Oktane18: All Things Admin - How We're Investing in Trust, Transparency, and Your Success



Tom Witczek: And welcome to All Things Admin, How We're Investing in Trust, Transparency, and Your Success. My name is Tom Witczek, Director of Product Management here at Okta, responsible for the admin experience. We're going to divide this session into two parts. I'm going to cover the admin experience roadmap and the future of the admin experience. I'm joined by Talia Jackson, who's going to be covering admin success resources available for you in the Help Center.

So as was mentioned, this is our famous disclaimer slide. I know you probably can't read that even in the third row, but anything we say here isn't necessarily promised or guaranteed. 

First of all, before we get started, how many admins are in the room? Alright, wonderful, you're in the right spot, don't go anywhere. 

We've heard from admins such as yourselves as well as customers in general. We've heard feedback across three main themes, and that's streamlining feature and service experience, so keeping up to date with respect to Okta product roadmap, items we're shipping and general product delivery, trust service updates and insights with respect to how trust incidents are impacting you specifically in your org as well as trying new features available in early access. 

We'll cover all of those topics as well as demos throughout today's session across each of these themes. We're also going to talk a little bit about granular, secure administration. So we've heard from you that you need more control over managing other admins as well as more granular control within Okta Administration. Lastly, we're going to give you a sneak peek with respect to the future in terms of modernizing our administration experience. We'll show you a couple concepts that we're working through in terms of the future of Okta Admin. 

But first I want to cover our first theme, which is streamlining service and feature experience. So enabling Okta Admins to find out what's happening, what's coming, and trying new products in features within Okta Admin. 

We've delivered a whole host of new ways to get information within Okta, so hopefully you've seen our new trust dashboard and we'll be demoing that as well as other things going forward in the discussion, but this is a new single page dashboard design that's really geared toward communicating what's happening with the Okta service at a glance across today, the last week, and the last 30 days.

We've also recently released our Okta product roadmap. Hopefully you've seen that, we demoed it, or actually debuted it at Oktane '17, and we've been working diligently to improve additional transparency through the Okta product roadmap. Lastly, related to the Okta product roadmap is early access feature management, so being able to try early access features as they become available for orgs, we'll demo that as well. 

Let's talk a little bit about the trust dashboard, the new trust dashboard solves several problems. Historically, it was just difficult to navigate to the trust site, there wasn't enough information, and admins really couldn't decipher what was exactly happening to the system relative to their org. So we've included a new dashboard and additional details in the dashboard so that you can understand exactly what's happening within the system via cell, what service feature is impacted as well as what audience, maybe it's admins only, maybe it's just end users. We've also consolidated incident categories from five down to two, so that it's easier to parse out what exactly is happening, whether it's a service degradation or a service disruption. We'll demo this in a second. 

But first, a couple coming attractions, so in the next several weeks, we'll be releasing a mobile version of our trust dashboard, so if you're out on the go, you can actually load this up on your mobile device and have a mobile friendly view with respect to the trust dashboard. 

Long awaited is trust incident emails. I know folks in the audience probably have been waiting for this one for a while, but we're going to have a subscription-based email that you can log into the product, select and subscribe to trust incident emails as a super org admin, and get those delivered relative to your cell. For example, if you're in cell three, you won't see what's happening in cell two. You're only going to get relevant information as based on what cell your org is in. Look out for communications on that in the near future and what to do next in terms of opting into those trust emails, so really happy to get that one out the door. 

Let's go into the demo for trust. You can see behind me the system status overall. We've divided the trust dashboard into three main areas, what's happening today, what's happened in the last week, and what's happened in the last 30 days across our core service as well as our third party services, so dependencies outside of Okta. You can see this is the live trust dashboard, so there were some incidents within the last week unfortunately, it happens. With respect to how to decipher the information here, we've consolidated again from five to two categories, so it's service degradation and service disruption. If I want to know what is rolling up into each of those categories, I can click into the learn more button and see exactly what folds up into those incident categories. Also, on the learn more button is a service features, so definition of what's in our core service as well as third party services. 

