Oktane18 Welcome Keynote
Speaker 1: In the beginning, our digital identities were like babies. They couldn't do much besides look cute. As our identities grew, they acquired new talents from improved anonymity to networking capabilities, and that gave us new power. The power to protest, the power to explore and share fun stupid things that we're not going to want to be associated with in a few years. Now our digital identities are in the awkward teenage years. Let's be honest, teens are challenging. Our adolescent digital selves are causing problems from catfishing to hacking and bullying by groups who can't be tracked. It's time for our digital identities to outgrow their infancy, and reveal their strength.
Speaker 1: The strength to defend ourselves and protect what we love, to go beyond our digital isolation and safely interact with people. The strength to connect everything and use technology for good. Our success as a species hinges on our ability to know who we are, because to control our identity is to control our destiny, and that comes down to you. You are part of the identity revolution. Welcome to the challenge and opportunity of our time. Welcome to Oktane18.
Speaker 2: Ladies and gentlemen, please welcome Okta's Chief Marketing Officer, Ryan Carlson.
Ryan Carlson.: Welcome, welcome to Oktane18. We are so excited that you are here. We're so proud of what we have to show you. We can't wait for you to see it all of this year. There's nearly 4,000 of you in the audience, and it is more clear than ever before that Oktane is an industry wide event. That happens in no small part, because identity is bigger than it's ever been before. We think that opening video captures it well. Identity in the digital age affects all of our lives in so many ways, and we believe that we have the power to evolve digital identities in a responsible way. So much work goes into creating an event like Oktane18, but it's not work that we do alone. We are very fortunate and lucky to have the largest group of sponsors we've ever had for Oktane, headlined by our Titanium sponsors and close friends at Box. Please join me in giving a round of applause for all of our sponsors.
Ryan Carlson.: Every year, we have a theme for Oktane, and this year our theme is beyond. It's meant to be a rallying cry, a call of action to go beyond the status quo. To go beyond what you've done before, to go beyond expectations. We certainly feel like we've done that with Oktane. Record number of exhibitors and breakout sessions in labs, 60 presentations by you, our customers and 17 keynote speakers. So that's Oktane by the numbers, but let me give you a taste for what you can expect. Later this morning, you hear an inspirational story from Aimee Mullins. We have killer product announcements, what we think are game changing partnership announcements. Tomorrow on this stage, we're going to be giving away a Tesla. That's right, a Tesla. Then of course later this afternoon on this stage, we're going to be joined by President Barack Obama. We certainly believe we've gone beyond with Oktane this year.
Ryan Carlson.: When I think about beyond, I can't help but think about our first keynote speaker. Nobody exemplifies beyond more than this person in my mind, always pursuing self improvement relentlessly. Inspiring all of us at Okta to go beyond what we thought was possible, to do more than we thought was possible, and I know we're all better for it. With that, please join me in welcoming to the stage our CEO and co-founder, Todd McKinnon. Todd.
Todd McKinnon: When we started Okta, many people told us that identity wasn't a good problem to focus on if you're going to start a company. They said it's not big enough. There's never been a successful identity company, and I'm sure glad we didn't listen to them. We followed our instincts, and we've proven that together we can build a successful identity company. Today when I look at the world, I see a similar pattern. Identity is still underappreciated. People don't realize the challenges that it presents us. In fact, I would say identity is the challenge of our time. I recently did a couple things that seemed simple. I moved, so I got a new address and I changed my credit card. So I did what everyone would do when hey have this experience, they start to connect to all the websites and mobile apps and services that use your information. You chuckle, you sound like you've had a similar experience.
Todd McKinnon: I stopped counting at 60 different sites and services that I had to update my information, all with different logins, different password. The experience was really frustrating. Let's put it this way, it wasn't productive. This is an identity challenge. Why are these services not integrated? Why are they connected? Why is there so much friction involved? Beyond that, think about the problem of identity theft. What is that really? Well, when simple leaks of personal data can lead to financial ruin, people are scared of this. It's incredibly painful for people. Why is that? Well, it's an identity challenge. Why can you take simple personal data like a social security number, and impersonate someone for a credit card or mortgage? Why is that possible? That's an identity challenge. Even beyond that, everyone knows what happened in the recent elections where the impact of bots and trolls and social media really makes us all rethink democracy, and the impact that technology has on it. That's an identity problem.
Todd McKinnon: If you don't know who these people are online, you don't know what their biases are and what they're influencing. So we're all spending billions and billions of dollars trying to balance, putting more online and investing more in technology while at the same time, making it more secure and reliable. The biggest issue here is that confidence in technology is being eroded. For the first time, many people are doubting the potential of technology and I think that's a real shame. I think it's a risk, what we're at risk for is missing out on innovation and how technology can be used for good. So while it impacts everyone in the world, identity is our responsibility. It's a good looking group right there. You thought you were going to have to look at me all day on the monitor. 4,000 of the preeminent identity thinkers in the world, and it's up to us to get this right.
Todd McKinnon: We can solve this challenge of our time and we have the platform, we have the ecosystem. We have the connections, we have the expertise. It's an exciting challenge and I know we're up for it. Our vision is to enable any organization to use any technology. We didn't start out as an identity company. It was about enabling technology. It wasn't about identity management or even about security. This key concept of enablement and removing barriers, removing friction, and that's how we think about customer success. It's how we think about our products, our markets, and the businesses we go into. With so much technology in this relentless, almost dizzy in pace of innovation, the potential is amazing. So much technology that you can connect to literally every person on the planet to move your business forward, but what gets in the way is this friction, this middle complexity that ties it all up and impede your progress.
Todd McKinnon: The best way to accomplish our vision, to enable any organization to use any technology is to connect everything. Not just at a network level, but at a deep integration level. Turning this array of technology into one seamless integrated web that serves your purposes. So how you find things, how you access things, how you manage them, how you secure. It doesn't seem like disintegrated technology, it's all one integrated whole. It's not just a point in time. Technology is changing, so it needs to be connected today and continuously in the future. It needs to be future proof. To do this, you have to have a center of gravity. You have a lot of technology, people and complexity. You have to have a center of gravity with which to manage this. For us, and the only right way to do it is to have that center of gravity be identity. So that's why we built the Okta Identity Cloud.
Todd McKinnon: It's the first and only independent and neutral cloud platform for identity. The words were chosen carefully here, independent. So it's an independent platform. It's not part of other platforms, and this is new in this wave of technology. In every previous generation identity was embedded in other platforms, but in this wave, it has to be an independent platform. Platform in the sense that it has to support multiple products on top of it. It has to be flexible and configurable, and you have to be able to develop integrations to everything in your ecosystem. It needs to connect everything and support many use cases. Needs to simplify and remove friction, because if the Identity Cloud can understand who someone is, it can provide them the most secure, seamless technology experience possible. So the foundation of the identity cloud is the Okta Integration Network. It's the most comprehensive catalog of integrations by far in the industry.
Todd McKinnon: Not only the broadest, but it's the deepest. To do this, this neutral approach is required. If you really want to connect to everything in your environment, everything you want to use today and tomorrow, neutrality is important. People talk about is it a best of breed world, or is it a sweet world as if it's a choice. As if there's one company that you could buy everything from. All the computers, all the devices, all the phones, all the networks, all the switches, all the applications, all the services, all the platforms, all the developer tools. It's just impossible. So it's a best of breed world, not by choice, but by necessity. We believe in that world and we live in that world. It's different than our competition. Companies like Microsoft, they want you use Office 365, they want you use Dynamic CRM, OneDrive.
