Stefan Schwarz -- Wells Fargo Securities -- Analyst. Most Okta API endpoints require that you include an API token with your request. Run this command in Microsoft Graph PowerShell on an on-premises domain controller: Run this command in a Microsoft Graph PowerShell session to list the synchronized values: After both exports, confirm user ImmutableID values match. We're seeing the commitments to and expectations around their own websites or their own customer-facing applications being a little less so. Rudy Kessinger -- D.A. This is Billy Fitzsimmons on for Sterling Auty. It can also be used to access unauthenticated endpoints. The response should look something like this (the token is truncated for brevity): Note: The lifetime for this token is fixed at one hour. This option allows you to bring your own keys or use the Okta key generator. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services. forum. So, it's not just -- obviously, we want to grow as fast as we can, but we want to grow responsibly and profitably as we move forward. Let's go to Jonathan Ho at William Blair. And we do expect that to continue throughout the balance of FY '24. So, that's very positive. We're seeing increased macro headwinds on our business, most notably with new business across SMB and enterprise. I mean you saw the U.S. Air Force Recruiting Service sign-on for us as a customer. With me in today's meeting, we have Todd McKinnon, our chief executive officer and co-founder; and Brett Tighe, our chief financial officer. No worries. The system automatically creates corresponding Linux and Windows usernames. Include the service being called, the type of authentication, and a reference to the account being used. But you've got more products to sell in each deal and at least to this qualitative story of perhaps we're in more of a commoditization cycle for core identity. And I don't think it's like a -- it's come -- it feels like it's come on all at once, but it's really been a culmination of really a lot of important trends in the world, both just like the algorithmic advancements and what they're doing with originally what was TensorFlow and now the large-language models in various domains and -- or it's the compute power, which everyone knows about or -- the key thing, too, is just the data. And in a lot of ways, we have the luxury of making sure we look everywhere and find a truly amazing candidate. Great. The scopes requested for the access token must already be in the application's grants collection. I mean, it's going to change. Hey. But it's also the ecosystems and the partner's ability to work with us, whether it's Google Workspace or Amazon or Zoom we talked about or the hundreds and hundreds of other big-scale technology vendors that have an interest in there having to be choice in an ecosystem. Just to catch people up, so we're really -- so, that's three quarters into a big change on the clarifying of the positioning of the Workforce Identity Cloud and the Customer Identity Cloud. And how do you think about that channel longer term given we're hearing many customers are using it as a way to work down cloud -- excess cloud commits? The number of fully ramped salespeople is close to a more normalized level as average tenure increases, and we're seeing positive trends in the number of sales reps closing Customer Identity Cloud deals. We always have some deals that slip out of an end of the quarter, but we had more than normal slip out this quarter. Save time with pre-built reporting and data that you can download, sync, and access in a variety of formats. e.g, I have services A, B, C, all of them require an access token from Okta. Yeah. Like last quarter, new customer growth is an area that we believe has been impacted by the macro environment. Consistent with prior quarters, gross retention rates remained very healthy in the mid-90% range. For example, a service may require api_key as the header name and the key itself as the value. There's maybe another level of budgetary approval that we didn't see before. How to Secure Your .NET Web API with Token Authentication It's still a relatively small number given the number of 18,000-plus customers and the number of deals we do in a quarter. Thanks. So, that's an idea of, in the products, how it could be maybe a non-obvious use case. Maybe just to push a little bit further on macro, I think it sounds like the biggest impact is really just around deal sizes. Let's take our last question from Param Singh. To make the world smarter, happier, and richer. The private_key_jwt client authentication method is the only supported method for OAuth service apps that want to get access tokens with Okta scopes. Get