If I want to drill into see, let's say this service disruption on May 17th, I can quickly do so just with one click. You can see we're providing a lot more information than historically we have in the past with respect to what the cell was affected, what service feature, what audience, and in this particular case, the admin and the end user. You can see also the root cause analysis is available as well as the detailed incident, so if I want to see exactly each incident update to that incident, I can do so line by line. You can see here we have full transparency with respect to each incident update. 

If I want to look at all service history, I can do so over the last rolling 24 months, so this is divided up between month and year, and I can quickly scan and see if there was an incident that may have impacted my org, so that's the Okta trust dashboard.

What's next for the Okta trust roadmap? We have a trust everywhere roadmap, and we've divided that up into several key phases. So, the theme here today is really tailoring and contextualizing the admin experience to you, and we want to enable what we call per cell trust, so enabling you to log into Trust and actually see what's happening per cell. If you're in cell two for example, you'll be able to actually see filtered events just to your cell. 

Additionally, later on we want to deliver what we call API Trust, so an API to effectively consume trust information and build that into your management suite or even your custom applications so that you can actually surface that to customers or users in your custom apps. Later on, our long-term roadmap, we really want to gear towards a per org trust type of concept, so this is delivering per org telemetry and metrics that are directly available in the admin app. I'll talk a little bit about this in the modern admin experience and how we can realize that. 

I think another key theme here today across all the roadmap is going to be mobile trust or rather mobile, so applying what we're delivering here to the mobile context, so that you can on the go see exactly what's happening. In this case, it might be a push alert directly into Okta mobile in the future. 

Alright, let's talk about the Okta product roadmap. How many in the audience have actually seen the Okta product roadmap? Alright, a few of you, so about half, which is great. 

For those who haven't seen it, the Okta product roadmap is available in the Help Center today to everyone. You can get some extra features if you are a customer and if you are a super org admin and you can log in and I'll demo those shortly. I'll tell you a little bit about what it does and what it doesn't do, so this is really geared toward communicating our short term roadmap in the next four to six months. It's not our long term roadmap. This will also display product roadmap items as they change in real time, so I'll talk a little bit about that in a second. 

That enables you as admins and customers to self-serve and filter by product as well as life cycle state, so you see exactly what's coming. What it doesn't do is give dates, commitments, or guarantees, so similar to the disclaimers slide, you couldn't read earlier, we're not necessarily promising or guaranteeing anything that's on the roadmap, there's language similar to that there. However, if we do put something on the roadmap, we're pretty confident that we want to be able to deliver that in the near term. 

It also doesn't communicate the long-term roadmap, that's what Oktane's are for, that's why we're all here and why we're attending all these great sessions. Lastly, it doesn't replace release notes. In the future, we want to be able to integrate release notes into the product roadmap, so I encourage you to go check it out.

We've been up to a lot of great changes to the roadmap recently, we announced this at Oktane17 in beta, and we've been increasing transparency as we've gone through the last several months in the product roadmap. The main change here is we've moved from a monthly update cadence to a real time update cadence. This is pretty exciting in that every change that happens to the product roadmap is updated in real time. As a product manager in the system clicks EA from beta, that'll be directly reflected live in the roadmap, so you see what our product managers see, you see what our engineers see and the rest of the customer base, so huge, huge advantage there. 

We're also tracking additional information such as date it was added, date it was updated, as well as other ancillary information such as the original idea the product roadmap may have come from, as well as other resources such as blogs, etc. 

What I'm going to demo to you in a second, is the ability to actually sign up for a beta as well as turn on early access features and selectively find early access features that are available for your org.

Let's get into the demo. I'm already logged in as a super org administrator in the Help Center for my org. You can see here behind me, the Okta product roadmap is divided into three key areas, or three tabs, "In Progress" is generally in development or beta features that are available in some cases for open beta sign up, so I'll demo that in a second. "Planned" are roadmap items that are about four to six months out, engineering scoped them, we've committed to building them, and they're sitting in the hopper waiting for an engineering team to go build them. Then "Released" is features that are in or approaching early access phase as well as generally available, so I'll walk through that in a second.