Todd McKinnon: They don't want to use Box or Google Apps and Salesforce. It's just not their motivation. We don't have a horse in the race. We want you to use the technology that's going to make you most successful. So this is our most important differentiator and every product we build, leverages these integrations to that effect. On top of that foundation is our core identity services. These are the things that every type of application, every type of identity tool or technology needs to leverage, and they're delivered on top of the OIN. Things like directories, directory storage, customizable schema, authentication server, translating tokens for different single sign on protocols. All the guts of what we do, authorization, user management, provisioning and deprovisioning, synchronization to keep it all working seamlessly together. These are packaged in two distinct sets of products. We have our IT products that are for any user in your entire extended enterprise. So employees, contractors, partners, anyone that you need to connect to those systems.
Todd McKinnon: Our IT products are for developers looking to embed identity into their applications as a component, and we have our API products for enterprises, which is for complex use cases, multiple applications. Last year at this conference, we introduced developer, which is to quickly get started with a POC. We have a ton of growth and momentum in the Identity Cloud. Over 4,000 organizations are connected now through the Identity Cloud. I love this number. A lot of people don't know this number. It's every day over four million unique business users access their technology through the Identity Cloud. It's amazing, and they access over 5,500 integrations, all packaged and configured. By the way, in order of magnitude more private and custom built integrations. So the breadth of the integrations is amazing, and it all adds up to an astounding number. In the last 12 months, we've done over eight billion authentications. What's most exciting to see about the Identity Cloud being used is this strategic role it plays in all of your environments, because if you think at where it sits in the ecosystem, it's squarely between all your people and all your technology.
Todd McKinnon: Whether that's employees to business applications, partners to portals, customers to customer websites, any technology, anyone in your environment needs to be productive. The Identity Cloud can make that happen, and with a foundation like this, it's not surprising that our customers are achieving amazing things. Like the folks at Nasdaq, who are modernizing IT in a world that's heterogeneous by design. Athenahealth is using the Identity Cloud to transform their customer experience by making sure it's personalized, engaging, and of course highly secure. Speaking of security, the folks at National Bank of Canada are using the Identity Cloud to secure their people and their data in environments it's radically different than it was before where the network was a security. They realized that people are the real perimeter, and that by using the Identity Cloud, they can extend that secure personalized experience all the to their end customers.
Todd McKinnon: While our products are helping our customers modernize IT, transform the customer experience and also secure their business, we're accelerating each of these values through a number of powerful network effects. The network effects are, they're very important because it's core to our story. I talked earlier that the Identity Cloud needs to be an independent and neutral cloud platform. Now every cloud conference you go to, the vendor will tell you that we're cloud and values of why they're cloud are the same things that's true for us. Like you don't have to manage and maintain the servers. That's lower cost of ownership. You can be delivered integration more quickly. Those things are all true, but it's important for us for another reason. We have to be a cloud platform because cloud platforms have network effects, and a network effect by definition is when something gets more valuable, the more people that use it. More value for more users, and we're definitely benefiting from this. It's powerful for all of us because we have an integration network effect. By that I mean the more customers we make successful, the more system software vendors build integrations to our platforms.
Todd McKinnon: Meaning the product gets better for all those customers, which means we can attract more customers, which means more integrations are built and that virtuous cycle continues. There's another network effect around security. So the more customers we make successful, the more threat information we see across the entire network, the more secure we can make the products, the more valuable products become, the more customers we attract, the more security information we see. So you can see this pattern. There's also one around data. The more data we gather about apps being used, the more we can package that back to you and give you better tools to help transform your customer experience. As you can imagine in the last year or so, I've spent a lot of time with investors. The conversation with investors goes as you probably would expect it to go in terms of the first part of it. It's like, so how big is your market? What part of that market do you have in terms of market share? How do your products address the needs?
Todd McKinnon: The question inevitably turns to competition and not competition today, but longterm competition. They want to invest in a company that's going to be successful over the long term. So it goes something like, "Todd, so we get this that you had this insight about identity when no one else had it. So you got this early lead and then you built this company and made it successful, but now some of the biggest companies in the world have identity products. Now how do you keep yourself differentiated and thriving longterm?" The answer is this, network effects because the big companies in the world last time I looked have a lot of money, and they can spend a lot of money to build features. Now what they don't understand is that building something like the Identity Cloud is a lot harder and it takes a lot longer, and takes a lot more focus than they realize. Even if they make progress on that, they won't have the network effects. They won't have the customer base, they won't have the motivation for people to build integrations to. They won't have the data, they won't have the security information.
Todd McKinnon: So it's a powerful concept and a key part of our story and as you can imagine, being so critical that we're innovating aggressively across the board to help you modernize IT, help you secure your business and help you transform your customer experience while at the same time accelerating these network affects all around this. So modernizing IT, modernizing IT means different things to different organizations. To some folks, it may be as simple as just allowing you to roll out more modern technology, more cloud in an easier more scalable way. For others, it may be just ease of use, general friction reduction. You want to make it easier for people to get things and be successful, or maybe around initiative for mergers and acquisitions. You want to buy companies and seamlessly integrate their technology quickly, and let the combined company get on with business. For us doing all of this stuff comes down to the Oktane Integration Network.
Todd McKinnon: It's by far, it's the core, it's the foundation of our service and we can only be as strong as the depth and the breadth of these integrations we offer. We take this situation and this part of our product and our strategy very seriously. Last year at Oktane if you were here, you remember we changed the game by the concept. Before it was all about applications, and how many applications did you support. We opened it up and said it's not just about applications, you have far many different types of technologies in your environment and applications. So the Okta Integration Network connects to 11 broad categories of integrations. Everything from HR systems to networks and VPNs, and of course applications and API access gateways, and application delivery controllers and everything that you might need to connect identity to which is everything. We talked about our partnership with ServiceNow, where we've worked closely with them to reinvent what it means to have security incident response, and a workflow around that.
Todd McKinnon: How we work with Palo Alto Network to unify cloud security with on-premise security or with F5 Networks, a great partner of ours that helps us address the deepest most complex on-prem identity challenges as easily as you do the modern cloud architectures. This year, I'm incredibly excited and it's incredibly important that we talk about how we're changing the game again in the OIN, by making it far more easy and more compelling than ever to build these integrations to Okta. So let's get started. We learned a long time ago that we had to have powerful tools to build integrations on our platform. We've talked about past innovation around the Application Integration Wizard, or the toolkits for the SAML and SCIM Protocol, and our software vendor portal which let software vendors directly log in, create, maintain and manage their own integrations. This is why by far, we lead in the number of SAML and SCIM provisionings, but we can do more here. We can make it far easier and more compelling for everyone in the integrations we provide. To do this, we're doing two things.