scalable authentication built right into your application without the development overhead, security risks, and maintenance that come from building it yourself. At the same time, we continue to deliver value to our customers and underscore our leadership position through product innovation. Maybe just on the federal vertical. Authentication and authorization are not the same thing. In this example, we are selecting RSA as the encryption algorithm. But some new trends that are coming around are what you heard me talk about around less seat expansions. This includes the cash outlay of approximately $14 million related to the organizational restructuring. Select Enable pass-through authentication. With Customer, you have to kind of make a leap about when's the next ChatGPT or how much digital transformation are these industries going to go through broadly. After you verify the Azure AD Connect installation, disable Okta provisioning to Azure AD. I mean, obviously, it creates a headwind for us, both on revenue and cRPO because we didn't execute as well as we want. This is your only opportunity to save the private key. And then, the other part of it is just it's kind of inevitable. NerdWallet, a platform that provides financial guidance to consumers in small and midsized businesses, was another great example of cross-selling between our two clouds and a great illustration of how our customers layer on more and more Okta capabilities over time. On the Ready to configure page, select Enable staging mode. Is there any way to quantify that? Yeah. J C Citrix Cloud supports using Okta as an identity provider to authenticate subscribers signing in to their workspaces. Some Okta SDKs require that keys be in Privacy Enhanced Mail (PEM) format. I can't give you an exact number. So, I think it's -- you're seeing solid execution, a lot of macro uncertainty, but long term, identity is going to be an important thing, and we're going to be there to serve the market. I mean just trying to get a sense of, out of the 18,000 customers, how many use bulk. Great. It's -- so, I think I've said this before for folks that have listened to the calls and I've had the pleasure to meet and talk to. Quantitatively, what we look at is we look at the numbers I mentioned over and over. In practice - Okta is an Identity and Single Sign On solution for applications and Cloud entities. Yeah. Once logged in, the system will remember the user for the rest of the session by using cookies. In the authentication window, enter Global Administrator credentials. See Scopes and supported endpoints. I guess on the cRPO guide, if I'm thinking about the impact from Auth0 integration last year, can you just give us some parameters on how large that is? Hey. Both of those obviously came to fruition. Okta ( OKTA 0.88%) Q1 2024 Earnings Call. And I think what that tells me is that it's more confidence that it's really just -- it's not a question about the value of identity or the long-term strategic nature of what we're selling. Okta | GitLab They can see what 18,000-plus other customers have done and then apply that quickly to their own configuration, decreasing the errors, increasing the speed to value. The CAS protocol and authorization flow looks like this: With CAS, the user does not have to repeat this process when toggling between applications within a single sign-on session. Verify updates include attributes expected in Azure AD. But it looks like you have yourself kind of reaccelerating a bit into the next quarter and actually even more in the second half of this year. Businesses will be able to easily integrate modern cloud infrastructures such as AWS, EC2, or Kubernetes into Okta for centralized policies and controls across the resources their workers need. And we'll continue to add more products that take advantage of data and algorithms and compute. In the authentication window, enter Global Administrator credentials. Take all prerequisites into consideration when you install Azure AD Connect or Azure AD cloud provisioning. So, the -- I guess the good news and the bad news is that -- the good news is that it's changing. When a user attempts to access a web application that requires authorization, they are initially redirected to the CAS server for authorization. That could change next year or '26, but for this year, the big upsell opportunities are selling the other cloud. I think AI is a big deal. Is it still assuming you're going to see similar impacts on both product lines? It can offer users convenience, consistency, and a high level of security. Microsoft Academic. All of this data enables us to identify patterns and detect anomalies as potential security attacks. That's