in Our Zero Trust Maturity?"

They mean: They're mapping capabilities against CISA's Zero Trust Maturity Model and trying to place AI identity governance within it. Ask this: "Has your team assessed where your AI pilots sit against CISA's identity pillar maturity levels?" If they haven't, that's your opening.

FedRAMP Status

"Is This FedRAMP Authorized?"

They mean: Nothing moves forward until they confirm a capability can be procured under their agency's current authorization requirements. Ask this: "Let me get you the current authorization status for exactly what you need. Which capabilities are highest priority so I connect you with the right technical resource?"

PART ONE

AI agent and agentic concepts

OPEN

Your buyer's AI automation conversation now runs through five terms: agentic AI, AI orchestration, MCP, kill switch, and shadow AI. Joint Five Eyes guidance already requires verified identities for autonomous agents. MCP has hit 97 million monthly SDK downloads with no native enterprise auth. Gartner says 69% of organizations suspect employees are using prohibited AI tools. All five terms trace back to an identity governance gap. Each entry below gives you the definition, the buyer's stake, and a single question that keeps you in the room.

PART TWO

NHI Credential Risk Cluster — Field Glossary

OPEN

Machine credentials outnumber human identities by at least 45 to 1 in most enterprises, and in cloud-heavy environments the ratio can exceed 140 to 1. Most agencies have never fully inventoried that side of their identity environment. These six terms cover what an AE will hear when a government IT buyer starts talking about credential risk they're only beginning to measure: the NHIs themselves, the aging service accounts and exposed API keys that create the exposure, and the remediation concepts that move the conversation forward.

NHI Credential Risk Cluster — Field Glossary

PART THREE

Okta Product Glossary: Seven Terms Your Buyer Will Hear

OPEN

Seven Okta terms keep surfacing in AI identity conversations, and the first thing any AE needs to know is which ones are safe to bring up on a federal call. This glossary is organized by deal readiness: three terms are FedRAMP-authorized today, two are commercial-only, one needs SE verification before you position it, and the last is the architecture narrative that ties the other six into a single platform story. Every entry opens with an explicit availability status line.

Okta Product Glossary: Seven Terms Your Buyer Will Hear

PART ONE

AI agent and agentic concepts

OPEN

Your buyer's AI automation conversation now runs through five terms: agentic AI, AI orchestration, MCP, kill switch, and shadow AI. Joint Five Eyes guidance already requires verified identities for autonomous agents. MCP has hit 97 million monthly SDK downloads with no native enterprise auth. Gartner says 69% of organizations suspect employees are using prohibited AI tools. All five terms trace back to an identity governance gap. Each entry below gives you the definition, the buyer's stake, and a single question that keeps you in the room.

PART TWO

NHI Credential Risk Cluster — Field Glossary

OPEN

Machine credentials outnumber human identities by at least 45 to 1 in most enterprises, and in cloud-heavy environments the ratio can exceed 140 to 1. Most agencies have never fully inventoried that side of their identity environment. These six terms cover what an AE will hear when a government IT buyer starts talking about credential risk they're only beginning to measure: the NHIs themselves, the aging service accounts and exposed API keys that create the exposure, and the remediation concepts that move the conversation forward.

PART THREE

Okta Product Glossary: Seven Terms Your Buyer Will Hear

OPEN

Seven Okta terms keep surfacing in AI identity conversations, and the first thing any AE needs to know is which ones are safe to bring up on a federal call. This glossary is organized by deal readiness: three terms are FedRAMP-authorized today, two are commercial-only, one needs SE verification before you position it, and the last is the architecture narrative that ties the other six into a single platform story. Every entry opens with an explicit availability status line.

Compliance Terms

Compliance and Framework Terms: The Mandate Vocabulary That Turns AI Pilots Into Identity Conversations

Zero Trust NIST SP 800-207 model: verify every identity continuously, grant no implicit trust based on network location. OMB M-22-09 made this mandatory for agencies, but verification was built around humans while AI agents operate in the gap. "How are you extending continuous verification to the non-human identities running AI workloads?"

FedRAMP Federal authorization framework gating all cloud procurement at Low, Moderate, or High impact levels. Any AI identity governance tool touching agency infrastructure falls in scope, so authorization status filters competitors before features matter. "Does your procurement timeline require FedRAMP-authorized tooling for AI identity governance?"

CISA Zero Trust Maturity Model Four-stage framework (Traditional, Initial, Advanced, Optimal) agencies use to measure and report Zero Trust progress across five pillars. OMB M-24-14 requires maturity reporting through FY2026, making ungoverned AI agents a documentable gap no one wants on the record. "Where do AI agents fall in your current ZTMM identity pillar assessment?"

Identity Pillar First of five CISA ZTMM pillars, explicitly scoped to non-person entities because CISA treats identity as the primary control point for everything else. Most agencies score Advanced for human identity but remain at Traditional for the AI agents and service accounts their own workforce is spinning up. "If an auditor asked for identity pillar evidence on your AI agents today, what would you hand them?"

Compliance Terms

Compliance and Framework Terms: The Mandate Vocabulary That Turns AI Pilots Into Identity Conversations

Zero Trust NIST SP 800-207 model: verify every identity continuously, grant no implicit trust based on network location. OMB M-22-09 made this mandatory for agencies, but verification was built around humans while AI agents operate in the gap. "How are you extending continuous verification to the non-human identities running AI workloads?"

FedRAMP Federal authorization framework gating all cloud procurement at Low, Moderate, or High impact levels. Any AI identity governance tool touching agency infrastructure falls in scope, so authorization status filters competitors before features matter. "Does your procurement timeline require FedRAMP-authorized tooling for AI identity governance?"

