Does Okta have native backup?

No. Okta operates under a shared responsibility model and does not provide built-in backup or restore capabilities. You are responsible for your own disaster recovery.

What Okta resources can Butterfly Security backup?

Butterfly Security supports 70+ resource types including users, groups, applications, policies, authorization servers, Workflows (flows, tables, connectors), brands, and more.

Can I backup Okta Workflows?

Yes. Butterfly Security provides complete Workflows backup including flow definitions, folder structure, table data (CSV export), and custom connectors from Connector Builder.

How long does an Okta backup take?

Backup time depends on org size and provider rate limits. Small orgs (under 1,000 users): 2-5 minutes. Medium orgs (1K-10K users): 10-20 minutes. Large orgs (10K-50K users): 20-45 minutes. Enterprise (50K+ users): 45 minutes to 2+ hours. Nested resources and API rate limits add natural pacing.

Is Butterfly Security secure?

Yes. All backups are encrypted at rest with AES-256, stored in isolated per-account storage, with credentials encrypted separately. We use SOC 2 compliant infrastructure.

Can I export Okta configuration to Terraform?

Yes. Butterfly Security can generate Terraform HCL from your backups, enabling Infrastructure as Code workflows and version-controlled Okta configuration management.

What is a dry-run restore?

Dry-run restore generates a preview showing exactly what would be created, updated, or skipped before making any changes. This ensures safe, predictable restores with no surprises.

Can I restore to a different Okta org?

Yes. Backups use name-based matching so they are portable across orgs. This enables sandbox sync, environment replication, and disaster recovery to alternate orgs.

Terms of Service | Butterfly Security

1. Acceptance of Terms

By accessing or using Butterfly Security ("the Service"), you agree to be bound by these Terms of Service. If you do not agree to these terms, please do not use the Service.

2. Description of Service

Butterfly Security provides backup and disaster recovery services for identity providers and automation platforms including Okta, Microsoft Entra ID, Auth0, Ping Identity, 1Password, Workato, Boomi, and Zapier. The Service allows you to create backups of your provider configuration, including users, groups, applications, policies, and related resources.

2A. Beta Service & Best-Effort Support

IMPORTANT: BETA SERVICE NOTICE

Butterfly Security is currently offered as a beta service. All features, availability, and support are provided on a best-effort basis.

By using the Service during the beta period, you acknowledge and agree that:

The Service is in active development and may contain bugs, incomplete features, or undergo significant changes without notice
Support is best-effort only — there are no guaranteed response times, uptime commitments, or service level agreements (SLAs)
No production guarantees — the Service is not warranted for production use. While production environments may be connected, doing so is entirely at your own risk
Backup completeness is not guaranteed — backups may be partial, delayed, or fail due to provider rate limits, API changes, network conditions, or other factors outside our control
Data retention during beta — we make reasonable efforts to retain your backup data, but cannot guarantee long-term retention or availability during the beta period
Features may change or be removed — any feature available during beta may be modified, deprecated, or removed at any time
Regional coverage is limited — not all identity provider regions have been fully tested. Coverage is expanding toward general availability

The beta period will end when the Service transitions to general availability, at which point updated terms will apply. Continued use after general availability constitutes acceptance of the updated terms.

3. Environment Types

3.1 Sandbox/Preview Environments (Recommended for Initial Testing)

We recommend initial testing with sandbox and preview environments, including:

Okta Preview organizations (*.oktapreview.com) and Developer orgs (*.trexcloud.com)
Microsoft Entra ID test tenants
Auth0 development tenants
PingOne sandbox environments
1Password test accounts
Workato sandbox workspaces
Boomi test environments
Zapier development accounts

3.2 Production Environment Usage

IMPORTANT: PRODUCTION ENVIRONMENT USE

Production identity provider environments may be connected to the Service. By doing so, you acknowledge the following risks and terms.

