PEXA protects high-value property transactions with streamlined IAM

PEXA is now running all of its customer identity and access management through Okta, meaning it now uses the same technology for staff and customers.

Having initially implemented Okta for workforce IAM seven years ago, PEXA recently extended this capability to customer access, coinciding with its UK expansion.

This has delivered a unified approach to identity across both internal users and external participants.

This story is part of the 2026 iTnews State of Security report. Read it for free here.

“In the past year or so we have consolidated all of our customer identity, which is about risk-based authentication and uplifting and leveraging capabilities like dark web monitoring and user password checking,” chief information security officer Graham Fairley said. 

“Aligning to a single provider also simplifies integration and operational management.”

This unified IAM approach supports advanced capabilities including adaptive authentication, device posture assessment, API security at scale, and future-facing initiatives such as passwordless access.

It could also assist with the management of artificial intelligence adoption. 

“There is also a lot of discussion around how do we do AI safely and securely at scale, because it really is turbocharging the speed of interactions in this space,” Fairley said.  

“As we get more into the agentic space, that is where some of that more modern thinking about defining and assigning roles to the agents becomes an expansion of our existing patterns.”

Whatever decisions the organisation makes, Fairley said they would need to align with its commitment to defence in depth.  

“We are trying not to rely on one control to keep us safe and secure,” he said. “So it is really building those layers up.”

Bolstering security

Sitting at the centre of Australia’s property market, PEXA processes more than 20,000 property settlements each week and has facilitated over $5 trillion in transactions since 2013. 

With such high-value transactions flowing through its platform, its not surprising that in the 2025 financial year PEXA experienced (and successfully defended against) 6.5 million intrusion attempts.

In recent times, Fairley and his team have worked to consolidate the company’s overall cyber security stack.  

“As a designated critical infrastructure provider, we’ve had to significantly uplift our capabilities, including how we integrate threat intelligence and improve resilience,” Fairley said. 

“At the same time, we need to ensure the reliability and trustworthiness of our technology to maintain a strong customer experience.”

Simplifying PEXA’s identity and access management capability through consolidating multiple tools into a single platform, provided by Okta, is considered a key part of this strategy.

“IAM is effectively the front door into our platform and so it is subject to a fair bit of attack,” Fairley said. 

“We need to strengthen how we manage access by understanding where users are coming from, whether behaviour aligns with expected patterns, and identify anomalies. Modern IAM platforms enable this through better signalling and data correlation.”

With a diverse customer base that ranges from small conveyancing firms to large financial institutions, PEXA must also balance the need for security with a requirement for usability.

“Having hard and fast security rules can drive unintended consequences from user behaviour, so it is important to find that balancing point,” Fairley said.

“Trying to deliver a good user experience that hits all of those demands is a key consideration.”