Okta IdEA Experience Design

Statement of Work

Confidentiality Notice

This Statement of Work constitutes Okta Confidential Information and is intended for the internal use of Okta Customers only to evaluate the Statement of Work and may not be duplicated, used or distributed externally or reproduced for external distribution in any form without express written permission of Okta, Inc.

Copyright (c) 2024 Okta, Inc. All Rights Reserved.

 

1. Project Summary

This Statement of Work (“SOW”) is issued under, and subject to, the terms and conditions of the Agreement (as that term is defined in the Order Form).

Okta Experience Design Services “Professional Services” are based on Okta’s practices by analyzing your identity infrastructure against business objectives. Using this data to formulate a strategy for your future-state identity architecture requirements including best practices, current usage review, and Okta product evaluation. Okta offers Experience Design services for Workforce Identity Cloud (“WIC”), Customer Identity Cloud (“CIC”),and Customer Identity Solution (“CIS”) customers. Okta Professional Services will work collaboratively with Customer’s team in a series of virtual workshop sessions, in order to assist with the Experience Design. 

Customer acknowledges and agrees that:

  • The Services are provided on an advisory basis, for information purposes only and are not intended to convey legal, regulatory or similar professional advice;
  • Okta will not discover or identify all errors, flaws, vulnerabilities or weaknesses in Customer’s [Okta environment] through the Services described herein;
  • Customer, and not Okta is solely responsible for the security of its software, systems and products, and Okta’s provision of the Services does not in any way relieve Customer of any responsibility for the design, manufacturing, testing, marketing, sale and security of Customers software, systems, and products; and
  • Okta cannot and does not provide any guarantee or warranty that its Services will ensure Customer’s software, systems or products will not be vulnerable, susceptible to exploitation, free from hacking and/or eventually breached, even if Okta’s recommendations are followed.

 

2. Project Scope

The following activities shall be within the scope of this SOW:

  • One (1) two-hour Project kick off and requirements gathering session.
  • Three (3) two-hour technical design sessions delivered over up to a three (3) week time frame. 
  • One (1) two-hour readout session and one (1) high level Experience Design readout report.
  • One (1) revision to final high level Experience Design report.

PROJECT KICK OFF

  • Okta project manager and technical architect will meet with the Customer project team to discuss Customer prerequisites and requirements.
  • Okta project manager and Customer project team will schedule sessions with an Okta technical architect.

Customer Obligations

  • Actively participate in the Kick Off Meeting.
  • Collaborate with Okta project manager on creating a high level project schedule, project communication plan, and Kick Off Meeting Agenda.
  • Provide required resources for participation: executive sponsor, project sponsor, project manager, and technical resources.

Assumptions

  • The Kick Off Meeting will be delivered remotely.
  • The project communication plan is focused on the communication of the Okta and Customer Experience Design efforts and is not the Customer's end user or business user communication plan. 

TECHNICAL DESIGN SESSIONS

Okta Professional Services will conduct technical workshops sessions to drive a top to bottom discovery of the customer’s Okta’s identity landscape. These sessions will focus on security and operational efficiency. Okta Professional Services will leverage a prescribed methodology which will address the following scope:

  • Business Objectives
    • Current State
    • Current Challenges
    • Business Outcomes
  • Security
    • Threat Detection + Prevention
    • Identify Proofing
    • User Management
    • User Lifecycle Management
    • Authorization Management
    • Authentication Management
  • Operational Efficiency
    • Architecture & Design
    • Federation Management
    • Directory Management
    • Application Integration / External Connections
    • Reporting & Monitoring
  • User Experience
    • UI/UX
    • Progressive Profiling
    • Consent Management
    • User Registration
    • Self Service 

 

Customer Obligations

To ensure that the Customer receives the greatest value from each technical design session, Okta requests the following:

  • Ensure that technical design sessions are scheduled and attended by the appropriate resources (Subject Matter Experts “SMEs”: employees, contractors, or third-party) that are relevant to the design session.
  • Ensure that the technical design sessions begin on time and that the resources are available for the duration of the design session.
  • Ensure that all information required for the technical design sessions (pre-work) is prepared in advance of the technical design session.
  • Provide access to any third-party services or service providers as required.
  • Provide complete and accurate data for integration with the Okta Service.