So let's demo getting into a beta. I'm interested in Adaptive MFA, they've been shipping a ton of stuff lately if you've attended any of those sessions, there's a lot of stuff in the AMFA here. So, I'm going to scroll and see what's available here in beta. It looks like impossible travel is available, that's great. So, it's available for signup for beta, I think this was demoed in another session earlier at Oktane, and I click signup for beta, and great, I can sign up for the beta. If I were to click this button, this would take me to the beta signup page for this particular feature. But I don't want to stop there, I'm going to go through and see if I can find some early access features I can turn on for my org. 

So, the AMFA team, they've shipped a ton of stuff, I'm going to filter that out because I don't want to see that. I'm really just interested in administration because that's why we're all here. At instance administration, cool, looks like a great feature, has an idea, it was 670 points, that seems pretty worthwhile, it looks like it's available in early access self-service, so that's awesome. I'm going to click enable this feature, and if I were to click this, and I'll demo this in a moment, this would take me to my org where I can actually click on and turn on that feature directly within OKTA Administration. 

You can see we're really driving a close loop experience here with respect to feature betas as well as feature early access manager directly through the OKTA product roadmap. 

What's next for OKTA product roadmap? We have a roadmap for the roadmap, and similar to other themes within the roadmap overall for admin experience, we want to customize and tailor the roadmap to you. As you log into OKTA product roadmap, you'll be able to pre-filter by the products and services you own within OKTA. You have a customized tailored roadmap for the next six months according to you, that'll be a great win for customers.

Then moving forward, subscriptions and notifications, so it's great that you can access this in a self-serve manner, but we also want to be able to notify you of when things change. We want to be able to deliver the concept of watching a product roadmap item, so that you can actually get notifications when a product manager in real time clicks a feature from beta to EA and then subsequently GA. This'll be another great channel of information for admins to keep up to date with all things OKTA. In the future on the long term roadmap, we'll be refining the user experience as well as integrating more broadly to release notes.

Let's talk about feature management, I just mentioned that, but we want to go into a little bit more detail here and give you a demo. So how many of you have had actually tried to turn on an early access feature by calling support? Alright, you probably know what that experience was like, it wasn't pretty in some cases, you had to call support, you had to convince your CSM to turn it on for you or get someone to turn it on, and you might not have been in enabled to the feature. That was a bad experience, and we wanted to change that and give you more control to turn on early access features. 

We've done just that in that we have what we called the Future Manager available in OKTA Admin. This is a feature manager that exposes new EA features where super org admins can actually turn on and make available in their org. These are all on the product roadmap as well in the respective early access features state, so you don't have to call support, you just have to click a button and that's what I'm going to demo to you now. 

Speaker 1: Why are not all the features available?

Tom Witczek: We'll take questions at the end, thank you.

Alright, so if you recall, I looked at application instance administration, I'm logged into my org, and you can see early access features here. I see the same application instance in administration feature, the same description, it's as simple as clicking edit, turning on app instance administration, clicking save, and now I have app instance in administration for my app. That's a very close loop experience where you can actually go in, click a feature in the roadmap and actually turn it on for your org if it's available for your org.

What's next for feature management? Similar to subscriptions overall, that's another theme we want to be driving for admins, being able to not just self-serve, but automatically get the information that's relevant to Okta admins. So we want to enable Okta Admins to opt into all early access features so that they can actually receive all early access features as they become available for their org based on what products they have. So meaning, you'll have an opt in flag in Okta Admin where you can opt in to all EA features. So if you have a test org or you want to see all the best and brightest, and you're an early adopter, you can do so with this feature. 

Going forward in the longer term product roadmap for this feature, we want to enable the concept of product trials. For example, if you don't have MFA, if you don't have Life Cycle Management, we want to enable you to discover and try new Okta products and features directly in your org free for 30 days. And longer term, on the longer term roadmap for this, is managing not only products but also GA features, as well as potentially beta features in the future. So we're investigating ways to even bring more features to you as an Okta Admin. It's a pretty robust roadmap there. 

So let's talk about our second theme, Granular Secure Administration, so improving efficiency and security through targeted delegation and policies. We've delivered a whole host of features here, approximately 4,000 community votes worth of features. We've delivered new admin roles and permissions. We've talked about app instance administration, so I'll demo that momentarily. So allowing you to selectively scope and app admin to a single app instance, so that's going to unlock new use cases where you have distributed teams and single instances of apps. For example, if you're an AWS shop, you've got a regional team in US East, US West, you can actually segregate app administration details to each of those groups. 

