Okta: Integration Issues (NASDAQ:OKTA) | Seeking Alpha
Okta (NASDAQ:OKTA) is a leader in the identity management market, but has faced difficulty over the past 12 months, in part due to their acquisition of Auth0. The long term importance of integration problems related to the sales organizations is likely being overestimated, resulting in Okta’s stock being attractively priced. Okta must resolve issues in their salesforce and still needs to strengthen their identity governance and privileged access management offerings, but remains the leader in a large and growing segment of cloud computing.
The rise of cloud computing and a proliferation of remote workers have caused the traditional corporate perimeter to dissolve. As a result, organizations are increasingly taking a zero-trust approach to security, requiring a demonstration of identity prior to being granted access. Identity management vendors are critical to zero-trust, as they are the source of truth (identity and authorization). Identity management software is not a new category, although legacy tools were designed for on-premises use and can be costly and difficult to use.
As the number of users, devices and applications proliferates, controlling access becomes an exponentially more difficult problem. An identity-centric approach allows organizations to linearly scale their IT architectures. Having one source of identity simplifies IT architectures and greatly reduces the problem of integrating applications, but also introduces a single point of failure. Unified identity platforms can enable organizations to reduce costs, and enhance security and compliance, but this solution must be secure, reliable and able to support cloud scale.
DIY approaches to application identity management are no longer feasible for most engineering teams, as security requirements have increased significantly. This change is driving developers towards IAM vendors, as they upgrade identity frameworks in existing customer applications or pull identity off-the-shelf to start a new one.
IAM consists of two main functions, authentication and authorization. Authentication establishes identity, which is traditionally achieved through a username and password, but now utilizes more sophisticated methods, like device fingerprinting, multi-factor authentication, certificates and biometrics. Authorization determines what resources (applications, features, file directories, content) a user is allowed to access.
The market can be split into workplace identity management and customer identity management. Workplace identity is focused on securing the identity of users within an organization, whereas customer identity is focused on managing the identities of an organizations customers. For workplace identity management the buyer has traditionally been the CIO or CISO. In the customer identity management market the buyer is more likely to be a marketing, product, technology or digital transformation person, with significant input from developers.
In 2016 Okta estimated that the identity opportunity was worth at least 18 billion USD globally. This estimate was based on Okta’s average calculated billings and penetration per customer applied to the estimated number of businesses and educational institutions globally. Even at the time of their IPO, Okta recognized the opportunity in identity for external-facing systems, but at the time it seemed like Okta planned to leverage the Okta Identity Cloud to enter this market. Okta now believes they have an 80 billion market opportunity. 75% of Okta’s revenue currently comes from the 30 billion USD workforce identity market, while 25% comes from the 25 billion USD customer identity market.
Okta is a leader in identity management, a large, and under-penetrated market. The company was founded in 2009 and has pioneered identity in the cloud. Okta’s approach to identity allows customers to simplify and scale their IT infrastructure more efficiently by eliminating duplicative credentials and disparate authentication policies.
Okta is used to access a wide range of cloud applications, websites, mobile applications and services from a multitude of devices. The Okta Identity Cloud is used by organizations to manage and secure internal users, and to connect and secure external users via APIs. Workforces sign into Okta’s platform, which then controls access to applications.
Okta’s products include:
- Universal Directory – cloud-based storage of user, application and device profiles and their relationships
- Single Sign-On – Enables access to applications with a single entry of user credentials
- Adaptive Multi-Factor Authentication – Provides additional security to all applications accessed through Okta’s platform
- Lifecycle Management – automates administration and provisioning of user accounts and access
- Mobility Management – automates administration and provisioning of user devices
- API Access Management – connects web and mobile experiences to cloud or on-premise services through APIs
Okta Platform Services consists of six core identity technologies available through APIs and SDKs. These are meant to be consumed by customers and developers to build new identity-based applications and tailored customer experiences. Okta Platform Services enable anyone who uses Okta to leverage Okta’s underlying technologies in a range of ways, empowering customers, partners, and Okta engineers to rapidly innovate.
