CIAM Immersion

Question 1

Current CIAM Market - Competitor Types

Answer 1

Open Source Software (KeyCloak, Identity Server, WSO2, Gluu)

On-Premise Solutions (PingIdentity, ForgeRock, Fushion Auth)

Platform Solutions (Microsoft AzureAD (B2C), Amazon (AWS Cognito)

Other IDaaS (Cloud based CIAM) PingOne, OneLogin

Question 2

PCI - DSS

Answer 2

Payment Card Industry Data Security Standard is a security standard for the payment card industry.

Question 3

FIDO

Answer 3

Fast Identity Online

Universal 2nd Factor (U2F) authentication standard.

Question 4

Home Realm Discovery

Answer 4

Home Realm Discovery (HRD) is the process that allows Azure AD to determine which identity provider (“IdP”) a user needs to authenticate with at sign-in time. … The home tenant of the user (might be the same tenant as the resource that the user is attempting to access).

Question 5

Key Competitive Takeaways vs MSFT

Answer 5

1) MSFT ultimately has a higher TCO than Okta because of how much extra engineering and support cost is created through a significantly inferior engineering experience and having to cobble together multiple solutions.
2) Minimal extensibility and limited capabilities end with companies providing an inferior user experience, negatively impacting adoption, conversion, time to market, innovation and ultimately revenue.

Question 6

Key Competitive Takeaways vs AWS

Answer 6

1) AWS, just like MSFT, ultimately has a higher TCO than Okta because of how much extra engineering and support cost is created through a significantly inferior engineering experience and having to cobble together multiple solutions
2) Very limited capabilities and the requirement to utilize extensibility for many common scenarios, end with companies providing an inferior user experience, negatively impacting adoption, conversion, time to market, innovation and ultimately revenue

Question 7

The below 6 items are the key elements that determine how an Auth0 deal is priced. We’ll walk through each item in detail on the following pages.

Answer 7

of Monthly Active Users

of Enterprise Connections

of Machine to Machine tokens

Subscription Plan

Support

Deployment Model

Question 8

of Monthly Active Users

Answer 8

MAUs are defined as the number of unique users that authenticate during a calendar month, per account. A user can log in 1 time or 1 million times in a month, and they count as 1 user.

To price an Auth0 deal, you identify the maximum number of MAUs a customer expects within a month and that is what you include as their usage count to quote them on.

For example if a prospect believes that they will have a maximum of 100,000 active users in any given month, then you would quote them for 100,000 MAU.

Question 9

Monthly Active Users vs Annual Monthly Active Users

Answer 9

The difference is for Auth0, you don’t add up the total amount of estimated MAUs for the year, you simply identify the maximum MAUs for any given month and quote on that number.

Question 10

What about customers with extreme usage spikes?

Answer 10

If you have a prospect with extreme usage swings based on some type of cyclical nature, for instance a retail company that averages 100,000 MAUs, but knows that every November/December they will spike to 500,000 MAUs, and using the maximum MAU approach above is stalling your deal, reach out to the Deal Strategy team, as it may be possible to offer an average Monthly Active user approach.

Question 11

of Enterprise Connections

Answer 11

One of the most complex and valuable types of authentication Auth0 simplifies for our customers is Enterprise Federation. As we’ve discussed within our Business SaaS Use Case session and course, when companies have to implement their own Enterprise Federations with customers, this can be incredibly costly (time consuming, extra risk, impact to sales cycle, impact to POC impressions and massive maintenance cost etc.)

Based on the complexity and value of the Enterprise Connections Auth0 provides, we charge a premium for Enterprise Connections.

Typically only Business SaaS scenarios require this (External Collaboration as well, however land guidance is for Okta CIAM Platform for that use case)

Question 12

Counting Enterprise Connections:

Answer 12

Each Enterprise Federation = 1 Enterprise Connection

Each Enterprise Connection typically represents 1 customer for our Business SaaS customer

However if our customer is setting up Enterprise Connections within dev/test accounts, these will be counted as well.

Question 13

Machine to Machine Tokens

Answer 13

In addition to our core use case, which is authentication/authorization of end users into apps/sites/devices etc, Auth0 also supports API Authorization.

When customers wish to use Auth0 for Machine to Machine (M2M) Authorization (when APIs interact without being driven by an end user’s actions) we provide pricing based on the number of access tokens issues by Auth0 to call and Authorize those APIs.

The number of tokens included in a Plan will also be a factor in overall cost.

Question 14

Auth0 Subscription Plan Type

Answer 14

Auth0 offers 4 Subscription Plans, which we break into 3 categories.

We’ll look at these categories briefly below, and then on the next page, we’ll discuss how to position the Enterprise Plan if a customer is considering a self-service plan.

