Industry: Developer-tools and infrastructure
Identity disaster recovery for developer-tools and infrastructure companies
Developer-tools companies live on their own Okta tenant. The SRE team also runs production. When an authentication policy change breaks SSO to PagerDuty, Datadog, or the internal admin console, the on-call rotation goes blind.
What goes wrong
Three incidents you have already seen variations of
Sign-on policy change locks SRE out of incident tooling
A tightened sign-on rule applied to the IT-managed group accidentally covered the SRE on-call group too. The on-call engineer could not reach PagerDuty, Datadog, or the runbook wiki — through the only consoles wired to handle the situation.
Workflows-driven team membership sync corrupts on-call rotation
An Okta Workflows automation kept Okta groups in sync with PagerDuty schedules. A small change to the flow caused groups to drift. The 2am page went to the wrong on-call. The actual on-call missed the page until the next morning.
SAML certificate expiry takes down internal admin tools simultaneously
A long-lived SAML signing certificate for the IdP-of-record expired at 04:00 UTC. Every internal admin tool that used SAML went offline at the same moment.
Regulatory shape
Compliance and audit angle
SOC 2 Type II, ISO 27001, and increasingly customer-driven CAIQ / SIG questionnaires assume the identity layer is restorable. Butterfly's Audit Pack maps to SOC 2 CC6 (Logical Access), CC7 (System Operations), and ISO 27001 A.5.16 / A.8.5.
How Butterfly fits
The recovery layer for developer-tools and infrastructure identity
Butterfly snapshots every Okta resource the SRE rotation depends on — sign-on policies, group rules, Workflows automations, SAML configurations, and certificates. Restore preview shows which on-call groups would be touched before you commit. The Restore Readiness Score is the dashboard SRE leadership puts in front of their CISO and CTO.
Frequently asked
FAQ
Does Butterfly capture Workflows automation logic?
Yes. Workflows flows, connections, triggers, and folder structure are part of every backup. Restore preview lets the team see flow-level changes before applying.
How does Butterfly fit a CAIQ or SIG response?
The Audit Pack PDF gives you most of the evidence inputs for CAIQ DCS-04, IAM-02, IAM-10 and SIG sections G, I, N. You attach the relevant section to the questionnaire response.
What is the install path on a tenant with strict CSP and IP allow-lists?
Butterfly is published in the Okta Integration Network as an API Service Integration. The traffic egress is documented in the Trust Center for IP-allowlist requests.
More