We've delivered MFA for admins as well, which will be an EA feature going forward so that you can increase your security posture within Okta Admin and require MFA for admins logging into Okta Admin and more granular control over emails. So being able to selectively configure emails by admin roles. For example, if you don't want your app admin role to receive user lock outs, etc., you can turn that off for all app admins. Think about it as an email template per admin role. 

So let's get into app instance and administration. I'll give you a quick demo of what that looks like. So remember, I saw this in the product roadmap, I turned it on in early access feature management, and now I have it available for my org. So I'm already logged into the administrator section, security administrators in my org, and I need an app admin to manage a singular set of apps. So I'm going to go click Add Administrator, going to add Mr. Admin, and I'm going to make sure I select the right app administrator role. The key with this feature is to scope and bind the app instance to this application administrator. So we've updated the app picker here to search not only app types, meaning all types and instances of a particular app, but the unique instances themselves. 

So I want this administrator to effectively manage Salesforce.com. I know I have multiple instances here. It looks like I have SFDC1, SFDC2. I'm going to give them SFDC1, but I also want him to manage all of Office 365 app. So if I search for Office 365, I'll see a bunch of things pop up, two instances of Office 365. And I also have all Office 365 apps. So I'm going to click this, and now you can see that I've not only bound all Office 365 apps to this app administrator, but also this specific FSDC app instance. So I'm going to click add, and now I have an app administrator that can administer all Office 365 apps and the singular FSDC instance. So, again, this unlocks a ton of new use cases, and this will also work for OIDC app. So if you're customizing apps, whether they're SAML or OIDC, you can have an app admin own that concrete label. So that was app instance administration, so great feature there. 

We have a pretty robust granular administration roadmap split across a couple key phases. We're really taking a step back in rethinking admin lifecycle management and the entire user experience for managing admins. We've received a ton of feedback from admins such as yourselves with respect to the difficulty of managing and onboarding admins en-masse. Meaning if I have an AD group with 100 help desk admins that's AD mastered, and I want to bring it into Okta and assign a role to that group, I can't do that. I have to do it one-sy, two-sy, and it's very painful. So we want to be able to streamline that and extend that to other parts of Okta such as group membership roles. So we have a streamlined solution to solve that problem. So we're working through that among other UX changes, which I'll give you a quick preview of here. So built in groups, scheduled onboarding and off boarding, etc. 

One other area we're focusing on is admin security, so being able to audit, pull information, and actually see who last accessed the admin app, but what role, and what roles and permission generally admins have within the system. So that's going to be important for IT audits and the like. Going forward on our longer term roadmap, we're really focused on bringing Okta Admin into Okta as a managed app. So just like any other OIN app, when you first create your org, you'll see Okta Admin as an app that you can configure. So more robust configuration and granular configuration of rules, policies, etc., as well as based on built in admin groups that you're onboarding with rolled in group assignment to have a more robust security posture on who and when admins can access Okta Admin. So a great long term roadmap there. 

I think the thing that everyone in this room has hopefully been waiting for on a long-term roadmap is going to be the concept of a role builder. So we've been busy working on expanding our out of box roles and permissions, and we want to build a tool to enable you to extend those and customize those to your unique needs and workflows. So that's on the long term roadmap so that you can actually have more granular control over roles and permissions as you need them. So this is a quick preview of Okta Admin and the screen and security administrators. You can see we're referencing a couple concepts in here like built in admin groups that leverage rolled a group assignment. So AD sync app admins, for example, they're granted an application as well, two apps, for example. You can sort and filter. You can export as well as search and generally better find admins that you're looking for. 

So I want to cap off this first part of the discussion around how we're rethinking the admin experience all up. So modernizing our administration experience across desktop and mobile. We're doing that across a couple of ways. A new admin experience all up, which I'll give you a quick preview of in a moment ... So new visual design, new look and feel, and improved cross product workflows so that you can quickly and efficiently accomplish day to day tasks without really clicking too many times. And I mentioned trust incident emails. I mentioned product roadmap updates and notifications. We want to be able to streamline all of that and more into a centralized channel. 