CISA Zero Trust Maturity Model Four-stage framework (Traditional, Initial, Advanced, Optimal) agencies use to measure and report Zero Trust progress across five pillars. OMB M-24-14 requires maturity reporting through FY2026, making ungoverned AI agents a documentable gap no one wants on the record. "Where do AI agents fall in your current ZTMM identity pillar assessment?"

Identity Pillar First of five CISA ZTMM pillars, explicitly scoped to non-person entities because CISA treats identity as the primary control point for everything else. Most agencies score Advanced for human identity but remain at Traditional for the AI agents and service accounts their own workforce is spinning up. "If an auditor asked for identity pillar evidence on your AI agents today, what would you hand them?"

Continuing obligation:

The FY2024 M-22-09 deadline passed, but federal CIO guidance treats Zero Trust as ongoing investment requiring continuous evolution and reporting.

Impact levels:

Roughly 80% of FedRAMP authorizations sit at Moderate, covering 323 security controls for systems handling controlled unclassified information.

Four stages:

CISA ZTMM V2.0 added the Initial stage in April 2023 to acknowledge that agencies start from wildly different baselines.

NPE scope:

CISA's own language defines identity to include "non-person entities" alongside agency users, so AI agents fall squarely within the pillar.

Active reporting:

OMB M-24-14 requires agencies to document current and target ZTMM maturity for all high-value assets by end of FY2026.

Availability Guardrails

Federal Procurement Guardrail: Which Okta AI Identity Capabilities Are Authorized Today

Authorized now: Okta Identity Governance (OIG) and Okta Workflows. Both FedRAMP High. Procurable today.

In process: Identity Threat Protection with Okta AI (ITP). GA commercial. FedRAMP Moderate authorization was projected Q2 2025 but never publicly confirmed as complete. Do not position as authorized. Verify with your SE before every federal conversation.

Commercial only: Cross App Access (XAA) and ISPM Agent Discovery. Both Early Access. No FedRAMP authorization of any kind.

When a buyer asks about something not yet authorized, say it straight: "That capability is live in our commercial environment but hasn't completed FedRAMP authorization. I'll get you the current timeline from our public sector team." Then pivot to OIG and Workflows, which are procurable right now. The rep who tells the truth about availability is the rep the CISO calls back.

Availability Guardrails

Federal Procurement Guardrail: Which Okta AI Identity Capabilities Are Authorized Today

Authorized now: Okta Identity Governance (OIG) and Okta Workflows. Both FedRAMP High. Procurable today.

In process: Identity Threat Protection with Okta AI (ITP). GA commercial. FedRAMP Moderate authorization was projected Q2 2025 but never publicly confirmed as complete. Do not position as authorized. Verify with your SE before every federal conversation.

Commercial only: Cross App Access (XAA) and ISPM Agent Discovery. Both Early Access. No FedRAMP authorization of any kind.

When a buyer asks about something not yet authorized, say it straight: "That capability is live in our commercial environment but hasn't completed FedRAMP authorization. I'll get you the current timeline from our public sector team." Then pivot to OIG and Workflows, which are procurable right now. The rep who tells the truth about availability is the rep the CISO calls back.

OIG scope:

OIG covers non-person entities including bots and service accounts, making it your authorized entry point for federal AI identity governance conversations today

ITP caution:

The Q2 2025 FedRAMP Moderate target was never publicly confirmed complete. Treat ITP as unauthorized until your SE says otherwise

XAA risk:

Okta's most visible AI agent capability. Positioning it in a federal deal before authorization is a credibility-ending mistake, full stop

Redirect anchor:

Always pivot to what is procurable. OIG plus Workflows gives you an authorized governance-and-automation stack that holds the conversation open

Verification date:

May 26, 2026. Reverify before every quarterly business review. Authorization timelines shift without notice

Handoff Boundaries

Where Okta's Story Stops: Boundary Terms and the SE Handoff That Proves You Did Your Job

Six terms surface on AI calls that live in the model layer, not identity. Prompt injection: unauthorized input hijacking model behavior. Training data poisoning: corrupted data skewing model outputs. LLM red teaming: stress-testing model vulnerabilities. AI hallucination: confident outputs that are factually wrong. AI bias/fairness: systematic skew in model decisions. Model observability: tracking model performance and drift in production.

Your redirect for any of them: "That's a model-security concern. The identity question is whether the agents touching those systems are scoped and auditable." When the buyer moves from "does this apply to us" to "how would this work here," bring your SE in. You found the signal. That was the job.

Handoff Boundaries

Where Okta's Story Stops: Boundary Terms and the SE Handoff That Proves You Did Your Job

Six terms surface on AI calls that live in the model layer, not identity. Prompt injection: unauthorized input hijacking model behavior. Training data poisoning: corrupted data skewing model outputs. LLM red teaming: stress-testing model vulnerabilities. AI hallucination: confident outputs that are factually wrong. AI bias/fairness: systematic skew in model decisions. Model observability: tracking model performance and drift in production.

Your redirect for any of them: "That's a model-security concern. The identity question is whether the agents touching those systems are scoped and auditable." When the buyer moves from "does this apply to us" to "how would this work here," bring your SE in. You found the signal. That was the job.

Architecture depth:

Buyer describes multi-agent orchestration or agents spawning other agents. Your SE maps Okta capabilities to their specific environment.

FedRAMP status:

Any question about authorization status for a specific Okta AI capability gets confirmed by your SE before you answer. No exceptions.

Competitor comparison:

Buyer wants technical differentiation against CyberArk, Entra, or an NHI pure-play. Brief your SE on what's being compared and why.

Certainty test:

If your gut says "I think so" instead of "I know," say "let me bring in our engineer to get you a precise answer."

Implementation scope:

Conversation shifts from whether identity governance applies to how it deploys. That handoff is proof you ran discovery right.