Okta Tech Advisory Design Services

Statement of Work

Confidentiality Notice

This Statement of Work constitutes Okta Confidential Information and is intended for the internal use of Okta Customers only to evaluate the Statement of Work and may not be duplicated, used or distributed externally or reproduced for external distribution in any form without express written permission of Okta, Inc.

Copyright (c) 2024 Okta, Inc. All Rights Reserved.


1. Project Summary

This Statement of Work (“SOW”) is issued under, and subject to, the terms and conditions of the Agreement (as that term is defined in the Order Form).

Okta Technical Advisory Design Services “Professional Services” are based on Okta’s practices for integrating the Okta Service with Customer’s applications in a series of virtual workshop sessions (“Working Sessions”) with the Customer (collectively the “Professional Services”). Okta offers Technical Advisory Sessions for Workforce Identity Cloud (“WIC”), Customer Identity Cloud (“CIC”),and Customer Identity Solution (“CIS”) customers. 

A Working Session is intended to cover a single topic. The parties must agree to the topic at least one (1) week in advance of the scheduled Working Session, so the Okta technical advisor can prepare for the Working Session. At Okta’s discretion, multiple topics may be covered in a single session. The Customer and Okta will work together to prioritize topics within scheduled Working Sessions.


2. Project Scope

The following activities shall be within the scope of this SOW:

Working Sessions will be facilitated by an Okta Tech Advisor Architect to assist Customer with architecting Identity Access Management (“IAM”) topics. Design sessions focus on architecture best practices.

Example topics for a Design Sessions include: 

  • Tenant Configuration options
  • Multi Factor Authentication considerations 
  • Application Integration for SSO / provisioning patterns 
  • Data source / directory integration design
  • User import advice
  • Workflow design to address a use-case 
  • User registration / reset flow advice

Customer Obligations

To ensure that the Customer receives the greatest value from each working session, Okta requests the following:

  • Ensure that working sessions are scheduled and attended by the appropriate resources (Subject Matter Experts “SMEs”: employees, contractors, or third-party) that are relevant to the working session.
  • Ensure that the working sessions begin on time and that the resources are available for the duration of the working session.
  • Build the configuration / code based on advice given during the Design Session.  This includes review, test, stage, and deployment, as appropriate.  
  • Schedule a follow-on Build Session for the topic (if needed).


  • All working sessions are to be scheduled in two (2) hour blocks.
  • There could be a maximum of two (2) ad hoc email requests / discussions outside a working session. If Okta determines these requests/emails require more than 30-minutes, it will be considered as a working session. 
  • The quantity of sessions purchased are specified on the Order Form.


3. Out of Scope

Not all requests are appropriate for session-based Professional Services.  

Requests that could not reasonably be expected to be completed within a single Design Session are out of scope for this SOW.  Examples include:  

  • Complex Human Resources-as-a-source (HRaaS) integration / configuration
  • Tenant diagnostics / Health checks 
  • Performance tuning of integrations  
  • Complex IDP co-existence models / Hub-and-spoke models 

The following products / features require significant coordination of resources and technology.  They also cannot reasonably be completed within a single Design Session.  Requests for these topics are out of scope for this SOW:

  • OKTA Access Gateway (OAG)
  • OKTA Advance Service Access (ASA) 
  • OKTA Identity Governance (OIG) 
  • OKTA API Access Management
  • Mobile Device Management (MDM) Integration / Device Trust 
  • Multiple / complex on-premise integrations (MS Sharepoint / Exchange, for example) 
  • Fine Grained Authorization (FGA)
  • Impersonation
  • CIC Private Cloud offerings
  • CIC Mobile / Web SSO

Additionally, the following features, functionality and activities are out of scope for this SOW:

  • Features / integrations not listed in the Okta Integration Network (OIN), Auth0 Marketplace, or Okta Workflows Template directory.
  • Any functionality that is part of roadmap, beta, or early access programs.
  • SSO integrations which are not based on IAM industry standards such as SAML, OIDC, WS-Fed, OAuth, etc.
  • Devices, authenticators, technology, or integrations not supported by Okta.
  • Advice relating to FedRamp or HIPAA impacted tenants.