We know, as admins, you're bombarded with information from the system and other systems, so you want a clean way to segregate what you need to do next within all your systems. We want to do that within Okta, so you have a standard place to see all information coming within Okta. We're calling that the Admin Inbox. And, again, similar to the other themes, we want to extend all of this to mobile. So when you're out on the go, you're on your mobile device as a tier one help desk admin, you can actually go and reset passwords, reset MFA, reset or rather unlock users. 

So these are some concepts with respect to what we showed at Oktane 17. You may have seen these if you went to the UX booth, but I wanted to show these again here so that you can see how we're thinking about evolving the admin experience going forward. We have a new dashboard, new navigation, and we're surfacing more information on the dashboard that's relevant to you, contextual as based on your configuration in the org and what you need to accomplish as an admin in particular tasks. For example, John Doe is locked out; we want you to unlock him. We're going to tell you that. We're also evolving in-app trust and in-app health metrics. We want to deliver telemetry and surface that through the dashboard so that you know exactly what's happening and what you need to do. So in this case, we have two security issues, but thankfully Okta is up and all your agents are up. So in this case, we would be able to expose trust incident information directly here on a per-one basis within the Okta Admin app. 

And I mentioned Okta Admin inbox. Think about product roadmap updates, think about trust incident updates going through one central inbox within Okta so that you can actually sort and filter by what you need to do as an Okta admin directly within the inbox. Again, this is forward looking. We're working through usability testing and new user experience design with the UX team. Hopefully by next year at Oktane 18, we'll have a full suite of at least demo, but hopefully we're going to be working towards refining that experience. 

I know we covered a lot in 20 minutes. We covered streamlining feature and service experience. I talked a little bit about the trust site dashboard, the trust incident emails, the new mobile dashboard ... We talked about the product roadmaps, so go check that out. We talked about the feature manager. We talked about app instance administration. We turned that on and configured in app admin. We talked a little bit about role group assignment with respect to the longer term roadmap for granular secure administration. I gave you a sneak peek as to what's to come with respect to the admin experience as a whole. So I'm going to turn it over to Talia. She's going to talk you through admin success resources that are available for you on the help center. Talia?

Talia: Thank you, Tom. Tom covered a lot of really great current and future admin content, and some of you might be wondering how do I get to this? Do I have to remember all these URLs? Do I have to know where the stuff is? Well, I myself am not an admin. In fact, I just know enough to be dangerous, but not enough to be trusted probably. My history or my career has been in project management, and I had really great theoretical training as a PM in college, but no true applicational abilities when I got out. And then I get hired for my very first project management position in an IT consulting firm. And I'm told I'm going to be managing IT projects with a bunch of experts who have been in the field for decades, and they took one look at me and then looked at my boss, and in my presence said, "Seriously?" Which I couldn't blame them, because here I am going to run this hundreds of thousands of dollars of project, or ultimately millions of dollars of projects, and they can't trust me, and they're totally justified.

So, I went home and cried a little, and then I decided that wasn't going to be a good long-term strategy. So I started looking in my community, and I found a really great organization called PMI, Project Management Institute, and they have local opportunities where I could go and talk to IT project managers who have done this, who know what I'm going through, and who can give me a lot of the things I need to give my team faith in me, which is what I definitely need to do this job and not fall on my face. 

So I started hanging out with a lot of these mentors. I started looking at their community online and finding a lot of documentation, a lot of books, a lot of really wonderful content that I didn't have to learn the hard way at the expense of my extremely talented teams. And this community really built my ability to understand IT to a point where a decade later, almost, I'm still in IT, even though when I started I didn't know what www stood for. So the great thing I love about Okta is I didn't realize that, as a project manager and having this kind of field for digging into my community and leveraging the things around me, that what I really was doing was adoption, which is how I become an adoption program manager for Okta. And the community or the Okta help center is a big part of what we do and what we focus on, because that's our number one way to get to you and make your life easier. 