pretty compelling to them. Secure your consumer and SaaS apps, while creating optimized digital experiences. And there's going to be a log-in for all these things. The following command gets on-premises Azure AD users and exports a list of their objectGUID values and ImmutableID values already calculated to a CSV file. It's great to see OIG off to a fantastic start. If the ticket is valid, the user is authenticated and returned back to the application. This is the first time attempting to access a CASified application (web application using the CAS service). Just any quantitative or qualitative update on the performance of CIAM versus Workforce? The following are the high-level steps required to perform the Client Credentials grant flow with an OAuth service app: Note: OAuth for Okta works only with the APIs listed on the OAuth 2.0 Scopes (opens new window) page. And then, when you look at the -- but when you look at the aggregate number, the one that's really important is just the number of sales reps doing these CIC deals. Can you maybe help us understand where we are with the sales transition, productivity levels? Total operating expenses for the quarter were lower than expected. We added 450 new customers in the quarter, bringing our total customer base to over 18,000, representing growth of 14%. Thanks, Dave, and thank you, everyone, for joining us this afternoon. Making the world smarter, happier, and richer. Hey, yeah. Thanks so much for taking the question. token that is sent with each request you make. So, in terms of net retention rate, the decline quarter-over-quarter from 120 to 117, like we spoke about previously, we did expect the number to decline, and they were for two reasons. You can connect to Microsoft Graph PowerShell and examine the current ImmutableID value. Those products are great, and they'll get better with better algorithms and more data because we have the strategic advantage of having so much data, we can see the patterns. Click the Application rate limits tab to adjust the rate-limit capacity percentage for this service application. And we've had a -- you mentioned the dot-military -- the instance for the DoD, which is the dot-military instance. Using Login.gov as a Custom Identity Verification and Authentication Service in Okta Brandon Iske Principal Solutions Architect March 15, 2023 The impact of the pandemic continues to demonstrate the need to improve the security and user experience of public-facing government digital services. I would say it's a mix of both of what you just said because when you look at the Workforce Identity Cloud, you heard me talk about seat expansions. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. The average deal size that you talked about is ticking down. The company's legacy technology was complex, not adequately secure, and couldn't meet the needs of the business line. If you are using an Okta SDK, you can skip this section and the Get an access token section. The NRR is in decline. In addition, you must register a redirect URI to be used for redirecting authentication back to Workflows. And I guess that's not great. muscleman September 21, 2019, 6:18pm #1. And we now believe that dilution for FY '24 will be back within our historical range. You're going to need to log on to these experiences. 1 answer 1 accepted 1 vote Answer accepted Dam Community Leader Jun 22, 2022 Hi Balvant, Apparently the configuration to bypass SAML authentication is different in Confluence, here is the full documentation: https://confluence.atlassian.com/confkb/enable-default-login-page-to-bypass-saml-in-confluence-data-center-957972845.html Select the default server from the list of servers. Thanks. We're making sure -- customers are making sure they're getting ROI. Similar to Q4, customers are requesting shorter contract term lengths, and our overall business was weighted more toward upsells versus new business. But I do know that it's just -- they've tried customer identity stuff in the past. Just a question for you. Our total base of $100,000-plus ACV customers now stands at over 4,080 and grew 23%. }', "https://${yourOktaDomain}/oauth2/v1/token", 'https://${yourOktaDomain}/oauth2/v1/token', 'Content-Type: application/x-www-form-urlencoded', 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer', 'client_assertion=eyJhbGciOiJSU.tHQ6ggOnrG-ZFRSkZc8Pw', "Authorization: Bearer