Securely Connected: A Deep Dive into Okta's Identity Management Solutions

Explore Okta's journey in identity management, its innovative solutions, and future prospects in cloud security. Dive into the world of Okta and its impact.

Securely Connected: A Deep Dive into Okta's Identity Management Solutions
Photo by FlyD / Unsplash

It’s time for another breakdown, and this time I’m choosing Okta. I’m focusing on Okta because the last three companies I've worked with used this tool to manage access to everything. A few times a day I have to log in to Okta to authenticate against something, so let’s explore how Okta operates and monetizes its essential services in the identity management landscape.

Okta, for those completely unfamiliar, is an identity and access management company. It simplifies managing access to various business tools, providing users with a single login to everything from Slack, to Gmail, to Figma, and everything else in-between.

The Foundations of Identity Management

Understanding the role and importance of identity management is crucial to grasping Okta and its value proposition.

In today’s digital world, businesses need to ensure that the right individuals have access to the right resources at the right time. This necessity for precise access control forms the core of identity management.

Before the widespread adoption of remote work and the ‘SaaSification’ of everything, many identity management solutions were on-premise devices. You had to be on the corporate network, or connected to servers to be able to access certain privileged services and tools.

This limitation meant that things were not very scalable. You also couldn’t work from home without an entanglement of VPNs or the company sacrificing security. Something else entirely was needed.

While not a single leap, and with many stepping stones along the way, the proliferation of cloud computing eventually led to identity as a service (IDaaS) solutions.

IDaaS platforms are cloud-based services that help companies manage digital identities and access for cloud, on-premise, and mobile applications. It is scalable, flexible, and globally accessible, which will be our focus in this article.

What is Okta?

Okta Logo

Okta is at the forefront of cloud identity management. Okta’s suite of services is meticulously crafted to authenticate, authorize, and secure user access to a corporation’s applications and resources. Okta works across devices, and around the world, allowing companies to ensure access is granted only to those who need it, when they need it.

Okta was founded in 2009 by Todd McKinnon (current CEO) and Frederic Kerrest to offer a cloud-first approach for identity and access management (IAM). They knew that companies would need to address the growing complexity of managing identities across a diverse set of applications and devices. Suffice to say, it’s been a success.

Okta Stock Price

With consistent expansion in its product offerings, customer base, and market presence, Okta has established itself as a leader in IAM. It went public in 2017 and has returned ~350% to investors since that day.

It probably makes sense to pivot a little to “how,” or maybe “what?” Okta has a number of product offerings that are divided across two primary suites: Workforce Identity Cloud and Customer Identity Cloud.

Workforce Identity Cloud

If you’ve ever used Okta in the workplace, it was the Workforce Identity Cloud that you used. The Workforce Identity Cloud focuses on enabling secure, efficient access to technology resources for everyone inside an organization.

Key components of Okta’s Workforce Identity Cloud are:

  1. Single Sign-On (SSO): Allows users to access all of their applications with a single set of credentials
  2. Adaptive Multi-Factor Authentication (MFA): Provides an additional layer of security by requiring users to present two or more verification factors (typically SMS or a push notification on the phone)
  3. API Access Management: Secures APIs by implementing policies to ensure only authorized users can access them
  4. Universal Directory: A cloud-based user store that manages user attributes across all applications
  5. Lifecycle Management: Automate user account creation, update, and deactivation processes across many systems

Customer Identity Cloud

Building authentication into your applications can be a tricky proposition, so Okta’s Customer Identity Cloud looks to make things a little easier. It’s designed to provide a secure, seamless authentication and user management experience.

The Customer Identity Cloud has plenty of features:

  1. Universal Login: Provides a customizable login experience for applications. Supports standard protocols such as SAML, OpenID Connect, and OAuth.
  2. MFA Support: Allows applications to easily build out and provide MFA.
  3. Passwordless Authentication: Offers users a seamless login experience using biometrics or other factors.
  4. Attack Protection: Leverages intelligence to protect against identity attacks and account takeover attempts.
  5. User Management and Registration: Robust toolsets for managing user identities including self-service registration, profile management, and account recovery.