Todd McKinnon: The first is it's a very cool thing, and it's something that I'm incredibly thrilled that we're doing. It's called Sign In with Okta. Sign In with Okta is a toolkit. So it's a toolkit for software vendor partners to build integrations with Okta. It's different and better than previous toolkits, and for a couple of important reasons. It's based on a modern protocol called Open ID Connect. So by using this toolkit, you not only get connection and compliance with Okta, but any service that speaks Open ID Connect. So it's open. You also get the namesake of the capability, the Sign In with Okta button. The Sign In with Okta button is an easy way for end users to, as a software vendor, your website or your mobile app to use their Okta account to log in. You've seen this before. It's like a Google or Facebook have social life authentication. This is business authentication. This also enables something important which is a standardization of the end user workflow in both directions.
Todd McKinnon: What I mean by that is it's long been standard that you go to your Okta dashboard, you see your application icon, you click it and you're logged in. The same from a mobile app. You start from a mobile app, click the icon and login, but the workflow on the other direction wasn't standard. Different software vendors implement what it meant to start at their application, get logged in or leverage your existing session, and bounce back and forth and it led to inconsistent and confusing implementations and this standardizes that. So it's very clear. I mean who can't follow that? You go to the website or a mobile app, and as a Sign In with Okta button. You don't need instructions for that. It says Sign In with Okta. So you click it and it leverages your session, or creates a new session and you're in. It's a far better user experience and that's very important to us. Probably the most important thing for software vendors is that it takes a fraction of the time to implement this, compared to previous approaches.
Todd McKinnon: So because of all these benefits, we think that this is going to quickly take off in these standardized way to connect to Okta, but this isn't just about software vendors. You can use Sign In with Okta with every organization, because remember we're all technology companies. So this automates extended enterprise cross company collaboration. What do I mean by that? It's a fair bet that many of the partners and the other organizations in the world you want to collaborate with also use Okta. So you can use Sign In with Okta to let those other companies seamlessly log into your applications. For example, you may have a partner portal that you use Okta log in right now, and they have to log into an account there. This enables you to leverage their account, your partner company to log into Okta. Makes it far easier to manage, and removes that friction. Removes the barrier, makes it easier to collaborate, easier to use that technology. So we're raising the bar in terms of the value that software vendor partners and everyone gets by integrating with Okta.
Todd McKinnon: Now I want to talk about a brand new type of integration, that's very important to our longterm strategy. Okta has, when you think of an Okta integration, you think of really two benefits of that. There is the access, so allowing an end user to sign in simply and securely. Then there's the user management, which is like automating and integrating the management and the maintenance of your systems, but there's more we can do here. These are for the technologies that you already own. So you own a bunch of technology and then use Okta to manage and secure it, but what about the technologies you don't have? So we can do more, we can do more to help you discover that next great thing. Once you find it, we can make deploying it and getting value from that far easier than it is today. To do this, we're building Okta OnRamp. This completely redefines what it means and the value that software vendors get by integrating with Okta, and by extension, the value you get from these integrations.
Todd McKinnon: Let me explain a little bit about how this works. First, the discover part of Okta OnRamp. So we have a lot of very valuable data about the types of applications that are used by different types of companies, and how they are successful with those applications. We've presented it for years in our businesses at work report, and also our businesses that worked online dashboard. With OnRamp, we'll surface that information right inside the Okta Integration Network. So you get an informed recommendation on what applications you might want to use, based on real aggregate usage data. So for example, if you're looking for a collaboration application, Okta OnRamp can recommend, give you a curated, personalized list of applications based on what companies, your size and your stage that look like your profile and what kind of applications they've used and they've been successful with. So that's pretty amazing. It's more than just using reviews and talking to friends, which are valuable, but you actually get real data and real usage information and can be recommended directly to you.
Todd McKinnon: Then once you find that application, then deployment becomes far easier with OnRamp. So whether it's initial evaluation or trial set of users, deployment and roll out to those users is a seamless breeze, or when you're ready for the grand deployment or the big rollout, we can automate that by doing a scalable automated massive deployment of that application across your entire ecosystem. So you're probably looking at this and thinking about the implications for this and saying this is like Okta is taking the first steps to building an app store, or a marketplace. That is true, this may eventually turn into a full fledged marketplace or app store, but it will be different than any other app store or marketplace you're familiar with. You know why? The reason is because every other app store or marketplace is tied to that platform. It's great. You can use any application you want as long as it runs on that platform. This is different. This is independent neutral.
Todd McKinnon: This is the best technology across a vast array of technologies that are all chosen by like-minded people, that want to get the best out of the technology for them, not a certain platform. So it's far more powerful than other scenarios. Both the Sign In with Okta and the Okta OnRamp, there are other examples of these network effects. These network effects that are making it more valuable to build integrations to Okta, attracting more customers, attracting more integrations. At the end of the day, the result of this is to make it more valuable and helpful for you to modernize IT, so it's incredibly powerful. While we're building this platform, it takes a lot of collaboration and partnerships with the software vendor community. They have to build APIs for discovering and deploying their capabilities, and we're off to a great start. The logos you see up on the screens have already raised their hand, and committed to building and working with us on these integrations. If you look at the companies on this list, it's amazing. It's amazing list for something that has just been announced.
Todd McKinnon: Both Sign In with Okta and Okta OnRamp are in early stages of development. So you should expect to see them in Beta by the end of this year. Now we're going to hear from a couple of these partners. The first partner we're going to hear from is our good friends at Box.
Aaron Levie: Hello everyone at Oktane. I am Aaron Levie, CEO and co founder of Box. I'm incredibly excited and honored to introduce to the stage President Barack Obama. I thought we got the, I thought we talked to Todd about doing the President Obama intro.
Speaker 6: No, that's VMware.
Aaron Levie: VMware got that sponsorship level?
Speaker 6: Yeah.
Aaron Levie: Got it. We're incredibly excited to be a founding partner of project OnRamp. With Facebook workplace, Okta and others, we want to make it incredibly easy, seamless, and secure to be able to deploy best of breed applications in the cloud. That is how we're going to power a digital workplace in the future, and how we're going to help companies all around the world transform the way they work. So with that, take care and have a great event, and also make sure to enjoy President Obama later.
Todd McKinnon: It's great to be working with Aaron and the folks at Box on OnRamp. The next partner we're going to hear from is Workplace by Facebook. Workplace by Facebook has very quickly become one of the fastest growing collaboration applications in the Okta Integration Network, and we share a number of really important customers like Spotify and Diageo. We're really excited today because Workplace by Facebook is not just committed to support Okta OnRamp, but they've also committed to use Okta as the preferred identity provider to help their customers map the identities in Workplace by Facebook to the customer's on-premise directory in identity systems. So that's an important partnership on multiple levels. To talk about this and to get into it a little more detail, I'd like to welcome into this stage the VP of enterprise for Workplace by Facebook, please welcome Lesley Young.
Lesley Young: Hi, Todd.
Todd McKinnon: Nice to have you.
Lesley Young: It's great to be here.
Todd McKinnon: Thanks for coming. In case people just, I can't imagine they don't, but if someone doesn't know what Workplace by Facebook is, maybe just tell the group what it is.
Lesley Young: Sure. How many people here know what Workplace is? Great. I'm going to tell you. For those of you who don't, Workplace is a SAS collaboration and communication platform. It allows organizations to bring people together. What I mean by that is people who are globally around the world, not in the same place obviously. It enables them to take advantage of the best of the Facebook interface. What I mean by that is if you're familiar with News Feed, who's familiar with News Feed here? Okay, so imagine News Feed was feeding you information about what was happening in your company, or your industry, or your team. Or imagine that you were using Chat. How many of you use Chat? Yeah, so Chat is also incorporated into the platform, Workplace platform. So you can interact with your organization, with your team members and with other organizations using Workplace. I like to think of Workplace as the command center for your work life.