- Okta Directories provides tools to legacy onsite identity provider services.
- Okta Integrations offers integrations with a broad range of existing applications.
- Okta Insights collects data from all Okta user activity and surfaces nefarious behavior. This information can be leveraged to block identity attacks.
- Identity Engine is a set of customizable building blocks for controlling access, from registration to authentication to authorization.
- Okta Workflows enable the provision of identity processes without the need for writing code through if-then logic and a pre-built connector library.
- Okta Devices gives organizations visibility into devices accessing Okta, enables contextual access decisions and provides a passwordless login experience.
Okta also recently launched an IGA solution and is currently developing a PAM solution. This is part of a strategy to offer a comprehensive identity platform which positions Okta as a strategic identity partner for businesses across the globe. Identity Governance and Administration software is used to achieve automation and compliance outcomes. It is focused on ensuring IAM policies are connected and enforced. Privileged Access Management solutions centralize management of administrator profiles and ensure least privilege access is enforced to give users only the access they need. This is important as privileged accounts possess elevated access to data or services (like an administrator account). These are both potentially current areas of weakness for Okta that need to be developed to help secure the company’s long term competitive position.
Okta potentially has a number of competitive advantages, including:
An increasing network of integrations, which broadens the appeal of their platform. Okta has thousands of integrations with cloud, mobile and web applications, which are likely difficult to replicate and maintain.
Okta has a large amount of user data (devices, location, applications they access) which could provide a data network effect. This data can be used to drive product development and improve security. Okta can examine anomalous behavior from a group of users and rapidly adjust security rules to require an additional layer of authentication.
Identity authorization technology is also another potential barrier to entry. Passwordless access (face ID, touch ID, biometrics, location, access to a physical device, etc.) coupled with machine learning to assess risk should make identities more secure and streamline authorization.
Okta acquired Auth0 in 2021 for 6.5 billion USD in stock (Okta’s market cap is now only approximately 11 billion USD). This compares to a 1.92 billion USD valuation Auth0 received after a funding round in 2020. At the time Okta’s CEO stated that the revenue multiple that they paid for Auth0 was slightly below their own. Okta closed FY2021 with over 800 million USD in revenue, while Auth0 was projected to close 2021 with 200 million USD in annual recurring revenue.
Auth0 is an identity management platform which provides API access to single-sign-on functionality for app developers. This allows developers to deliver IAM functionality without having to build it themselves. Okta focuses more on pre-built, pre-configured solutions while Auth0 is more focused on purpose-built app developers and as a result Auth0 is much more flexible and extensible. Both platforms were expected to be supported, invested in, and integrated over time.
Auth0 was the leader in the customer identity management market and Okta likely felt their strong standing amongst developers, coupled with the different sales motion, made an acquisition more appealing than trying to compete with an internally developed product.
Sales synergies were a key justification of the merger, which is somewhat bizarre given the different sales motion and probability of cultural issues during the integration of the two companies. Workplace identity software is typically sold at an executive level, while customer identity software is typically sold to developers.
Since the acquisition, Okta has faced challenges related to the integration of the Auth0 and Okta sales organizations, as well as modest macro headwinds, which has led to disappointing revenue growth. Okta has also experienced heightened attrition within the go-to-market organization as well as some confusion in the field. Okta has now unified the pricing, quoting and opportunity management system, allowing the sales team to work from a single integrated CRM system.
Okta has also been involved in a number of fairly high profile security incidents recently, which is somewhat embarrassing for a firm that is supposed to provide security to others.
In January 2022 a third-party vendor was compromised, allowing a threat actor to control a workstation used by a support engineer with access to Okta resources. Okta do not believe this incident had a quantifiable impact on their business in the first half of 2022.