By connecting a production environment, you acknowledge and agree that:

You assume all risk for any data loss, service disruption, security incidents, or other damages arising from use of the Service with your production environment
Restore operations are irreversible and may modify, overwrite, or corrupt your production identity provider configuration
Butterfly Security disclaims all liability for any direct, indirect, incidental, consequential, or punitive damages resulting from production use, regardless of cause
No warranty of fitness is provided for production use; the Service is provided "as is" without any guarantee of reliability, availability, or accuracy for production environments
You have the authority to connect the production environment and accept these risks on behalf of your organization
You have tested the Service in a non-production environment and understand its behavior before using it with production systems

3A. Workflows and Automation Platforms

The Service supports backup and restore of automation workflows, including Okta Workflows, Workato recipes, Boomi processes, and Zapier zaps. Additional terms apply:

Cross-org restore: Workflows may be restored to a different Okta Workflows organization than the source. You are responsible for ensuring compatibility and proper configuration in the target environment.
Connection credentials: API keys, OAuth tokens, and other credentials used by Workflow connections are NOT backed up. You must re-authenticate all connections after restoration.
Connector Builder projects: Custom connector code and configurations are backed up, but authentication configurations must be reconfigured in the target environment.
Production Workflows: Restoring Workflows to a production environment is subject to all production environment terms in Section 3.2.

4. Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

We do not warrant that:

The Service will meet your specific requirements
The Service will be uninterrupted, timely, secure, or error-free
Backups will be complete, accurate, or restorable
Any errors in the Service will be corrected

5. Limitation of Liability

IN NO EVENT SHALL BUTTERFLY SECURITY, ITS OPERATORS, AFFILIATES, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM YOUR USE OF THE SERVICE.

This includes, but is not limited to, damages arising from:

Inability to use the Service or access backups
Unauthorized access to or alteration of your data
Data loss, corruption, or incomplete backups
Failed restoration attempts
Service interruptions or downtime
Any impact to your identity provider environment, whether production or non-production

Our total liability to you for any claims arising from your use of the Service shall not exceed the amount you paid for the Service in the twelve (12) months preceding the claim.

6. Your Responsibilities

You agree to:

Maintain the security of your account credentials and OAuth keys
Use appropriate OAuth scopes and API permissions with the minimum required access
Verify backups independently before relying on them for disaster recovery
Test restoration procedures in non-production environments before applying to production
Not use the Service for any unlawful purpose
Comply with your identity provider's terms of service and acceptable use policies

7. Data Handling

By using the Service, you grant us permission to access your identity provider environment via the API credentials you provide, solely for the purpose of creating backups. We store:

Your account information (email, OAuth provider ID)
Encrypted API credentials (encrypted with AES-256 at rest)
Backup files (stored encrypted in Cloudflare R2)

See our Privacy Policy and Security page for more details.

8. Free Trial and Paid Plans

The Service offers a free trial with limitations on the number of items backed up per resource. Paid plans remove these limitations. We reserve the right to modify pricing and plan features at any time with reasonable notice.

9. Termination

You may terminate your account at any time by deleting your data from the Settings page in your dashboard. We reserve the right to suspend or terminate your access to the Service at any time for any reason, including violation of these Terms.

10. Changes to Terms

We may modify these Terms at any time. We will notify users of material changes by updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the modified Terms.

11. Third-Party Services

Butterfly Security is not affiliated with or endorsed by Okta, Inc., Microsoft, Auth0, Ping Identity, 1Password, Workato, Boomi, or Zapier. All trademarks belong to their respective owners. The Service integrates with third-party services including Okta, Microsoft Entra ID, Auth0, Ping Identity, 1Password, Workato, Boomi, and Zapier, and your use of those services is subject to their respective terms.

With your consent, we use Google Analytics to collect anonymized website usage data. Google's use of this data is governed by the Google Privacy Policy. You may opt out of analytics cookies at any time via the cookie consent banner.

12. Contact

If you have questions about these Terms, please contact us at contact@butterflysecurity.org.