Todd McKinnon: Yeah, I should have raised my hand. I know what Chat is, and I know what News Feed is.
Lesley Young: Thank you.
Todd McKinnon: I'm in that crowd. So when you agree to come join us here, we told you about the theme. The theme of Oktane is beyond. What popped in your head when you said you're speaking at a conference that the theme is beyond?
Lesley Young: It's a really good question. It's part of the reason that I joined Workplace, which is this was awesome opportunity from the standpoint of looking at how do you bring consumer together with enterprise technology. So we're doing that. We're bringing the enterprise technology together with the best of Facebook in that interface, and as I said is the command center. So when I think about beyond, I think about what happens today. How many of you feel that your work life and the technology used in your work life is the same as the technology you use in your personal life? Not a lot of folks. So I think that's really what beyond is about. We think about it as better together. What that means is those things that you just take for granted in your personal life, like the fact that now if you check into a flight, you actually get asked if you want an Uber.
Lesley Young: We start to take those for granted, or you have technology that if you just talk to it, it takes care of things, then you go to work and the world changes. You sit down and you think, "Okay, I've got to go to my CRM application, I've got to go to my HR application," and these things don't work together. So you're traversing hundreds of applications during the day, and we just think there's a better way. That's really what beyond is about, is if we can get beyond the technology challenges that exist in organizations today, then we're going to make lives a lot easier for our employees as well as increase their productivity. So that's really, and I think what you're doing just takes that one step further from the standpoint of users will be identified and managed seamlessly, and it doesn't matter where they are.
Todd McKinnon: Yeah. Well, so we were launch partners last year. What have you seen? What have you heard from customers now that we're in the market for about a year?
Lesley Young: There's some really cool things. Well first of all, I think the fact that companies don't actually have to think about how they're managing and securing and identifying their employees, that it's happening in the background for them, and that they can actually interact with the application rather than thinking about that. Let's take an example, Oxfam. A great story. So Oxfam's a customer, both of ours like a number of other customers.
Todd McKinnon: In the UK, right?
Lesley Young: Yeah, exactly. This is something you would never expect to happen, but an Oxfam worker is in Africa, putting a pump in the ground to bring water to a community that has never had water. As he's doing that, the children come out around the village and they're trying to figure out what the heck he's doing, and then they see this water. He's so astounded by their reaction, we expect it every day. It happens, right? That's not what happens there in Africa in that small village. So he actually takes a video of the whole interaction, and he puts it up on the News Feed for Oxfam. The marketing department picks it up. It is the best example of why you should give to that organization.
Lesley Young: So with that kind of capability to have somebody who's geographically remote to have their authentication and their identity understood, and for them to be able to drop that into a single secure place that impacts what the company can then do, and then how they can communicate to their customers or the people that they're trying to bring on board, it's amazing. It just compresses the entire cycle.
Todd McKinnon: Yeah, Oxfam, it's an amazing organization. I always feel guilty when I go, I visited them a couple of times actually, and I'm thinking these people are bringing water to the most impoverished areas on the planet, and I'm up here selling identity.
Lesley Young: Exactly, right?
Todd McKinnon: I think I'm helping them, so I feel better about myself. Yes.
Lesley Young: You are. They couldn't be there and do that if you weren't doing what you're doing.
Todd McKinnon: The Okta OnRamp, let's talk about the partnership. What does the Okta OnRamp mean to you guys, and why are you excited about it and agree to support it?
Lesley Young: Well, I think just from a user perspective, one of the things that's been really great about having Okta in any form is the fact that if you're a user of Okta, you can actually go to the interface and figure out all the applications in your world, in your work world. If you're like me and you forget like what's the HR application, I know that I can go to the Okta login and there it is. This just makes that one step easier. Again, when we talk about going beyond, it's how do we actually remove the steps that enable us to take on technology, and OnRamp enables us to do that in the sense that the discoverability will start to push those applications to the forefront. For Workplace, that means that those applications that are going to show up in the Workplace interface and be use, and that is huge because it compresses the time to actually get productive. So we are super excited and honored to be one of the first on OnRamp partners.
Todd McKinnon: Yeah, we're excited as well. Then the other thing we're announcing is the partnership around Facebook using Okta to integrate the customer's directory services in the Workplace. So when you see in the field, why is that important to you?
Lesley Young: Well, most of it has to do with access and not having to think about that, and they don't have to take on that challenge. So it's built in, and I think that is going to make it easier for our customers who, the CIOs who are challenged with the multitude of different things that they have to think about. This is just again, one step that they don't have to think about, that they can just plug in.
Todd McKinnon: Yeah, they can focus on delivering that water.
Lesley Young: Yes, exactly.
Todd McKinnon: Any final thoughts for the group?
Lesley Young: No, just thanks for being here. I mean just-
Todd McKinnon: We're glad. It's great to have you. It's our honor.
Lesley Young: It's great to have an opportunity to actually talk to all of you for a couple minutes about Workplace, and congratulations on all your success.
Todd McKinnon: Thank you so much.
Lesley Young: All right.
Todd McKinnon: Lesley Young.
Lesley Young: Thank you.
Todd McKinnon: So we talked about our enhancements in the Okta Integration Network, along with the deeper integrations with companies like Facebook, and how it's helping you modernize IT. It's also accelerating this integration network effect I've talked about. The history of this is interesting. When we started Okta, we had this vision that we had to build this platform, this cloud platform that could enable this integration network effect, but we had this problem. The problem was we didn't have any customers, and no software vendor was going to come partner with us for the honor of then being able to reach zero customers. So we had to build all the integrations ourselves. We had the underlying platform, but it was a lot of effort to build all those integrations. We would get a few customers and build whatever integrations they wanted, then you get a few more and build, make them successful and build whatever integrations they wanted. Then over time, this network effect, this virtual cycle started to take hold to the point where software vendors were coming to us to build these integrations.
Todd McKinnon: It's good because the real benefit of this is it's the only way to really have the completely connected broad, deep integration portfolio. So it's our responsibility to continue to make that as easy as possible, and that's why we're investing in things like Okta OnRamp and Sign In with Facebook. Next up, let's talk about transforming your customer experience. Every company is a technology company. Every company has massive potential to use technology to enter new markets, build new products, new streams of business before your competitors do. You're doing that through a number of channels. Web, mobile, and the various other technology channels that will inevitably evolve. One thing that will be consistent is that the experience for your customers has to be secure, very personalized and highly engaging. Identity enables all of that. It's about your customers letting you know who they are. Once you know who they are, you can deliver that personalized experience that seems to just meet their needs intuitively, that's engaging and makes them successful.
Todd McKinnon: Of course it has to be secure, they have to trust the experience. So every customer facing experience requires authentication, authorization, things like user management. So every customer facing application requires an identity layer, and our Okta API products provide that layer. We have these products for both developers directly and complex enterprise scenarios, and we talked a little bit about that previously. This is an important area of our business, highly strategic for us and it's growing rapidly. We have a ton of momentum to share with you since last Oktane. We've signed 240 new customers for API products, great names, great companies, great organizations like Athenahealth, Mount Sinai, Emirates Airlines and JetBlue. We have over 33,000 developers using Okta to embed identity into their applications. So we're the market leader in this fast growing and dynamic market, so we're innovating quickly to stay ahead.