In another more recent breach, hackers stole source code from Okta’s GitHub repositories. The copied code repositories were associated with Okta’s enterprise-facing security solution. Okta has not stated how attackers managed to gain access to its private repositories.
The damage from these incidents appears to be minimal so far, but further issues could undermine customer confidence in the security of Okta’s platform, and given the critical nature of the services provided, this could be extremely negative for the business.
Like most SaaS companies, Okta is facing a growth slowdown due to tighter IT budgets and longer sales cycles. Okta is now also past the one-year anniversary of their Auth0 acquisition, meaning that YoY growth figures are on a like-for-like basis.
Workforce ACV grew 36% and represented 63% of total ACV in the second quarter of 2022 and Customer identity ACV grew 47% and represented 37% of total ACV.
The public sector is a large part of Okta’s strategy and this vertical has been an area of strength in 2022. Okta also anticipates achieving FedRAMP High Authorization by the end of 2022 and plans on launching the Okta Military cloud in 2022. Million dollar plus transactions have also been an area of strength for Okta.
The number of job openings mentioning Okta in the job requirements declined significantly in 2022, although may now be stabilizing. Many SaaS companies are in a similar situation and it is not clear that this represents an Okta-specific issue.
Okta has respectable gross profit margins, which have been fairly stable in recent years. Services are a loss leader which drags on margins but only contribute a low single digit percentage to total revenue.
Okta had been on a clear path to profitability until the Auth0 acquisition and recent growth slowdown, but is now faced with large losses at a time when investors are demanding profitability. This should not be particularly concerning for investors with a longer time horizon as Okta has attractive unit economics and should be in a much better position once the Auth0 integration issues are resolved.
The increased burden of operating expenses is primarily due to sales and marketing costs, which is not surprising given Okta’s turnover problems. It will likely take time, but once attrition problems are resolved, sales rep productivity should improve, particularly once the demand environment improves.
Attrition has been higher amongst former Auth0 employees, but not exclusive to them. Okta’s management has pointed to attrition of approximately 20%, compared to a historical value of around 15%. Sales rep ramp times are 6-9 months, and so productivity improvements may not be fully realized until late in 2023.
Okta dramatically reduced hiring over the course of 2022, which is likely more a reflection of strong hiring in 2021 and macro uncertainty than any fundamental issues with the business.
While Okta has a strong competitive position, there are a number of companies offering similar services, including:
- Ping Identity (acquired by Thoma Bravo in 2022)
- ForgeRock (FORG)
- Oracle (ORCL)
- CyberArk (CYBR)
- SalePoint (acquired by Thoma Bravo in 2022)
The market is split between on-premises and cloud solutions and workplace and customer identity, with Okta’s primary strength being cloud-based workplace identity.
Okta’s competitors in the workplace identity market include authentication, provisioning, adaptive multi-factor authentication and mobility management providers, such as:
- Computer Associates
- IBM (IBM)
- Microsoft (MSFT)
- RSA (a division of Dell Technologies)
- VMware (VMW)
These are all large services providers with broad portfolios of solutions that are often offered as bundles. There has recently been a pushback against this type of offering though, as customers look to cut costs by eliminating underutilized services.
Okta offers an independent and neutral platform, which helps customers integrate with any application, service, device or cloud. This is an important advantage for Okta when competing against companies like Microsoft, as Microsoft will always be tempted to prioritize its own services, undermining their identity solution for the greater good of the company.
For customer identity use cases, Okta generally competes with internally developed systems, enabled by services like Auth0.
Despite a recent bounce back in share price, Okta remains attractively priced relative to similar companies, although not as cheap as it was several months ago. Based on a discounted cash flow analysis I estimate that Okta is worth approximately 115 USD per share.
Okta remains attractively priced given the company’s potential, but the short-term may still be volatile given recessionary concerns and continued problems with the salesforce. Resolution of Auth0 integration issues and fading concern over inflation may provide Okta’s share price with further tailwinds.