4. Fees & Expenses

Customer shall pay Okta the Fees and expenses set forth on the applicable Order Form in accordance with the terms of the Agreement. Actual reasonable and out-of-pocket expenses and taxes are not included herein and will be invoiced separately per the terms of the Agreement.

The Professional Services described in this SOW will be provided on a fixed fee basis. The term of this SOW (“SOW Term”) shall commence on the date the Order Form is fully executed (“Order Form Effective Date”) and shall expire on the earlier of:  (a) six (6) months after the Order Form Effective Date, or (b) upon completion of the Project Scope set forth in Section 2.  The Professional Services included in this SOW will be available to Customer during a eight (8) week period within the SOW Term commencing on the initial Project Kick Off Meeting (as defined above) which may be scheduled after execution of the applicable Order Form.  All Professional Services available under this SOW may only be redeemed during the SOW Term.   Project delays resulting from Customer’s failure to Cooperate (as defined below) will not extend the SOW Term Okta is not responsible for and shall be relieved of responsibility for performing any Professional Services which have not been completed during the term due to Customer’s failure to Cooperate or failure to schedule such Professional Services in a timely manner. No refunds or credits will be provided for any Professional Services Fees. Fees will be invoiced upon the execution of the Order Form and will be due in accordance with the terms of the Agreement.


5. Scheduling

Each project begins with a Project Kick Off Meeting to review requirements and to ensure that all stakeholders understand project objectives; identify resources, roles, and responsibilities; identify and mitigate risk; develop a project schedule, and maintain velocity during project execution. As such, Okta and Customer project managers will be responsible for planning, management and execution of a project schedule for Okta resources.

Okta will provide Professional Services during regular business hours (8:00 a.m. to 5:00 p.m.), Monday through Friday, except holidays (''Business Hours'') of the Okta office which is providing the Services. Okta will work remotely based on a mutually agreed plan throughout the execution of this engagement. For technical consultants, remote work shall be scheduled at a minimum of two (2) hours per working session. Customer must cancel any Professional Services scheduled to be provided at least two (2) business days in advance or it will lose the scheduled working session(s) and that particular session will be marked as complete.


6. Customer Obligations

General Customer Obligations

The Customer will:

  • Remain engaged throughout the duration of the Professional Services by actively participating, providing requested integration information, and otherwise completing its obligations as set forth in this SOW in a timely manner (“Cooperate”).
  • Complete the functional and technical analysis and discovery.
  • Establish a communication and escalation plan including assigning appropriate resources who are knowledgeable about the technical and business aspects involved in the project including a dedicated project manager.
  • Provide access to any third-party services or software, as required.
  • Procure services or software and license rights necessary for the Okta Service to integrate to such services or software.
  • Pay any service provider costs required to enable SSO on applications that are in scope of this engagement.
  • Provide and test all of the necessary remote access by Okta to Customer systems prior to the commencement of the Professional Service.
  • Be responsible for all hardware/virtual machines operating system(s), browser(s), commercial application(s), code for custom developed applications, application/web server(s), directory(s), database, network, proxy, and firewall maintenance and security as well as an active backup and recovery strategy as applicable for the aforementioned.
  • Provide complete and accurate data for integration with the Okta Service.
  • Prepare and manage all corporate communications and training activities to promote greater adoption and higher satisfaction from Users. Sample communication templates may be provided for Customer use.


7. Assumptions

General Project Assumptions

  • Any service or activity not specifically included in this SOW is not included in the scope of this engagement.
  • Support for out of scope requirements will require the execution of a new SOW with an associated cost.  Upon execution of a new SOW, Okta cannot guarantee that the Smart Start project resources will be re-assigned to the new Professional Services engagement.
  • Okta and Customer will work together in good faith to resolve any issues quickly.
  • Scheduling for the Professional Services to be performed are based upon a first come first serve basis and will be mutually agreed upon by the parties prior to the commencement of the Professional Services hereunder.
  • Okta will follow independent software vendor guidelines for supported and deprecated versions of a product.
  • The Professional Services will be conducted remotely.
  • There could be a maximum of two (2) ad hoc email requests / discussions outside a working session if required. If Okta determines these requests/emails require more than 30-minutes, it will be considered as a working session.