Todd McKinnon: We re-service this market with a couple additions of our product, and there's a continuum here. The developer products are really meant for quick POC, proofs of concept, where you need to find the service, trial it, buy it quickly. It's free for up to 1,000 monthly active users, and then there's a small charge after that. The other end of the continuum is our API products for enterprises, which is millions and millions of users supports unlimited users, complex enterprise scenarios, multiple applications. So what we've learned in this market is that we need a middle ground. Something like developer, like enterprise, perfect middle ground. What we're calling that is a new edition of our API products called Okta API products for one app. It's the same functionality as developer, but it has a price point that will enable it to scale up to millions and millions of user at more affordable level than enterprise.
Todd McKinnon: So it's features of developer, scalability of enterprise and it's probably the most important thing is it runs on robust production infrastructure, so you can have that rock solid Okta reliability. With these three entry points, developers doing a quick POC or proof of concept, to a deployed production scalable application for one app, all the way up to a complex enterprise scenario, we have you covered, but we're also taking this another level. We've taken a couple of important components from the API products for one app edition, and we are making them available for free if you include Okta branding. What this means is that if you want to get started quickly with just our sign in widget, let's you do a customizable, extensible robust sign and experience, you can do that. You can put Okta branding on it and do that for free. No charge. Unlimited number of users, production scalability, or if you want to use our multifactor authentication module, you can do that for free with the Okta branding, unlimited scale, unlimited enterprise class reliability.
Todd McKinnon: We have great partners doing this already in conjunction with this announcement, the folks at TechSoup are using the sign in widget, and the folks at Namely are using our multifactor authentication capability. So you might ask, why would we do this? Well, there's an important reason. You have to understand the dynamics of this market. This market is about customer identity, and developers building solutions to build better customer's experience. The competition per se in this market is build versus buy. To be successful in this important market, it's critical that we make it clear to every developer in the world, every organization in the world that there is a better choice here to buy this versus build it. To do that, you need flexibility and you have to remove all the barriers, whether it's price, whether it's different features, whether it's capabilities so you can get those entry points, make those developers successful. Over time, we're very confident whether it's one app or whether it's enterprise, they'll be successful in longterm partners of Okta.
Todd McKinnon: These are I think really important critical announcements to help us attack this important market. So whether you're modernizing IT, or whether you're securing or whether you're transforming your customer experience, in both cases it's incredibly critical that this is all done securely. Securing your business, and as identity and security really merged together into one category, we have a ton of stuff we're doing here that is important, is really going to move the ball forward in this arena. As I've talked at previous Oktanes, the conversation has been about something we've called contextual access management. What contextual access management is, is basically in legacy architectures, access management was static. You had to predefine everything. It wasn't aware of the context. It wasn't aware of the users, wasn't aware of the devices, the networks, the behavior. It didn't have a robust policy engine that could in real time evaluate the type of usage and the type of access that was required to make the right policy decision.
Todd McKinnon: So today, we're adding another important element to this mix. It's called Okta ThreatInsight. So we've long behind the scenes, identified malicious IP addresses and security threats to your environments, even no matter where they've originated across the entire Okta ecosystem, and we block those threats and protect you. As we've done this, what we've learned is that there's significant amount of IP addresses that look like they could be malicious, but it's not clear. They might be okay. It might be the person just is going to that geography for the first time. It's not an attack, it's just a legitimate use. We haven't really been able to do anything with these, we call them gray IP addresses. What ThreatInsights does is it exposes those set of gray IP addresses right down to you, and to your specific Okta policy engine so you can make the right decision based on your use case.
Todd McKinnon: So you can have a very permissive approach because of the application, or this scenario you're protecting and you can let that through, or you can have a very restrictive approach because it's highly sensitive, highly secure. You don't want to take the risk with these gray IP addresses. This is another example of a network effect, and this is a security network effect. It's about more threats, seeing more threats across the entire ecosystem, exposing that data directly back to you, letting you make your products and use case more valuable. So we provide value to more customers, we get more security information and that virtuous cycle continues. This is key to both, as you help your efforts to modernize IT and to transform your customer experience. It's only possible with a cloud architecture like Okta, but it also enables another exciting enhancements because with all this context, with this policy engine and with ThreatInsights, we're now able to do something incredible.
Todd McKinnon: We're able to eliminate passwords. Eliminate passwords completely. Everybody talks about this. In fact, you're all stunned. You're like, "What? That's not possible." I don't even know to clap or cry or walk out. I feel the same way, trust me. So everyone talks about eliminating passwords. Everyone knows that passwords are not a great solution. They're hard to use, hard to remember. This is well understood, not the most secure solution. When the conversation inevitably turns to biometrics, people think like if you have a retinal scanner, you have a touch ID on your phone, that's it. You got passwords removed, but that's only a small part of the equation. What you really need is you need a complete picture. You need all the context. So not just authentication factor, but you have to have device information. You have to have location, user behavior and the things we've talked about.
Todd McKinnon: You also have to have this robust access policy engine that can actually make these real time decisions when people are trying to connect the resources, and you need the integrations because your retinal scanner, or your Windows Hello, or your fingerprint doesn't help you if that's not connected to everything you want to access. So these are all required and because we have all these things, we're able to put it together and eliminate passwords. So what does this mean? It means that, really what it means is that inside of Okta, we've opened up the password whether the password is required or not, and exposed it to the policy engine. So now inside the policy engine, you can choose based on your scenario whether a password is required or not. For example, you may decide that if it's an enterprise issued laptop that's managed and the users logging in from the company network, they're approved to log in without a password. It can just be an Okta verify push is all that's required.
Todd McKinnon: This works not just in an enterprise employee scenarios, but also on your customer facing websites. You may decide that if a customer is logging into your website, you want to check the password on first login and then subsequent logins, it's okay to preserve that previous session and login. ThreatInsights and the new passwordless policy come with our existing adaptive multifactor authentication product. If you have that product, you can use this capabilities or we're introducing a new product called Adaptive Single Sign On which lets you do the same thing even if you're not using Okta for your MFA solution. It gives you a couple of great choices to make the right decision for you. So everything we've talked about, removing friction, enabling best of breed, all of these values require us to not only innovate and build the best platform and the best ecosystem, but also they require us to partner aggressively with the top companies in the world that share this vision, and can help us do that.
Todd McKinnon: That's why I'm so excited to talk about our next partnership. It's a game changer with one of the most important impactful companies in the world, and that's VMware. Oktane VMware share this common vision to enable any organization to use any technology. Today, we're announcing the big step forward here, which is integrating closely the Identity Cloud and VMware's Workspace ONE product in order to enable the next generation of digital workspaces. So here to talk about this, please join me in welcoming from VWware, Noah Wasmer.
Noah Wasmer: Hi, Todd.
Todd McKinnon: Noah.
Noah Wasmer: It's great to see you.
Todd McKinnon: Good to have you.
Noah Wasmer: Wow, what a fun time. We should break some bread.
Todd McKinnon: We should. You got bread or toast? Neither?
Noah Wasmer: Let's see. Let's see what we've got.