The Unique Selling Propositions

Users could build this functionality themselves, they could also use a bevy of other tools (many open source). This raises the question: why should businesses opt for Okta?

Okta aims to distinguish itself from the market in three ways: security, scalability, and integration. The former has had a few challenges of late, but the latter two really do help Okta stand out from the crowd.

By this point in the breakdown, you’ve probably established that security should be one of Okta’s key tenets, and you’d be right. For customers to trust Okta, security has to be central to everything Okta does.

While the company does put security front-and-center, there have been numerous security incidents, with a fairly large one occurring in October 2023. Every time there’s a breach, public (and buyer) perception of the product is set back.

The most recent incident was such a setback that Okta decided to stop shipping new products, instead choosing to focus R&D efforts on enhancing security even more. This, to me, was the correct path to take. It might mean slower revenue growth due to fewer product enhancements hitting the market, but a security breaches do more damage than new products can do good.

Without security, none of Okta’s other unique selling propositions matter. If we assume, though, that security is “solved” or consistently front of mind, then the second largest USP is integrations.

Okta has thousands of pre-built integrations for applications, directories, and IT systems. This helps companies streamline the implementation of identity solutions across their business. Sure, a competitor could build the same, but it’d take a good amount of effort and time. Effort and time that Okta has already spent.

How Okta Generates Revenue

Let’s delve into how Okta translates its sophisticated services into revenue streams.

Okta has two revenue streams, a SaaS based subscription offering, and professional services. Professional services makes up a negligible amount of revenue, and is always sold below cost. We’re going to be ignoring it here as it’ll never be a significant part of Okta’s business.

Okta sells access to its Workforce Identity Cloud and Customer Identity Clouds on a subscription basis. Subscriptions are typically sold under annual, or multi-year contracts as it makes little sense to implement a service like Okta month-to-month.

Okta Workforce Identity Cloud Pricing Page
Okta Workforce Identity Cloud Pricing Page

Focusing on the Workforce Identity Cloud first, Okta provides “list pricing” on its website. List pricing is generally a good 20-25% more that one can expect to pay for the service, but that all goes on what you’re getting feature wise, and how you expect to grow with time.

SSO starts at $2 per user per month, adding MFA kicks things up to $3. If you want that MFA to be adaptive, you’re at $6. The Universal Directory adds $2 per month, and if you’re interested in tying things together with Lifecycle Management, that’ll be another $4. Things only go up from there.

Okta’s sales team operates using a land-and-expand strategy. Effectively, they’d like to get customers started on that $2-5/month simple SSO strategy and then let them know over time how much better things could be with Lifecycle Management, Advanced Server Access, and Okta Privlieged Access. Soon, the price is up to $20/month, and things are looking good for Okta.

Pricing for the Customer Identity Cloud is a bit easier to come by without sitting on a sales call. If you head to the Auth0 website, you can see that it has a free plan which allows you to have up to 7,500 active users without ever paying. Have a bigger app, or building a B2B product, that’s when you’ll start paying.

Things there start at $35/month, very quickly jump up to a few hundred dollars per month, and if you’re looking to build at enterprise scale, or want guaranteed SLAs then you’ll have to hop on the phone.

Okta KPIs and Metrics
Okta KPIs and Metrics

All told, and we use this data to drive the financial model, there are 18,950 paying customers using Okta today. Of those almost 19,000, 4,485 (24%) are contracted to pay more than $100,000 per year. If you run those numbers, that means the average contract is about $120,000 per year, not too bad for simplifying authentication everywhere.

The Competitive Landscape

The identity management market is pretty big, and it’s got parties of all size competing for various chunks of the pie. Suffice to say, Okta has a good amount of competition, but it benefits from substantial switching costs, creating a high barrier for customer migration.

