OKTA Concerns

There was a post on TMF recently talking about all of OKTA’s products, and how great they are because they are embedded deep within an organization and will be next to impossible to get out. Not only that, they are moving into security, and that is a wonderful move. OKTA’s first product was Single Sign On. Basically when you log into a computer at work, you will have access to all external cloud systems with the same username/password (if you even have to re-enter your password at all?). Basically you log into your computer, and can then have access to Salesforce, Workday, ServiceNow, Coupa, whatever other external cloud based system your company uses, without having a different username/password. This cuts down on time spent with IT on trying to reset passwords, at bare minimum. The thesis is that OKTA will be deeply embedded within an organization, connecting all the applications with one another with APIs. This will increase switching costs and offer ample opportunity for cross selling and/or price increases. The industry trend that OKTA is now in is that all these cloud based solutions reduce the ability to create a perimeter based security system, blocking threats from getting in an organization via access hacking or phishing. There is a new trend of “Zero Trust” security based system where you first ensure those getting into your network are who they say they are. This is a small niche at this time, but supposedly the way of the future. OKTA does stand to benefit from this because of their first system, Single Sign On. That’s basically the beginning of the process of Zero Trust Security. Ensuring people log on are not nefarious.

Here is a timeline of OKTA’s product releases. This was taken from their S-1

In 2010, we launched our first product, Single Sign-On, to provide employees with seamless access to all of their web applications and enable IT to securely integrate cloud applications with their corporate directory and provision users.

• In 2013, we added our Universal Directory product and expanded our provisioning integrations to cloud applications. Universal Directory provided a way to rationalize complex directory infrastructure while the provisioning integrations improved our ability to secure access to applications.

• In 2014, we introduced our Mobility Management product to extend the Okta Identity Cloud to provision, manage and secure any smartphone, tablet or laptop and its associated native applications in an integrated way with our Single Sign On and Universal Directory products.

• Also in 2014, we opened the APIs of the Okta Identity Cloud to enable organizations to leverage our platform to develop web and mobile applications for their customers, suppliers and partners.

• In 2015, we added our Adaptive Multi-Factor Authentication product to provide an additional layer of application and data security.
• In 2016, we launched our Lifecycle Management product to expand our provisioning capabilities across all of our product offerings and add workflow to automate identity related business processes.

• Also in 2016, we expanded our platform to manage application access to APIs with our API Access Management Product, creating a new class of application, service and IoT use cases.

So we have this, OKTA is “more than just single sign on.” What portion of OKTA’s growth/revenue so far has been from Single Sign on? These are the difficult questions to answer. OKTA does not break down revenues. My issues with OKTA are that the industry they started in is merging into another industry, which is security. OKTA didn’t just expand it’s product line, other companies in security grew into OKTA’s. For example, Oracle and Palo Alto Network have Single Sign On. So does Symantec. Palo Alto and Symantec are regarded by Forrester as the leader in the Zero Trust security market, and OKTA is one of 8 contenders. So the two industries merged.

OKTA has decelerated it’s revenue growth every single quarter over the last 9 quarters except for 2. But the most recent quarter is the lowest yet, at 50% revenue growth. Discussions on how great OKTA is so deeply embedded into an organization and expanding into security are only part of the story. What’s missing is the competitive outlook.

My opinion is, and I will keep researching this, but the more I discover lines up to what my theory is, OKTA is simply facing more competition as time goes on, and is now a “contender” in this quickly merging space they must now compete in. Thus explaining their decelerating revenue growth.

On top of this, their P/S ratio is 30, one of the highest in the SaaS universe, and definitely the highest for how fast OKTA is growing and for one with decelerating revenue growth.

My suspicion is that SSO is still a big portion of their revenue; and I’m sure they’re great at it! But if that’s now a portion of Zero Trust security, and OKTA is not the prime leader there, it makes them less competitive. They just recently acquired SquareFT in an effort to become more competitive in Zero Trust.

I don’t see OKTA moving into security so much as a new greenfield opportunity but something they must do to survive, and in doing so, are going to be playing against some formidable competitors.


SSO was popularized through OAuth and Facebook adopting it. Then it got upgraded to OAuth2, but that’s getting a bit long in the tooth now. OpenID, also often called OAuth2+, will be the next generation. But OAuth and OpenID are still just protocols. You need an implementation. The big daddy is still Active Directory. But Okta is also a popular choice.

Software vendors or platforms don’t want to build this themselves. So they buy one of the available solutions, of which Okta is certainly a popular one. There will always be a sizeable market for this.

However, with protocols like OpenID, switching is not that hard. Or software vendors offering multiple options to plug in.

So what does Okta have over the other competitors? To be honest, I don’t really know. I’d like to know more about that. Until then I’ll probably hold off investing. I work in the space and we’re about to adopt OpenID exactly so we can offer the customer a choice. Provide our customers with the option to use Okta and others, even though we have an in-house solution. So quite possibly I’ll know more about Okta’s advantages in time. Then I’ll see. It’s becoming a big market though, you don’t have to be the biggest or most popular to have a good business.



I have been a bit concerned on OKTA for a long time…

My concerns are similar to what 12x described…

however, I have been holding a full position and only keep trimming time and again due to its price rising… still have 9% position and not likely to sell out soon… here is why.

Few months back, i noticed that when i log into Palo Alto Medical Foundation (my doctors), they use Okta for me to sign on / authorize.
This to me was eye opening… before this, I was thinking of Okta use case as within enterprise and for employees. Once I understood that the use case for customers is mature enough for a medical system to use with their customers, suddenly Okta’s serviceable market expands.

So I agree, that revenue has been decelerating, and there is overselling by the CEO, at-least I am not as concerned about falling off the cliff as I am in case of TTD (which is what I exited during last week).