Plan Types

Starter (Free)

Self-Service (Plan 1 and Plan 2)

Enterprise

Question 15

Enterprise Plan

Answer 15

Auth0’s Enterprise Plan is designed for the vast majority of customers who require authentication on applications, websites, devices etc. that are commercially viable, meaning they drive or are related to driving significant revenue and require commensurate security.

This is the only type of plan that Auth0’s pre-sales team focuses on and the only plan where customers can have a customized contract with Auth0.

Enterprise Plans are the life-blood of the Auth0 business and the vast majority of our sales & marketing efforts are focused on signing new Enterprise Plan customers.

Note that Auth0 Trial customers get access to the Enterprise Plan during their trial, which lasts for 22 days, unless an extension is granted.

Question 16

Deployment packages

Answer 16

Public Cloud

Private Cloud

• Basic
• Performance
• Performance Plus

Question 17

Public Cloud

Answer 17

Standard authentication, personalization, user management and security features.

Multi-tenancy

100 RPS

Question 18

Private Cloud Basic

Answer 18

• Single-tenancy
• Data Residency
• PCI add-on
• 100 RPS
• Health check/arch workshop

Question 19

Private Cloud Performance

Answer 19

• Basic +
• 500 RPS
• Upgrade Flexibility
• Non-prod env add-on
• Geo-HA add-on
• Go Live/Load Test Support x1

Question 20

Private Cloud - Performance Plus

Answer 20

Performance +

• 1,500 RPS
• Go Live Load Test Support x2

Question 21

What is Auth0 SLA?

Answer 21

99.99% for Enterprise plan

Question 22

How are MAUs sold?

Answer 22

MAUs are sold in blocks and always round up.

For example, we have a block price for 10K MAU and 20K MAU. If you quote for 15K MAU the price will be rounded up to the 20K MAU block price

Question 23

What is the default contract term for Auth0?

Answer 23

Default contract term is 1 year.

Multi-Year agreements are available as well. You can offer up to 3-year deals without approval.

Question 24

What are the default payment terms?

Answer 24

Offering anything longer than 30 days will require approval and an attempt should be made to negotiate down to Net 30 + billed annually

Question 25

Reasons to choose Public

Answer 25

Low-Demand Environments - Lowest customer involvement for managing a shared deployment Latest and greatest features - Shared deployment generally receives newest features Most cost-effective

Question 26

Reasons to choose Private

Answer 26

High-Demand Apps - Requires high requests per second (RPS). Any requirement over 100 RPS should choose Private. Data Isolation and/or Data Residency - Keep customer data separate from other Auth0 customers, and/or store data in specific location. PCI Certified - Only available through a Private Cloud deployment Minimum Exposure to Cloud Services - Eases hesitation to migrate from a customer data center

Question 27

What is the first pricing related decision a prospect makes?

Answer 27

Deployment e.g. public vs private

Question 28

Minimum Public Cloud Enterprise Subscription Cost

Answer 28

Our minimum Enterprise Subscription cost is $26,000/yr. Which equates to 10,000 External MAUs or ~5,000 Unlimited Connection MAUs, or a mix of core products and add-ons. Note that you can offer less users than above to provide cushion for negotiation on a minimum Enterprise deal.

Question 29

What are the two levels of Enterprise Packages?

Answer 29

Enterprise Basic - 5 Enterprise Connections included (Enterprise IdPs) Enterprise Premium - Unlimited Enterprise Connections For Consumer App scenarios - they'll likely be fine with the Enterprise Base package For Business SaaS App Scenarios - they'll likely require more than 5 enterprise IdPs

Question 30

Daemon

Answer 30

A daemon is a type of program on Unix-like operating systems that runs unobtrusively in the background, rather than under the direct control of a user, waiting to be activated by the occurance of a specific event or condition. ... Daemons are usually instantiated as processes.

Question 31

Security Add-Ons Overview

Answer 31

Attack Protection - Includes breached password detection and bot detection (captcha) Enterprise MFA - Includes all MFA factors such as SMS, Email, Webauthn, Guardian, etc. (Similar to Okta MFA) Adaptive MFA - Includes all MFA factors in addition to providing risk scores to trigger MFA (Similar to Okta Adaptive MFA)

Question 32

What's in the MFA Bundle?

Answer 32

Attack Protection + Enterprise MFA | (Lead with Bundles)

Question 33

What's in the Adaptive MFA Bundle?

Answer 33

Attack Protection + Adaptive MFA | (Lead with Bundles)

Question 34

Base Enterprise Security - Included in all enterprise plans

Answer 34

Pro MFA - Covers OTP MFA Suspicious IP Throttling & Brute Force Protection

Question 35

Premier Support Benefits

Answer 35

Phone Support 24 x 7 Coverage for all Severity Levels Includes faster SLA around ticket response and updates Ticket Reviews and Analysis Dedicates Teams (typically same resources for all tickets)

Question 36

What are the two Service Offerings Packages?