In its 10-K, Okta calls out Microsoft as its most formidable competitor. Microsoft offers Azure Active Directory (AD), a comprehensive cloud-based identity management service. It’s deeply integrated with the Microsoft suite of products.

Okta integrates well with Active Directory and is frequently the combo of choice for many organizations. While Okta does have its own AD like product, Universal Directory, it’s still not quite as full featured as Microsoft’s tool - thus, companies often choose both.

A competitor more in Okta’s lane is Ping Identity. Ping Identity provides a flexible platform that supports SSO, MFA, and identity governance. It, like Okta, focuses on the enterprise market. Should Okta slip up on the security front, Ping Identity could find itself in a winning position.

With the Customer Identity Cloud, the alternative is to simply roll your own. Application developers have been doing that since the dawn of applications, and there’s a significant amount of open source tooling to help out. There are also a number of upstarts in the area, and, yes, Microsoft is here too with its Entra product.

Okta, as discussed throughout the breakdown differentiates itself by bring as agnostic as possible. Could the company be hostile and force users onto Universal Directory? Sure. Would it work? Absolutely not. By integrating with tools that enterprises already use, Okta can get its foot in the door and then focus on wowing customers, eventually upselling them on more.

Okta’s Future Prospects

Size of the IAM market in 2028
Size of the IAM market in 2028

The IAM market is not getting any smaller, it is expected to grow significantly. In fact, according to Statista, it will more than double in size by 2028.

Given this market backdrop, how is Okta positioned for future growth and challenges? Well, geographic expansion is the largest item on the table right now. At the close of fiscal year 2024, just 21% of Okta’s revenue came from outside the United States. That number had grown 19% from the prior year, but Okta’s revenue had grown at 22%, indicating that international pickup is still a little lacking.

International growth is an easy out for this breakdown though, and it’s 2024, so you’re really here for the AI play. Well, Okta does have some significant capabilities on the AI front that have yet to be truly tapped into.

Okta did launch “Okta AI” in fiscal year 2024. The first product out of that was the industry’s first Universal Logout solution. From there though, Okta could look to use the tremendous amount of data it generates to help companies keep secure.

How? Well, Okta sees millions of authentication events every day, all around the world. The company can detect and monitor patterns, looking for anomalies and flagging them in real-time. If my company allows me to login anywhere in the United States, but I’m bouncing around the country like a yo-yo, flag it.

Okta could also implement adaptive authentication. Learning from user’s patterns and re-authenticating them more often if things look risky (new location, new device), or even force different MFA authentication types depending on the risk.

When it comes to user experience, Okta could learn and customize the user interfaces based on each user’s preferences. If one goes to Okta in the morning for design tools, bubble that up. If the afternoon calls for office tooling, bubble those up at that time.

Automated onboarding and offboarding. Access reviews when it seems like someone’s job function (based on what they use) might not require other levels of tooling or access. This type of thing could be judged from peers with similar titles and their use habits. Combine this with intelligent insights and reporting that generate actionable recommendations for IT administrators.

Okta has a lot of future potential, but as I harped on earlier, it is highly reliant on security being the forefront. Many of the things I’ve listed here are likely already on Okta’s radar, but tabled while security has been front of mind.

Okta Financial Model

A quick callout here that I build these models for fun, mainly to understand what different paths for companies would look like. In Okta’s case the driving values are number of customers, and average revenue per customer. Everything below is just my opinion at this point in time based on what I learned for this breakdown. I am almost certainly wrong, but the model is available for download if you want to play with the numbers yourself.

💡
Premium subscribers can access the model (and all past models) on the Models Page.

In FY24, Okta's user count grew by 8%. I do not foresee a higher growth rate going forward. I also don’t see things plummeting. I have kept growth at 8% for FY25 and then tapered down to 5%. This results in Okta growing from 18,950 customers to 25,592 in FY29.

Okta Valuation Drivers
Okta Valuation Drivers

The second key component in my model is “average revenue per customer.” I am calculating this by taking total revenue and dividing by total customers. This method is quite basic, yet it provides a reasonable approximation.