eyJraWQiOiJEa1lUbmhTdkd5OEJkbk9yMVdYTENhbVFRTUZiNTlYbHdBWVR2bVg5ekxNIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULmRNcmJJc1paTWtMR0FyN1gwRVNKdmdsX19JOFF4N0pwQlhrVjV6ZGt5bk0iLCJpc3MiOiJodHRwczovL2xvZ2luLndyaXRlc2hhcnBlci5jb20iLCJhdWQiOiJodHRwczovL2dlbmVyaWNvaWRjLm9rdGFwcmV2aWV3LmNvbSIsInN1YiI6IjBvYXI5NXp0OXpJcFl1ejZBMGg3IiwiaWF0IjoxNTg4MTg1NDU3LCJleHAiOjE1ODgxODkwNTcsImNpZCI6IjBvYXI5NXp0OXpJcFl1ejZBMGg3Iiwic2NwIjpbIm9rdGEudXNlcnMubWFuYWdlIl19.TrrStbXUFtuH5TemMISgozR1xjT3rVaLHF8hqnwbe9gmFffVrLovY-JLl63G8vZVnyudvZ_fWkOBUxip1hcGm80KvrSgpdOp9Nazz-mjkP6T6JwslRFHDe8SC_4h2LG9zi5PV9y3hAayBK51q1HIwgAxl_2F7q4l0jLKDFsWjQS8epNaB05NLI12BDvO-C-7ZGGJ4EQfGS9EjN9lS-vWnt_V3ojTL0BJCKgL5Y0c9D2VkSqVN4j-7BSRZt0Un3MAEgznXmk2ecg3y7s9linGR0mC3QqKeyDfFNdsUJG6ac0h2CFFZQizpQu1DFmI_ADKmzxVQGPICuslgJFFoIF4ZA". If you are working with an Okta SDK that requires this format, click PEM. https://platform.cloud.coveo.com/rest/search, https://support.okta.com/help/s/global-search/%40uri, https://support.okta.com/help/services/apexrest/PublicSearchToken?site=help, JIRA Service Management - OAuth - service_account, https://oauth.workflows.oktapreview.com/oauth/httpfunctions/cb, https://oauth.workflows.okta.com/oauth/httpfunctions/cb. So, it definitely kind of played out like we thought it was. So, that one has been trending positively and is really in a healthy place. If a user is mismatched, make updates to bind the ImmutableID values. We're now in beta testing with Okta Privileged Access. It's interesting that the -- if you look at the -- like the analytics we look at over the whole of the business, that's where you get that average deal size ticking down. In the interest of time, please limit yourself to one question, and then, you're welcome to queue back up with additional questions. International revenue grew 23% and represented 21% of our total revenue. But listen, we're not -- I mean, we want to win, and we're rigorous in our analysis. For example, https://example.com/oauth2/v1/authorize. We now have over 300 customers with $1 million-plus ACV, which continues to be the fastest-growing customer cohort with growth of over 40%. It's a very -- it's a modern IGA. For a production use case, see Build a JWT with a private key for both a Java and a JavaScript example of signing the JWT. Verify ImmutableID value settings. 2 cd spring-microservices-security This project requires two OpenID Connect apps on Okta, one for development and one for production. Okta's cloud-based authentication gives users high-assurance with simple-to-use factors like biometrics and push notifications. Hey, Jonathan. Yeah. And that's why these early trends are super exciting. Okta's IWA service is built off of the same platform, and uses Kerberos and NTLM authentication methods to complete the flow. Davidson -- Analyst. Or is it just too hard to call at this point? Was hoping you could help me out a little bit with somewhat the disconnect, I guess, between cRPO and how it's trending in annual revenue. And that's -- I think that's why it resonates to not just Amazon but a lot of the partners that we have, whether it's -- we talked about the Google announcement, the Zoom announcement. Header Name: a custom name to be passed to the service. I think that there's -- first of all, there's -- we're always improving and trying to get better. Maybe we can get these last two quickly. In partnership with Zoom, last month, we announced Okta authentication for end-to-end encrypted meetings for all paid and joint customers. So, the first question goes to Rob Owens at Piper. Authorize Path: the authorization path for the service. Click Save. Enter a name for your app integration and click Save. Turning to retention. So, we're seeing that component, but then we're also seeing, if you look at contract durations, seeing how they're a little bit shorter than normal. Thanks, guys. So, that's really how we're thinking about it going forward. And then, the real quick follow-up was, do you think you're rightsized with the restructuring you had in the first quarter? Use an Azure AD Connect server or Azure AD cloud provisioning. Confirm "Use Identity Authentication user store" toggle is enabled. Never stop innovating is a core Okta value, and we continue to make important advancements on that front. Brian Wilcox -- Cleveland Research Company -- Analyst. Well, great. There's important Workforce customers that want us to -- are going through strategic transformations and want to make sure that we're going to be there to support them for massive rollouts and huge investment in Okta. After you disable Okta provisioning, the Azure AD cloud sync agent can synchronize objects. When registering a new app, you usually register basic information such as the application name and website URL. It was released, I think, into beta like six weeks ago. As Todd noted, we're achieving these results while investing in our platform and business to fuel our future growth. Dave? The -- I mentioned the average deal size ticking down a little bit, but the unit price stays -- the unit price we get has stayed consistent. And we are raising our free cash flow margin outlook for FY '24 to approximately 12% from approximately 10% previously. It allows you to rely on a lean cloud service that integrates with your existing corporate identity provider to benefit from its . 