So I'm going to cover a little bit about why you should visit the help center. And we know that one other thing from working with a lot of IT groups is they come to me, and we have these great projects, and we're ready to deploy, and no one has said anything to the end users. And we're deploying tomorrow. And I'm like, well, where is that person? They don't exist, because everyone thinks the admin will do that. I didn't know that when I started, but I know that now. So one thing we'll cover also is end user materials and preparations, since I know a lot of admins struggle with this or are expected to just do this. Or that, when you hand them something, the end users are magically going to be like, "Yes, I want to do this today for you, which I didn't expect to have to do, and I have no problem with it." Smile. I hear you laughing. I was not laughing when it happened to us.

And last I'm going to cover some training and becoming an Okta expert, because you go through all of this effort, you're a great admin, you have a great environment, you know so much about this product, and there might be a little extra perk in it for you other than being excellent at your job and people thinking that this is just all magic that happens. So let's talk about why visit that help center. Tom covered a ton of stuff, trust, roadmap, API ... He covered a lot of things. You don't have to remember where to go for all of these things, because they're all here in the help center. So you come there, you click a button, you're in the roadmap. You click a button, you're at betas. You click a button, you're in the trust environment. 

So it's really just accessible for you guys. And that's not all that's in there. Documentation is in there. Questions ... You can ask a question. You guys could answer questions as admins who have likely and perhaps more knowledge even than we do. Sometimes we come to Oktane and talk to admins, and we're like, "You guys are doing this stuff?" It would be cool to have some questions in there and see what your answers are. Or you guys could submit ideas. I don't know if you can see it all the way in the back, but there are little gold dings on a lot of Tom's slides ...

Talia: See it all the way in the back, but there were a little gold bings on a lot of Tom's slides. And they said 1,000 points, 750 points, and what that's referring to are our ideas. One theme I've heard a lot over my time at Oktane from almost anybody I talk to is they say, one thing they love is how much Okta asks them about their feedback. And it seems like we're really listening. Well, it's not just seeming like we're really listening, we really are listening because we deliver at 31% at this moment of all up voted ideas. They've either on the road map right now or they're already available. So you guys are building our product and it's not by accident. Sure. I'm in customer first. So obviously I put the customer first. That's my job, but it's technically all of Okta's job because Todd and Freddy have made it very clear, customer success is all of our number one goal. 

So listening to you is one way that we do that. Getting in there putting in new ideas, up voting ideas, going into discussion boards and being like, "Hey guys, I think this idea is awesome. Do you guys? Can you up vote this?" This is how you guys build our product and help us make sure that we are still capable for you. Because business changes every day. One thing we know in IT is almost no day is the same as the other. And if that's not enough, if you're still thinking, I don't know, Talia, this sounds like you just are filled with hot air. Well our help center, which is up behind me has had a lot of feedback given by our admins. We don't love this UI design, not very good use of white space. Way Too many options across the front menu bar which you might not be able to see here, but hopefully visited the help center at [email protected], and you know that this is just not the best UI. This is changing. In the next few months if you keep an eye out and you come, you're going to see a brand new UI based on all the feedback you guys have given us. Because we want to make consistent changes that makes sense for you and that make you guys more efficient and effective in your day to day jobs. 

So I'm going to talk a little bit about that end user material and preparation for a second, which is also in the help center in case you're wondering where it's at. So end users, when they start to hear about a new product, the first thing they think of is, I don't need this, which isn't necessarily true. It could be exactly what they've been asking for, but they don't want to deal with it because they're busy today. So we suggest that the way to deal with end users is to start early because they're going through stages of grief when you give them something, even if it is something they want. So they need time to get through all of these phases because they're not going to do it in like an hour on deployment day. So communicate early. When you're starting a deployment on anything Okta or not, it's really important to start talking to them in advance. That gives them time to think, I don't need this. I don't want this. Okay, fine. I'll click this link. Oh, that video was cool, but I still don't think I need it. Okay, maybe I'll take it. Create that collateral, give them a status update. This is coming. Here's the launch date. It's launch day today. Please do this. Hey, you haven't done this yet, and build that awareness. 

Why is it important for them? Why do they care at all about this? Why are you inflicting them with this? So don't forget your secret weapon. We have a toolkit that has a lot of this content, prebuilt emails that you can modify and customize to your company and send without having to build them yourself. Posters, FAQ's, this stuff is already there, How-To docs. I always suggest to admins to create an internal Wiki page that you can provide them a link to and have all this loaded out there where they can self-serve themselves. They don't have to remember where that email or that printout is and then if they still have a question, you can have a button for okay submit a ticket.