Todd McKinnon: Welcome to Oktane. Tell me about digital workspaces. I talked about our joint vision to enable the next generation of digital workspace. What does that mean to you?
Noah Wasmer: Yeah, well first off we are just so excited to be here. What a great partnership between VMware and Okta. One of the things that I think is so exciting about this is that as we see, as you heard from Facebook and you've heard from others, there is this real transformation in our consumer lives. Everything we've done has changed, how you communicate with Facebook. How you get music now from the cloud, how you communicate and share photos has changed entirely. Then as I think Facebook said, what has changed in our work life. Here what we've got to figure out is how do we empower our employees, our most valuable assets to get the information that they need at any time on any device, as you've been saying. That's what we see is to do this, we really need to rethink management and security. We need to bring this together in a very, very unique way, what we call modern management and it's just taking the market by storm.
Todd McKinnon: Yeah, that definitely resonates with us. When you get into the real customer deployments, what's the impact of this in terms of real examples and real proof points?
Noah Wasmer: First and foremost, we've seen customers embracing this modern management and mentality just overwhelmingly. They've started with usually iOS and android, but now it's really taking effect on Windows, on Mac, on Chromebooks. How they're starting to think about bringing together this unified management paradigm, but where it's really exciting and what we think is we hear customers talking about programmatic IT. Really the shift from traditional administration, really to now this automated process of delivering the right apps and services. On top of it, the best part is really how IT is now shifting to help the line of business, to help our frontline workers. Whether it's in healthcare, retail, manufacturing, our first responders, how do we get them the right apps and services? That's the impact is that our employees do feel empowered, and are getting this access.
Todd McKinnon: Yeah, it's amazing. I should say that there's different kinds of partnerships. Let's just say there's, how should I put this? There's marketing partnerships, there's PR partnerships, and then there's partnerships where engineers are working together to build stuff together and integrate stuff. I'm very excited that this is the kind of partnership we have. This is a real technology partnership. So from your perspective, what does that mean to you guys?
Noah Wasmer: Yeah, so I think we've been talking about it. This is a one plus one equals five moment for both of our companies. First and foremost, how many of you in this room already joined customers really telling us, work together, figure out how you can make these systems work together. We have best in class management, best in class services with Okta. How do we really leverage these two things together? I'll give you a couple of quick examples. The idea that you're talking about with contextual access, how do we take that really to give this really robust engine that Okta has built around identity and authentication, and really map it into what we're seeing on the device side? Can we do correlation of events in a brand new way, that really when we do that, we think we're just going to really transform the industry.
Noah Wasmer: There's one more area that I think is just so compelling is that ultimately, if you think about moving to this idea of automation, Okta has this great provisioning and deprovisioning of services. So imagine that as you choose applications that you can automatically create accounts, provision the native mobile application, provision the windows applications, provision the Mac applications, get that full end to end lifecycle delivered, man, that's incredibly impactful.
Todd McKinnon: Yeah, it's amazing. So if I'm an Okta customer, because I think there may be some here amongst us.
Noah Wasmer: Thank you. Thank you both.
Todd McKinnon: Why should I add Workspace ONE?
Noah Wasmer: Well first and foremost I think again it is the train has left the station that modern management is the way to go, and looking at how do we really bring together and weave together Okta and identity and the authentications deeply wedded into how we're doing device management, application provisioning, deployment, really giving that holistic experience. One of the things I would challenge all of you guys to do is go into the expo. We've completely flipped it from yesterday, so now you're going to see that integrated experience. What we've done for some of our great joint customers that are here in the room, and I also talk to your sales and account managers, really we're just so excited to show this often. Todd, this is just the beginning of what we're going to do together.
Todd McKinnon: Yeah, yeah. We have a lot more code to write, a lot more technology to integrate, a lot more work to do together in the field to make customers successful.
Noah Wasmer: In deed. Well, thank you again for having us.
Todd McKinnon: Yeah, thanks for being-
Noah Wasmer: It's such a great partnership. Thank you, Todd. Thank you.
Todd McKinnon: All right. Let's hear it for Noah Wasmer. We're getting close to the demo. I know you're all waiting for it. We've covered a lot of ground. So let's do a quick summary of all these areas of announcements before we jump in and see it in action. At the Okta Integration Network level, we're innovating with Sign In with Okta and Okta OnRamp to make it more valuable and simpler than ever to make integrations to Okta. On the API product side, we're really rounding out our portfolio with API products for one app. So we have everything from what a developer needs to be successful quickly, what a production instance of one app looks like, all the way up to complex enterprise scenarios. We're also making the sign in widget and multifactor authentication free with Okta branding, so we can fully round out our approach and reach every developer and application possible. There's really no excuse for anyone in this room that is building their own customer facing identity, building their own login form, maintaining their own password database, worrying about if they have their passwords stored securely, if they're assaulted, if they're hashed, if you're hashing assaulted.
Todd McKinnon: You don't have to worry about that. You can use Okta to take that burden off your plate, and focus on the task at hand with your business. We talked about eliminating passwords, and how we've opened up our access policy engine to make the right decision on whether a password is required or not, and bolstered with a new ThreatInsights capability, you can make the right decision based on your risk requirements. We talked about Adaptive Single Sign On, which is a new product which lets you get the passwordless policy, and the ThreatInsights capability, which you also get an adaptive multifactor even if you're not using Okta for MFA. Then finally, it's a breaking part, it's a impactful game changing partnership with VMware where we're coming together with an industry leader to help you choose best of breed, and remove all the friction from your environments. So now let's get the demo team out here to show us this all in action. Please welcome Joe and Teju.
Joe Diamond: Thanks, Todd. We're really excited this year to have the privilege of sharing this year's keynote demonstration with you. This is a little bit awkward. I'm already going to be meeting and ask you guys a question. Our Wifi has been having some issues today, so if everyone can take out their phones, turn off their Wifi, it'd be much appreciated. I don't see very many people doing it though. Come on guys. What excites me most about today's demonstration is how clear it is that identity has truly become the linchpin. There is no question. We all want to tap into the benefits of identity driven security, but we also want to make sure that we're not introducing authentication friction where that friction makes no sense. That's what we're here to show you today.
Joe Diamond: If you have a conversation with any security vendor, especially over the last 10, 15 years, they'll tell you that you can have one of these things. Security or usability, but you can't have both. We're going to show you that you can have both of these things. To kick off the demo, I'm going to be Joe and end user at Atko.
Teju S.: I'm Teju, an IT administrator at Atko, and we are a global construction company.
Joe Diamond: I'm going to start my day just like I do any other in my Okta dashboard. Let's go ahead and pull Gmail, and see what's awaiting in my inbox for me. So Todd, I'm not the only one. He's just getting off the stage. He's already sending me emails, and looks like he's got some more work for me to do. Let's go ahead and pull this up and see what he has in mind. It looks like he has an opportunity with a prospect.
Teju S.: Hold on, Joe. Before you click on anything in this email, I'm pretty sure it's not coming from Todd.
Joe Diamond: Teju, look at this. The email's right, URL with anchor text looks good and look at that mug. That's definitely Todd. Let's go ahead and pull this up in incognito mode, because I hear you about the security concerns. Incognito mode definitely keeps you safe. It's a total security best practice.