42% of APAC Consumers Favor Biometric Authentication for Digital That's the big new product suite. Returns as of 06/02/2023. Hi. If you think about sales cycles, pipeline, etc., how does that kind of factor into the guidance you've laid out? Thank you. The private key appears in PEM format. The cloud sync agents are nondestructive. Provide values for these parameters in your request: Note: Okta SDKs support creating and signing the JWT and requesting an access token. Client Secret: a private value provided by the service used to authenticate the identity of the application to the service. And so, presumably, this quarter was a pretty big step down on a quarter-over-quarter basis. In this example, we only request access for one scope. They have a plan for ROI. So, when we look at our own business, one of our huge -- we have AI in our products, and we have for a few years, whether it's ThreatInsight on the workforce side or Security Center on the customer identity side, which look at our billions of authentications and use AI to make sure we defend other customers from like similar types of threats that have been prosecuted against various customers on the platform. Introduction Traditional web applications pre-date modern standards like SAML and OpenID Connect, so they often use legacy authentication methods to grant end users access. Copy the JWT for use in the Get an access token step. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by which scopes the access token contains. If you select the wrong attribute, uninstall and reinstall Azure AD Connect to reselect this option. There's big Customer Identity customers. Thanks for the question. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. And -- but the macro backdrop is just -- there's a lot of uncertainty around it. CAS is a tool to authenticate a user, but this is not the same as authorizing one. I'm on for Andy Nowinski. As we navigate the increasing pressures of the macro environment, we remain confident that we have set the path of profitable growth for years to come. Eugenio will turn his attention to the overall growth and operational excellence of Okta, including further accelerating our go-to-market effectiveness and increasing automation across the company. Here are just a few notable examples of customer wins and upsells in Q1, which come from a wide range of industries. It means that there's going to be tons of new industries created and industries changed. Last month, we unveiled our new partner program called Elevate. In today's meeting, we will quote a number of numeric growth changes as we discuss our financial performance. Technology is going to move forward. More info about Internet Explorer and Microsoft Edge, Comparison between Azure AD Connect and cloud sync, Custom installation of Azure Active Directory Connect, Tutorial: Integrate a single forest with a single Azure AD tenant, Tutorial: Migrate your applications from Okta to Azure AD, Tutorial: Migrate Okta federation to Azure AD-managed authentication, Tutorial: Migrate Okta sign-on policies to Azure AD Conditional Access. But obviously, we're being thoughtful with how we're thinking about the balance of the year given what we've seen in the macro and how it's developed over the last few quarters. So, cross-sell had a nice quarter, like you've heard us say, but it's really that seat expansion is really what we're seeing is -- and when I say seats, to be very clear, it's both seats on the Workforce side and MAUs on the Customer side. Client ID: a publicly exposed string provided by the service that is used to identify the OAuth application and build authorization URLs. Create the service app integration in Okta. If you are using Postman to test, select the, On the right, paste the access token into the. If you look back over the past couple of years, how much has seat count growth or classic upsell contributed to net retention versus how much is cross-sell today? In terms of those two other factors, which basically influence your upsell rate, the upsell rate is basically the difference between net retention rate and gross retention rate, we do believe that there's a continued headwind through the year, and we do believe we tick down from here in terms of net retention rate through the balance of FY '24. To test an individual value, use these commands: Before you move to Azure