So we covered a lot of things, but now let's get into a perk for you. Our training staff is excellent. I've heard a lot of people mention a number of them throughout the conference and we have a lot of basic free training that is just great to build a solid foundation, but then we have great hands on training. You need to do something customizable, you need to do something that is harder than what's available, our hands on training can literally answer all questions necessary. And they're experts and they can do almost anything in Okta that you need them to, so it's a great opportunity for companies to build exactly what's going to work for them. Then once you're through all that, you might as well do something for yourself. 

Okta certifications do not just show that you're great at what you do and that you know what you do, they actually are rated among the top certifications in IT that boost salary. So not only are you certified so it looks like to your company, you're great at your job, but also looks to the market that you're excellent at this job, but then it helps you out in the long run because it's a perk for your overall career and your overall improvement on salary, which I'm, I'm assuming no one's like, "God I get paid too much."

So definitely check those out. We've got booths in the hub all about this stuff. Help center pod, the education services pod. Our teams are here and ready to help you guys. So we covered a lot of things here today regarding the roadmap and trust and how you access all of this material on Okta help center. So be sure to leverage that opportunity. We provided a really good content and element for you guys to tackle that end user adoption, which sometimes can be that one kink in your chain that you just didn't expect to happen because you thought for sure they would love this. And then put that knowledge to really good use. Go through all of this effort and then just get that certification so that you guys have that extra perk for yourselves. And with that I'd like to ask Tom to rejoin me on stage and thank all of you for your time today, and we have a few minutes to go ahead and open up for questions. 

Speaker 2: And please do fill out your surveys. We'd like to know how you feel about the session. 

Talia: Yes. 

Barb: Hi, I'm Barb and thank you for the presentation, it was really enjoyable and lots of good stuff. Lots of good things that were needed. So I'm excited to get all of that stuff. The question I had was the note that you had on the EA slide, where it said not everything is you know early access and, and self-serve. I was just wondering, like for example this week I had to open up a case to have something enabled and we were entitled for it and stuff. So, I was just wondering how come some things are self-serve and some things aren't? 

Tom Witczek: Yup. Great question. And can you guys all hear me? Is my mic back on? Okay, great. So not all EA features are available yet in the feature manager. So we're going to be rolling out a lot more EA features as they become available in EA as well as for your orgs. Some EA features have, I would say specific configuration, that are required. Some EA features have other dependent features, whereby there's a little bit more onboarding and configuration for those features. So, we've selected the features that you can yourselves as admins click on in the first round, and then later on we're going to be introducing more of the more complex features that you can self-service. So you should expect to see more and more early access features available there. 

Barb: Fantastic thank you.

Tom Witczek: Yep, you're welcome. 

Speaker 3: So is that feature manager going to be enabled by default or we have to have support to turn on the feature manager?

Tom Witczek: Yeah, most orgs have the feature manager and we're going to be rolling that out to GA to all orgs in the coming weeks. If you don't have it for some reason for your org, go ahead and ask support and file a case to get that turned on. Good question. But yeah, we want to roll this out to everyone. 

Speaker 4: Is delegated group management on the roadmap anywhere in conversations?

Tom Witczek: Sure maybe describe your use case a little bit more and I can hopefully answer that.

Speaker 4: We create a group and we're going to delegate who can add people and remove people from that group. 

Tom Witczek: Yeah. So we have our group administrator today. So you can actually control scoping a group admin to a particular group. 

Speaker 4: Yeah, not that.

Tom Witczek: Okay.

Speaker 4: Not what you have right now because that's a group of people-

Tom Witczek: Yes.

Speaker 4: Giving them full administration over those people. 

Tom Witczek: Yes.

Speaker 4: It's just the membership of a group-

Tom Witczek: Okay.

Speaker 4: Is what you don't have. 

Tom Witczek: Let me maybe follow up with you offline and we can drill into your use case a little bit more further. 

Alright what other questions you guys have?

Speaker 5: So as a partner, uh, we do a lot of setups for customers etc. Is there a way to roll out a lot of features or see which features you already have on? Because these are the things that we can copy. So I know that this customer has this set up and it's going to be something as for that customer.