Assumptions

  • All design technical sessions are to be scheduled in two (2) hour blocks.
  • There will be a maximum of three (3), two (2) hour design sessions.
  • Okta will review up to (5) Custom Workflows

EXPERIENCE DESIGN READOUT REPORT

Okta will provide a Readout Document, and perform one (1) review session with the Customer team for any additional feedback. The high level diagnostic report readout will include:

  • High Level Experience Design Analysis
  • Identity Enabled Business Goals + Outcome Summary
  • High Level Requirements with Solution Design Recommendations
  • User Personas and Journeys Maps
  • Current State Architecture Diagram
  • Future State Solution Architecture Diagram

Customer Obligations

To ensure that the Customer receives the greatest value from each design session, Okta requests the following:

  • Timely review of report recommendations.

Assumptions

  • Experience Design report readout session is to be scheduled in one (1) two-hour block.
  • Up to 6 personas and 2 journeys will be included.
  • Up to 6 business processes (i.e. User Registration, Password Reset, etc) will be mapped.
  • Documentation will be provided in English.
  • Documentation developed will be based on Okta template formats.

 

3. Out of Scope

Not all Okta features or products are appropriate for this type of Professional Services engagement or potentially require additional Okta technical resources. The following features, functionality and activities are out of scope for this Statement of Work:

  • Implementation activities
  • Okta configuration updates
  • Code, extension, application, and / or integration reviews
  • Support sessions
  • Troubleshooting sessions
  • Detailed Technical design documentation
  • Remediation of an existing security incident / breach
  • Specific industry / regulatory compliance or audit checks
  • General Identity Access Management health check best practices (not related to security posture)
  • Review of Okta Identity Governance, Okta Access Gateway, or Advanced Server Access usage.
  • Review of any additional workflows outside of the (5) five custom workflows identified
  • Any services or activity not specifically included in the Project Scope section of this SOW.
  • Features not supported within the Okta Integration Network (OIN).
  • Any functionality that is part of Roadmap, Beta or Early Adopter programs.
  • Customer staging, end user communication, and change management. 

 

4. Fees & Expenses

Customer shall pay Okta the Fees and expenses set forth on the applicable Order Form in accordance with the terms of the Agreement. Actual reasonable and out-of-pocket expenses and taxes are not included herein and will be invoiced separately per the terms of the Agreement.

The Professional Services described in this SOW will be provided on a fixed fee basis.The term of this SOW (“SOW Term”) shall commence on the date the Order Form is fully executed (“Order Form Effective Date”) and shall expire on the earlier of:  (a) six (6) months after the Order Form Effective Date, or (b) upon completion of the Project Scope set forth in Section 2.  The Professional Services included in this SOW will be available to Customer during a eight (8) week period within the SOW Term commencing on the initial Project Kick Off Meeting (as defined above) which may be scheduled after execution of the applicable Order Form.  All Professional Services available under this SOW may only be redeemed during the SOW Term.   Project delays resulting from Customer’s failure to Cooperate (as defined below) will not extend the SOW Term Okta is not responsible for and shall be relieved of responsibility for performing any Professional Services which have not been completed during the term due to Customer’s failure to Cooperate or failure to schedule such Professional Services in a timely manner. No refunds or credits will be provided for any Professional Services Fees. Fees will be invoiced upon the execution of the Order Form and will be due in accordance with the terms of the Agreement.

For U.S. Government Customers, including but not limited to federal, state, local, tribal, and certain educational institutions, the purchase of Professional Services under this SOW includes Okta [(2) Learning Pass or (2) Seats in a Public Instructor Led Class] (“Self-Service Option”), subject to the terms and conditions set forth at https://www.okta.com/training-terms/. Inclusion of the Self-Service Option facilitates Customer’s effective and holistic use of Okta’s products and services, regardless of the degree to which Customer utilizes  Professional Service hours available under this SOW during the Services Term and shall be considered adequate satisfaction of all related contractual obligations herein. For the avoidance of doubt, the Professional Services hours available under this SOW shall expire no later than the expiration of the Services Term, at which point Customer shall neither be eligible for: (a) continued use of Professional Services hours under this SOW; (b) or a refund.

 

5. Scheduling

Each project begins with a Project Kick Off Meeting to review requirements and to ensure that all stakeholders understand project objectives; identify resources, roles, and responsibilities; identify and mitigate risk; develop a project schedule, and maintain velocity during project execution. As such, Okta and Customer project managers will be responsible for planning, management and execution of a project schedule for Okta resources.

Okta will provide Professional Services during regular business hours (8:00 a.m. to 5:00 p.m.), Monday through Friday, except holidays (''Business Hours'') of the Okta office which is providing the Services. Okta will work remotely based on a mutually agreed plan throughout the execution of this engagement. Customer must cancel any Professional Services scheduled to be provided at least two (2) business days in advance or it will lose the scheduled design session(s) and that particular session will be marked as complete