AD Connect, it's critical to validate that the ImmutableID values in Azure AD match their on-premises values. When you just have customers -- we just have conversations with customers and the kind of the qualitative aspects of how important identity is and being interested in this approach we have, which is, Hey, you can get Customer Identity and Workforce Identity and Privileged and Governance from one customer, very positive conversations. Join a DevLab in your city and become a Customer Identity pro! OK. And just to finish off though, is there anything you want to say about the cRPO growth? We achieved these results despite increased pressure in the macroeconomic environment, which we anticipated when we introduced the FY '24 financial targets last quarter. The authentication takes place with a physical inspection using advanced technical equipment in eBay's dedicated and new state-of-the-art New Jersey facility. It's also cross-sells where you have Workforce and you buy Customer or you buy Customer -- you have Customer and you buy Workforce. So, we have -- thankfully, the team that's in place is doing a great job, whether that's the interim chief revenue officer, Jon Addison, or our marketing and customer success executive, Eric Kelleher, is doing an amazing job or Eugenio is taking on this role, which is really, really important. For the key format, use either the default of JWT or switch to PEM, and then click Generate JWT. The API key is a pair of strings known as the ID and secret. And what I mean by seat expansions, I mean both seat expansion on the workforce side of the house and also on the monthly active users side of the house in terms of customer identity. Shrenik Kothari -- Robert W. Baird and Company -- Analyst. After you prepare your list of source and destination targets, install and configure Azure AD cloud sync agents. But wondering if you could talk about what you're seeing through the first month of May or the first month of 2Q that's really changed. You can create this client_credentials JWT in several ways. With a single view of a user across all systems, the right authentication service provider enables you to quickly and easily comply with right to be forgotten, CCPA, and other requests. There is no limit to the number of JWKs that you can add for an app. It's been a mix between the two. The CAS protocol can be used to authenticate untrusted web applications requiring a service ticket for access. Hey, Todd, I wonder if you could maybe opine on kind of a story that's going on with investors. But interestingly enough, in terms of the -- a lot of the executional -- or a lot of the execution metrics we're looking at, whether it's sales force attrition or the amount of sales reps doing a CIC deal, which is two things we've been watching a lot on the go-to-market side over the last few quarters, are getting better and better. between a user and service user is how they authenticate. I didn't think that -- I thought people, once they had something installed, they wouldn't replace particularly the on-premise product with more of the modern new product that we have. May 31, 2023, 5:00 p.m. Step 1: Log in to the Okta admin portal and create the SAML 2.0 application Log in to the Okta admin portal by going to https://login.okta.com/ and provide your credentials. And I think the other thing I want to make sure everybody remembers is current RPO does have some residual effect from those FY '23 execution challenges. We continue to make meaningful progress on the actions we've taken to drive efficiency in our cost structure. As a reminder, we've taken several actions to reduce our cost structure and increase our efficiency as an organization, which will benefit margins this year and beyond. If you are using a different language, you can institute a search for existing libraries. So, that was what I was saying earlier, which is seat expansion definitely was a headwind to growth and also a headwind to net retention in Q1. For more information on the inner workings of the CAS protocol and how to implement it, check here. To wrap things up, we delivered significantly improved profitability and record cash flow in the face of increasing macro-related pressure. authentication token to be used with the API. Note: Use the Admin Console to generate a JWK public/private key pair for testing purposes only. Adam Borg -- Stifel Financial Corp. -- Analyst. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Given the current macro environment, customers are not expanding seats at the rate they have in recent years, and we believe this trend will persist in this environment.
Crocs Kadee Leopard Flats,
Natura Siberica Eesti,
Articles S