Answer 36

1. Design and Implement 2. Maintain and Imrpove

Question 37

What is Private Cloud?

Answer 37

Private Cloud deployments are single-subscriber, isolated instances where none of a customer's resources (software and infrastructure) are shared with any other tenants. This offers increased performance, stability, and availability. Private Cloud is a managed service that is typically used if a company's compliance or policy requirements prevent them from using a multi-tenant cloud service. Top 3 Industries that purchase Private Cloud Banking & Financial Services Insurance Computer Software

Question 38

Private Cloud Deployment Options

Answer 38

AWS Azure

Question 39

All Private Cloud Offerings include:

Answer 39

5 Enterprise Connections 1000 M2M Tokens (Okta Callout: RPS in Private Cloud is cumulative across all endpoints and measured in seconds)

Question 40

Private Cloud Packages - Key Differences

Answer 40

There are 4 key differences between the packages that will determine which package is right for your customer. Performance - RPS (How demanding is the authentication load). Note that demand here is less about total number of users and more about, how much authentication activity is happening at any given point in time. Have your SE work with your customer to identify which package will provide the right performance. Upgrade Flexibility - The ability for customers to decide when upgrades will be applied (though there are minimum requirements around frequency of upgrades). Provided within Performance and Performance Plus. Dev/Test Environment - In addition to a production environment, the customer receives an isolated Dev/Test Environment for development and testing ensuring that nothing they do within this environment impacts their production environment. Provided within Performance and Performance Plus (Additional Dev/Test Environments available as Add-Ons for Performance and Performance plus as well) Ability to add Geo-High Availability - The ability to have 2 Production environments, where you actively use 1 environment, but have a complete mirror environment ready in case of the need to failover. Possible Add-On for Performance and Performance Plus

Question 41

What add-on is available for Basic Private Cloud?

Answer 41

PCI Compliance

Question 42

Describe PCI Compliance

Answer 42

PCI Compliance Many FinServ companies will require PCI compliance. In cases where this is a requirement, this add-on guarantees compliance with the Payment Card Industry's (PCI) security standards around any service that processes cardholder data. Auth0 undergoes a PCI audit by an independent auditor annually, thus enabling us to offer PCI Compliance to our Private Cloud customers.

Question 43

Private Cloud Add-Ons available for Performance & Performance Plus

Answer 43

In addition to PCI Compliance (available for all Private Cloud Deployments, Performance & Performance Plus customers can Add-On Geo-HA - A high-availability GEO cluster, with failure handling for rapid recovery during a regional outage Additional Dev/Test Environments - A fully-isolated and independently-updated instance for development and testing with no SLAs or guaranteed performance

Question 44

Private Cloud Pricing - Key Concepts

Answer 44

Private Cloud is priced on top of the core public cloud product Pricing is based on flat fee per deployment type, which is added to the core product cost Deployments outside US/CA/EU are more expensive Private Cloud Fees are non-negotiable as they are associated with direct infrastructure deployments - Strict no discount policy on deployment fees

Question 45

Putting together Enterprise Pricing with Private Cloud package

Answer 45

So the basic concept here is that a Private Cloud deal is priced just like everything covered for the Public Cloud, however there is the additional flat fee that is provided above. So you would put together all the requirements the customer has around functionality, using the Public Cloud cost. Then if they need Private Cloud, you would add the flat fee above to it and any additional Private Cloud Add-On Costs. All of this will happen within the Calculator for you, but you should be able to explain the concept to the customer.

Question 46

What's the difference between Auth0 Monthly Active Users and Otka aMAUs?

Answer 46

Auth0 MAUs are based on the highest number of users anticipated in any month.

Question 47

What Enterprise Plan would a Business SaaS App Customer mostly likely require?

Answer 47

Enterprise - Premium

Question 48

Which of the following are key triggers that can be utilized to position Enterprise Plans vs Self-Service plans for smaller use cases? (Select all that apply)

Answer 48

Customization/Complexity - Likely need to utilize significant amount of Rules/Hooks/Actions Usage Growth - Likely need to grow beyond usage thresholds Identity Expertise - Having direct access to the Identity expertise and thought leadership of Auth0/Okta Enterprise Support and Uptime SLA - Support options and SLAs typically desired for commercially viable applications Key Capabilities like Delegated Admin, Long-Lived Sessions, SSO to the Auth0 Dashboard Removal of usage caps on logins - Self-Service plans start blocking users once user maximums are hit

Question 49

What are the most typical reasons why a customer would prefer a Private Deployment of the Auth0 platf?

Answer 49

It's the only way to get PCI Compliance with the Auth0 platform It enables Data Isolation and/or Data Residency It minimizes exposure to cloud services It's the most performant option for high RPS scenarios

Question 50

When do you lead with Okta?

Answer 50

Workforce External Collaboration Apps

Question 51

When do you lead with Auth0?

Answer 51

Business SaaS Apps Consumer Apps