Scaling Okta to 50 Billion Users

A Paradigm Shift in Scale for Identity and Access Management

50 Billion users? No, that’s not a typo.

Identity and access management is not about maintaining a profile for every person on the planet. It's about an identity - for each individual employee, customer or partner - for every organisation in the world. How many separate organisations maintain data about your own identity? 20? 50? 100?

When Okta thinks about scale, and where we need to be in the future, we think about it in the tens of billions of users. Our vision is to connect every user, every application, every organisation and every device. From the start, we made decisions for Okta's platform architecture to support this broad vision.

This approach brings a sea change from on-premises identity platforms of the past or a build-it-yourself approach. On-premise platforms are expensive, time consuming to set up, and hard to maintain. These platforms are deployed per company, and the onus for scaling them as needed is on that individual customer. Okta’s architecture, on the other hand, is designed to dynamically scale system-wide. With proprietary techniques on top of today’s leading cloud infrastructure technology, we have designed a platform with the potential for limitless scale.

Three pillars to Okta’s secure, always on architecture

 

Scalability, security, and reliability are the three pillars to Okta's secure architecture.

  • Scalability
    Capability to automatically handle a growing amount of work and potential to be enlarged to accommodate that growth
  • Reliability
    Ability to perform its intended functions and operations without experiencing failure
  • Security
    Processes, tools and policies to prevent, detect, and respond to threats
Uptime in 2019 and 2020.

This is only one part of the equation. Today’s users expect a secure, seamless experience while IT and development teams adapt to increasing demand. Interruptions, downtime and security incidents can severely hurt an organisation’s productivity. That is why Okta views scalability, reliability and security as three equally important pillars of our always on architecture.

By maximising isolation in a multi-tenant architecture, Okta guarantees 99.99% uptime and zero planned downtime. In fact, we maintained 99.9978% uptime in 2020, 99.9999% uptime in 2019, 99.9955% uptime in 2018 and 99.9975% uptime in 2017, even as we scaled 290% in authentications per month. You can see the current status of Okta's availability at any time at status.okta.com.

We believe we’re at just the beginning of our journey to 50 billion users, but along the way, we have always architected Okta for greater usage than needed. At 1 million users, we were ready for 5 million. At 10 million, ready for 50 million. At 100 million, ready for 500 million. We don’t plan to stop there. As we onboard customers with greater and greater scale requirements, we have the team and technology in place to get us to even greater levels.

Our Proven Ability to Rapidly Scale

The Okta Identity Cloud is built on the industry’s most reliable, secure and scalable platform. We knew from day one that we had to be more reliable than anything we connected to, and today we’re proud to have a proven track record.

In the past year, the volume of authentications on Okta nearly doubled. Our customer base grew from 4,350 to 6,100 year-over-year, with an increasing percentage coming from large-scale employee use cases with high daily transaction volumes and greater customisation requirements. In addition, we now support more large B2B and B2C use cases than ever before, with even higher user counts and more sporadic transaction patterns. Users now access Okta from all 195 countries worldwide, and thousands of them are accessing applications from countries like the Philippines, South Africa and Peru.

Some customers taking advantage of Okta’s scale include:

300,000 workers

Hitachi, a multinational technology company, which has over 300,000 workers authenticating across hundreds of domains with Okta

30m retail shoppers

Albertsons, one of the largest US food and drug retailers, which leverages the Okta platform to serve its more than 30 million customers across 18 banners every week

60m baseball fans

Major League Baseball (MLB), which relies on Okta to handle considerable seasonality, including authenticating a significant portion of its 60 million baseball fans during Opening Day

Preparing for 50 Billion Users

Today, Okta has hundreds of millions of users on the platform. But that just tells a fraction of the story. These users access millions of applications, representing billions of application identities managed and secured by Okta.

The number of objects in our database is not as much of a limitation as transaction volumes. In particular, authentications are the greatest load on Okta, so we closely monitor the number of authentications we can handle. Today, we authenticate millions of users per hour. Additionally, Okta's service receives hundreds of millions of web requests per day across API calls, HTTP requests and content delivery network (CDN) requests. These are mission critical authentications across customers, partners, and employees and include requests such as logins to core collaboration apps, MFA triggered by adaptive policies, minting of OAuth 2.0 and OIDC access and identity tokens, provisioning newly onboarded users to downstream apps and real-time deprovisioning of access. 

Our engineering team continues to successfully test the platform for massive increases on current loads. They have run controlled tests for individual customer tenants to hold 100 million users with corresponding increases in authentication volume. Even with such high loads, we are still not fully utilising Okta’s scale capabilities.

Since we are aiming for tens of billions of users and authentications, we’ve continued to optimise our 100% cloud architecture for extreme scale. Beyond using multiple availability zones on Amazon Web Services for redundancy and high availability, along with CDNs to further optimise scale and performance from anywhere in the world, we’ve built our architecture with proprietary Okta innovations that we call “cells.” Each cell is a self-contained instance of the entire Okta service:

Okta AWS architecture cells

 

Figure 3: Okta now bundles its entire 6-zone AWS architecture into “cells,” which can easily be spun up for scale, performance, global footprint and other requirements.

Each cell contains hundreds of automated components, which gives us several advantages:

  • Risk Mitigation
    Any fault in infrastructure is contained within a cell using a