Teju S.: No, actually I don't think that's going to help you here.
Joe Diamond: All right, watch me fly, Teju. All right, so let's go ahead and pull this up. Joe Diamond, password 123. I was leveraged the best in security protocol. All right, so I got this file now. It looks completely legitimate, Teju. I'll have you know. Shit.
Teju S.: Joe, did you just get an MFA prompts by any chance?
Joe Diamond: I kind of did. I'm a little embarrassed. My pride is slightly damaged, and it looks like this authentication request is actually coming from Hong Kong. I'm going to go into neither request, Teju. You might want to take a look into it.
Teju S.: Man, it's always great to work with you Joe. I'm pretty sure you're just the subject of a targeted credential facing attack. The good thing is that we did have Okta ThreatInsight enabled on this org, so we were successfully able to mitigate that attack. Now before we get into Okta ThreatInsight, I want to take a look at some details on what actually happened with your login there. So I'm going to head over to our sys log. Now here I can see a few failed logins for actually not just your user account, but other employees here at Atko as well. If I look into the details on that attempt you just mentioned coming from Hong Kong, there's actually over 2,000 events just from that location. That seems odd to me because it's all happening in a pretty short time span.
Joe Diamond: It wasn't just me then.
Teju S.: It's not just you this time.
Joe Diamond: Feel slightly better.
Teju S.: Now Todd was just talking about Okta ThreatInsight, so let's take a look at what it takes to get that enabled in an org. I'm heading over to my sign-on policy here, and you can see I have a rule called Okta ThreatInsight. If I click on the details of that rule, the only thing that I need to do in order for this org to start checking against those suspicious IP addresses, is to check this box where it says suspected threat. So now what's happening in the background is that Okta is evaluating the billions of authentications across all Okta orgs and all Okta users, to help admins make an access decision. In this case, that was a prompt for MFA, just like the one that Joe just saw. After enabling Okta ThreatInsight, as an admin I realized it was important for me to understand the details on what's actually happening here, as a result of enabling that policy.
Teju S.: I was able to easily export all of that ThreatInsight data the Splunk via Okta's API. So here in our ThreatInsight dashboard, we can see the top applications that have been targeted by these suspicious IP addresses. As a result of enabling that ThreatInsight policy, we were able to identify over 16,000 threats to this org from all across the world, from the IP addresses that you see in the chart here. So now with all this information, I've decided that I want to protect access to my critical on-prime resources as well. So all I need to do now is click on this IP address, and that's going to write a rule to our Palo Alto Network firewall. Now you can see how with that rule, we can enable both protection at the authentication layer as well as at the network layer.
Teju S.: You can see that the great thing about the ThreatInsight data is that as an admin, I can really utilize it because while the data is unique to Okta, it's not confined to Okta, which means that I can enable both the detection and response across all of the important applications that I have in my ecosystem. Now Joe, we talked about Okta ThreatInsights, but do you remember that time when I told you not to click on that link in your email but you did it anyways?
Joe Diamond: It was two minutes ago. I remember, Teju.
Teju S.: Well, I think we both know that's not the first time that's happened to you actually. So I've decided that because of that, I don't really trust you with passwords anymore. So I'm going to help you out and just get rid of your password altogether.
Joe Diamond: Thanks, Teju.
Teju S.: I want to make sure I'm doing that in the most secure way possible, so I'm going to enable one more contextual access policy here, and that's behavior detection. Now when behavior detection is enabled, Okta pre-defines a few behaviors for you. That's device, geolocation and IP. Those are the ones that are the most important to us here at Atko. Now when I head back to my sign-on policy, I'm going to go back to that same rule we were looking at previously, and create a new one called changes in login patterns. I'll define device, IP, geolocation. So now what's happening is that Okta is looking for changes in one of these three behaviors every time a user logs in, and if Okta sees a change, the user is going to be prompted for a factor.
Teju S.: Really the more important thing about combining policies like Okta ThreatInsight and behavior detection is the ability to take all that information and give employees a passwordless login experience. Now for Joe, I'm going to make your life easier. I'm going to enable this policy called one click access that gives you a passwordless log in experience. So now why don't you sign out, sign back in and show us what that looks like?
Joe Diamond: All right, let's go ahead and give this a try. I'm going to go ahead and log out, and you broke it, Teju. I don't have the password field. What do you want me to do?
Teju S.: It's actually supposed to look like this. We're taking your device, network and location context. If you pass all those security checks, you're enrolled into a high assurance factor. In this case, Okta verify. Therefore, you get that passwordless experience.
Joe Diamond: All right, so I'm going to go ahead and type in my email address here. Go ahead and click next, and I'm not getting a password prompt at all. It just gave me an Okta verify prompt.
Teju S.: Great.
Joe Diamond: Let's go ahead and approve this. I know I'm not phishing myself. I'm a more sophisticated user this time, and just like that we're going to be in our Okta dashboard. What do you guys think? Isn't that a phenomenal way of responsibly eliminating the password? It's great. We're really excited about this functionality, but it's clear that we can't just stop at the desktop. We also have to take the same experience that we showed here, and extend that to mobile devices as well. For us, that starts with the new rule that we have called IDP Discovery. This is a brand new feature that we're launching, and this allows you to configure opt-in VMware to work together hand in hand. Okta from a best of breed identity perspective, VMware for best of breed of mobility. Teju, let's show everyone how easy it is to configure this rule.
Teju S.: Sure. So I'm in the admin UI here for IDP Discovery. What I'm going to do now is activate a routing rule. That rule directs traffic from mobile platforms to a few specific applications. In this case, we'll use Workplace by Facebook as well as a Salesforce. What's going to happen is that traffic from those two applications will be routed over to VMware Workspace ONE, and Workspace ONE is going to handle that device compliance check that Joe just mentioned.
Joe Diamond: All right. Now let's go ahead and give this a try. I'm going to go ahead and pull up my managed device. Typical corporate device scenario, and I'm going to pull up Workplace by Facebook. You're going to see a typical prompts here. Let's go ahead and go through the login experience, and see how different it is. It's going to ask me for my email address, so I'll allow that to go through. Typical privacy response for my iOS. What's happening right now is it's doing all the device state checks, and just like that, I'm in the application. I have no off consent. I'll allow that to go through, but as an end user I need to do absolutely nothing. We've extended that same experience from desktop to a managed device at this point.
Joe Diamond: We all know that we don't just work off of our desktops, off of our corporate devices, off our corporate phones. We also use our personal devices for business quite a bit as well. So I'm going to go ahead and pull out my personal iPad, and show you what my experience is like here. This is my puppy, I call him Freddie. So Salesforce is my application of choice that I typically do a whole lot of business with, and it looks like the Wifi gods are failing me here. So just look at my screen. You guys can all see this, right? You guys can see this. So what's happening right now is VMware Workspace ONE is doing all the device state checks. Looks like I have another device to work off of here, so let's go ahead and give this a try. You guys able to pull this one up? That's innovation right there guys. That's a feature. All right, so what's happening right now is that VMware Workspace ONE is doing all the device state checks on the device.