That “good approximation” was a hair under $120k for FY24 with growth of 13% over the prior year. Again, I believe Okta will still see growth here, but it’s likely to be tapering like customer growth. From $120K, I have modeled Okta growing to $176K.

Income statement model
Income statement model

Overall, this projects a FY29 revenue of $4.5 billion, a doubling over FY24. Gross margins on the product should grow over time, and I have those growing to 82% by the end of the model, resulting in a $3.7B gross profit.

Okta Operating Expenses
Okta Operating Expenses

Navigating the operating expenses is always tricky. I do not expect Okta to reduce spending in any category, but they will shrink as a percentage of revenue over time. I think the picture above shows the path, but my rationale for each is:

  • R&D - I don’t see this going down. Okta will be having to keep pace with a number of competitors, and may have to spend more to do that. If anything, I think I’m being conservative here.
  • Sales and Marketing - This may be an area where I’m overshooting. If Okta excels and becomes more recognized, then spending in this area might decrease.
  • General and Administrative - You can’t escape it, but Okta has said it believes this number will keep trending downwards as a percent of revenue.

All these factors suggest Okta could achieve operational profitability by FY2028, which is far from ideal, but not a horrendous outcome by any stretch.

Next, let’s discuss the valuation. With companies that are not yet profitable and generating consistent cash flows I avoid building a full model. Instead, I choose to focus on three different metrics, price-to-earnings, price-to-sales, and price-to-fcf.

Okta Valuation Table
Okta Valuation Table

Here is the valuation table for Okta. As indicated, raw P/FCF and P/S yield the highest figures for FY29, yet they do not strongly signal a 'buy'.

So, then, what could make Okta a screaming “buy.” Well, I think we’d have to start at those two original numbers, customers and average revenue per customer. For this exploration, I think the latter is the target.

Average revenue per customer could see significant growth with AI related products, or playing on the high switching cost flywheel Okta has. Consider this, you’re the CIO of an organization and you’re growing. You’re paying Okta $15 per user per month ($180k / yr for 1000 employees). Okta comes to you each year and increases the cost by a couple of dollars. Perhaps instead of $180K it becomes $204k. Are you really going to start rolling off Okta over $24k? Probably not.

If you then threw another product or two into the mix, say at $2/mo/user extra, and grew headcount to 1100 then your price increase, additional features, and new headcount makes your renewal $250k. That’s 38% more, but you’re growing, and adding features, so it’ll feel worth it.

Perhaps, then, just to explore, let’s say that Okta is able to get in a cadence of growing average customer cost by 12% per year through 2029... how does that look?

Okta High Growth Valuation
Okta High Growth Valuation

Much better. At the higher end of valuations now we’re starting to see numbers that offer a 100% return over today’s prices. Still, there’s cause for concern, or rather a lack of “screaming buy” at those lower multiples.

Closing this section out, I’ll reiterate my words from prior breakdowns and say that valuation is just a story. No one knows for certain what will happen, you just have to shape the story that makes the most sense. While I will refrain from making buy or sell suggestions in these articles (as best I can, I am only human), I will try my best to shape the story I see playing out.

Conclusion

This deep dive into Okta shows that it is more than just a tool. Okta is a vital part of the modern digital workspace, balancing security with accessibility. Its success lies in simplifying complex identity challenges while keeping a keen eye on security, especially after recent breaches. Okta's strategy seems sound, focusing on reinforcing trust through enhanced security measures rather than rushing new products to market.

Financially, Okta's got a strong base with its subscription model, and the future looks promising with the IAM market's growth. Yet, the real test will be how well it can capitalize on this growth while maintaining the security that's central to its value. With plans for global expansion and leveraging AI, Okta is gearing up for more than just incremental growth; it's positioning itself for a leading role in the identity management saga.

In essence, Okta stands at a crossroads of opportunity and challenge, where its next moves will likely influence not just its trajectory but also the broader landscape of identity management.