Tom Witczek: Yup.

Speaker 5: I just want to have tick, tick, tick.

Tom Witczek: Exactly.

Speaker 5: All these features on instead of looking back into all the support questions I had and reading back and seeing what I had turned on before. 

Tom Witczek: Yeah. A longer term in the longer term feature management roadmap, we want to be able to surface all features that are available for an org so that you can do a quick comparison. Say you're rolling out from a sandbox to your production configuration. You want to be able to mimic exactly that configuration. So we want to make that at least visible in the near term and then portable in the future so that you can actually move a configuration from one environment to another. That's a very much longer term. But we are thinking about that and we do have customers and partners like yourselves with that use case. 

Barb: Me Again. So if I missed it I apologize, but one thing I wanted to ask is, is it in the roadmap or can you explain why when a user who has admin permissions is terminated so they're deactivated, why they still show up in the admin panel? So like for us, we get audited and so I have to go in there and make sure that all of that is 100% legit before I let the auditors and you know, that whole thing. So I just wondered if you could talk about that please. 

Tom Witczek: Yeah sure. Yeah. So we're going to work to fix that, with scheduled onboarding and off boarding of admin users. So yes, you can deactivate the user however they still have technically admin roles as well as their permissions associated with that role. While the deactivated user covers, access, we still want to make sure that we're closing the loop there. So we're going to resolve that in the near future with respect to that second phase admin security. 

Barb: Great. 

Speaker 2: Think we can take one last question. 

Tom Witczek: Can I make it two?

Speaker 6: For the audit I have an audit-

Tom Witczek: Yes. 

Speaker 6: Will things like policy change, adding admin's show up in the system log at some point?

Tom Witczek: There are some administrative changes that are internal to Okta that we track. There are some also administrative changes with respect to events being surfaced in the [00:41:33] log. In general the posture I'm taking is let's surface more in the [00:41:38] log so that we can actually have broader transparency and traceability of admin actions within the app. So yeah, that's, that's definitely something I'm thinking about.

Speaker 6: And how has the new app instance administrator different from the existing app administrator? 

Tom Witczek: So the key difference there is you couldn't scope and bind an app instance to an app administrator. You could only search for the app class or app type. So for example, if you had three instances of Office 365 or whatever other app, you would only be able to search for all of those apps and they would have access to administer all of those apps versus discrete instances. So if your custom Dev shop, you have an OIDC app, you won't be able to use the legacy app administrator for that purpose and that's why we went the direction of app instance administration. It also unlocks the use case with respect to, like I mentioned, if you're like an AWS shop, you've got multiple regional instances and you want to segregate duties across those unique instances. You can bind that app Admin to that unique instance. Does that answer your question? Cool. We have got two minutes. Any other questions? I saw in the front maybe? No.

Speaker 7: Guess I don't need a mic.

Tom Witczek: I'll rephrase it.

Speaker 7: Never seen it for some reason, is there on the roadmap of PowerShell administration functionality? 

Tom Witczek: Yeah. So, the question was, is there on the roadmap a PowerShell like functionality? Similar to the other question the gentleman asked around the configuration and moving configuration to environments, we might take that approach in terms of having, I would say API coverage to make sure that you can make configuration portable. Not directly within PowerShell, but we're looking to make configuration and setup in org bootstrapping a little bit easier from an API perspective. Alright, we can sneak in one more question. Go ahead. 

Speaker 8: On application assignments [crosstalk 00:43:40] is there a reason why native apps are not allowed to be self-service? 

Tom Witczek: I'll tackle both of those questions with you offline and then we can talk through those individually. Cool. Well thanks again everyone. Really appreciate your attention and if you have any other questions, feel free to come up to the stage. 

Talia: Enjoy the rest of Oktane.


If you're an IT Admin that is curious about our new Delegated Admin feature, the public roadmpa, community resouces, and trust enhancements, this is the presentation for you! Watch as Okta Product Management and Customer First team up to discuss the resouces available to make you better at what you're doing.

Talia Jackson, Senior Adoption Program Manager, Okta
Tom Witczak, Director of Product Management, Okta