Joe Diamond: Okta is still doing all the contextual access management checks at the authentication layer. It's going to determine eventually if you all got off the Wifi, that this is a personal device. As a result of being a personal device, it would periodically prompt me for MFA via Okta verify. I would go ahead and approve that, it would let me immediately into the application. So we use an additional layer of assurance in order to approve that, and we just move forward. So we've extended the same type of experience to a personal device as well. So we've talked about corporate devices, we talked about personal devices, desktop, mobile indifferent, right? We also want to extend that same type of experience the ISV ecosystem as well. We do this, and I'm going to highlight this for you via OrgWiki.
Joe Diamond: OrgWiki is a fantastic organizational chart tool, which allows you to understand who do you report to, what's their contact information, et cetera. We use that here at Okta. So let me show you what this login experience looks like with a Sign In with Okta functionality that Todd shared with you just a little bit ago. I'm going to go ahead and click login, and you're going to see a social authentication experience that is very similar to the typical social authentication experiences we're used to as consumers. When you see Sign On with Google, you see Sign On my Facebook. Only this time you have this Sign On with Okta button. Let's go ahead and click that button, and what you're going to see here is an account user page. If I had multiple Okta accounts across multiple Okta tenants, it would give me a list or I could add one if I wanted to. I only have one in this case, so I'm going to go ahead and click it.
Joe Diamond: Just like that, I'm in OrgWiki. As an end user again, I had to do absolutely nothing. This is clearly an example of security usability coming together, but the Sign In with Okta functionality extends beyond the ISV ecosystem use case. Teju, let's walk them through how easy it is to take that functionality, and add that to a partner portal as well.
Teju S.: Sure. So here's our employee portal, today employee's login using Okta's authentication APIs. We've decided that we want to extend the same portal for our partners so that employees and partners can collaborate in the same space. So in order to do that, I want to use that Sign In with Okta button that Joe was just talking about. I'm going to head over to my application here. This is running on Open ID Connect, and because we're already using Okta's authentication SDKs, when I make a change to this one line of code, that's going to add the Sign In with Okta experience to that same portal. So now you can see that employees can choose to log in with the same way that they're used to, but partners who work at a company that may also be using Okta can use this Sign In with Okta button. Now we're on that same account user page. You can see that this page is able to save the various orgs you may have logged into on this device.
Teju S.: Now the great thing about this page is that you're signing into an Okta org. What that means is that all of the security policies that you as an admin may be enforcing, are still going to go into effect when your employee signs into a partner portal. What I'm going to do is click here, you can see that I'm signed straight in. I didn't need to mess with any additional login settings. So here's how we're extending that. Sign In with Okta experience for both ISV and partner portal use cases to preserve both productivity and security.
Joe Diamond: That's awesome, Teju. What'd you guys think of that? Slightly easier than enabling an application, isn't it? Just a little bit. What have we shown here today? Secure, seamless access for all the use cases that you care about. Your employees, your customers, your partners, your vendors, your suppliers, they should all get the same experience. You shouldn't have to sacrifice the security. You shouldn't have to sacrifice the usability. That's what we've shown here today. Plus password suck. They definitely suck, and we showed you how you can responsibly eliminate them. This is all backed by Okta ThreatInsight, looking at all the authentication events that we see, determining which are malicious, which are safe and allowing you to embed that in your sign-on policy.
Joe Diamond: That paired with the contextual access management features set, allows you to understand the context of a request. What devices are coming from, or what network, what location. All of these signals should be used in order to determine when you get a seamless authentication experience. That's what comes together to provide this. Then we showed you how to Sign In with Okta can simplify access for both ISVs and for partner portals as well. So all that we've showed you, it's all great stuff, but none of this would have been possible without the very hard work that our engineering team, the entire Okta product team and everyone behind the scenes has worked around the clock in order to make this reality. Can you all give them a hand of applause. Thank you. Appreciate it. Thank you.
Todd McKinnon: The Okta Identity Cloud is the first and only independent and neutral cloud platform for identity. It's amazing to see it in action and how all those complex scenarios, those different people, the different elements of technology can be seamlessly connected together, removing that friction, breaking down the barriers, and let customers get the value they should be getting from technology. You can see how the various network effects we're emphasizing is making it stronger and stronger for all of us. It's a virtual cycle that we're all benefiting from, and in many cases, we are becoming that enterprise standard for identity. We're using that momentum to leverage it in big partnerships with important companies, to make the whole thing more powerful. It's a big step forward toward our vision to enable any organization to use any technology, but there's something bigger at stake here. Identity is the challenge of our time.
Todd McKinnon: Technology as a whole is still too hard to use, still too much friction. It's still too much getting in the way from having us be productive. Things like identity theft, there shouldn't be problems like that. We can solve these challenges. Personal data leaks shouldn't lead to this kind of financial fraud and ruin, and its threatening democracy. The very core of society and democracy, identity challenges even reaches that level. The biggest risk of all of it is it's eroding the confidence of technology, and innovation is at risk. So what does that all mean? Where do we go from here? Identity is also our responsibility. We need a universal identity standard. A universal identity standard. The problem is it can solve these problems. It could make things work better together. The problem is that there is no standard written down. iSO hasn't written one.
Todd McKinnon: You can look at an iSO document or even the inventors of the Internet, they stopped short of the standard. They built one for DNS for servers, but they didn't build one for people. So what are we left with? We're left with, we need to build a de facto standard, a standard that is so superior to all the options and is so much mark of momentum. The world has to adopt it because it's by far the best solution. The best example of this is the iPhone. No one wrote a technical spec for a touchscreen phone. The iPhone came along and it was so much better than every phone. It wasn't long before every phone was a touchscreen phone. That's the power of a de facto standard, and we think a de facto standard for identity can work the same way. To do so, it has to be based on a common set of design principles.
Todd McKinnon: A universal standard for identity has to be personal, has to be trusted, has to be flexible, and it has to be independent, personal. So you can enable that personalization down to the detailed level for every user on the planet, and it's going to involve personal data. So people have to trust it. It has to be secure. It has to be flexible because it's not going to solve these problems if it can't reach into every technology, and bring identity to that technology. Finally of course, it has to be independent. So these attributes may sound familiar to you, because it's how we built the Okta Identity Cloud. So while we've become the enterprise standard for identity, we can become the de facto standard for identity in the entire world.
Todd McKinnon: Does that mean literally Okta will be used to solve all of these problems, every technology we've talked about? Well, it could. We can solve these problems. We have the most robust platform that has these values, but even if we don't, that's not the bar for success because we can set the tone and we can lead the way, and we could lead by example. Just like not everyone uses an iPhone, everyone uses a touchscreen phone. So that's the potential. So how do we get there? How do we get there? Identity is our responsibility. It's back to the people in this room. You're at the center of this. You're helping to find the standard. You can lead by example. You can continue to elevate identity, and embed it in everything you do. So together we can address the challenge of our time and most importantly, we can help technology reach its potential. So that's what we're doing together.
Todd McKinnon: I'll close by just asking a couple of questions. If not us, who? If not now, when? I'm very, very proud to be part of this movement, and incredibly excited about what's to come. Thank you.
Join Okta's CEO, Todd McKinnon as he discusses how Okta is driving the future of identity to make technology seamless and secure, and deliver on the company's vision to enable any company to use any technology. Todd will share the latest Okta Identity Cloud and Okta Integration Network product innovations and partnerships. You will also hear from Tereasa Kastel, Vice President, Technology at American Express on how to embed identity in your organization, and how American Express is thinking about the future of technology.