Okta Expert Assist

Statement of Work

Confidentiality Notice

This Statement of Work constitutes Okta Confidential Information and is intended for the internal use of Okta Customers only to evaluate the Statement of Work and may not be duplicated, used or distributed externally or reproduced for external distribution in any form without express written permission of Okta, Inc.

1. Project Summary

This Statement of Work (“SOW”) is issued under, and subject to, the terms and conditions of the Agreement (as that term is defined in the Order Form).

Expert Assist sessions are consulting services based on Okta’s best practices that focus on improving the customer’s security posture and hardening the customer’s Okta environment. Okta offers Expert Assist sessions for Workforce Identity Cloud (“WIC”), Customer Identity Cloud (“CIC”),and Customer Identity Solution (“CIS”) customers. In collaboration with Okta Professional Services, the Customer and Okta will work together to prioritize topics within scheduled working sessions.

Customer acknowledges and agrees that:

The Services are provided on an advisory basis, for information purposes only and are not intended to convey legal, regulatory or similar professional advice;
Okta will not discover or identify all errors, flaws, vulnerabilities or weaknesses in Customer’s [Okta environment] through the Services described herein;
Customer, and not Okta is solely responsible for the security of its software, systems and products, and Okta’s provision of the Services does not in any way relieve Customer of any responsibility for the design, manufacturing, testing, marketing, sale and security of Customers software, systems, and products; and
Okta cannot and does not provide any guarantee or warranty that its Services will ensure Customer’s software, systems or products will not be vulnerable, susceptible to exploitation, free from hacking and/or eventually breached, even if Okta’s recommendations are followed.

2. Project Scope

The following activities shall be within the scope of this SOW:

Okta will conduct up to three (3) two-hour discovery session(s) over the period of two (2) weeks. During these session(s) an Okta Architect and customer will walk through up to three (3) Okta environments to collect information on security posture for analysis.

The findings gathered during discovery will be reviewed and analyzed by the Okta Architect over an additional one (1) week timeframe.

At the conclusion of the analysis, the Okta Architect will provide a Readout Report with an executive level summary and review a list of actionable recommendations in one (1) final two-hour readout meeting. These recommendations include best practices that focus on improving the customer’s security posture and hardening the customer’s Okta environment.

Customer Obligations

The project sponsor will participate during the project kick-off and final readout sessions, and it is critical the following customer roles participate in all sessions and readout meetings:

Identity Infrastructure Architect / SMEs
Okta Architect / SMEs
Application Architect / SME
Security Architect / SME
Project Management

Assumptions

Security posture review will cover core usage patterns and will not include review of individual extensions, integrations, and applications.
This engagement covers discovery and analysis only. Customer may contract with Okta for additional consultation or implementation on the recommendations generated.
All Okta assessments, reviews, and checklists will be provided on Okta templates and forms.

3. Out of Scope

Not all Okta functionality, or features, are appropriate for this type of Professional Services or potentially require additional Okta technical resources. The following features, functionality and activities are out of scope for this Statement of Work:

Implementation activities
Okta configuration updates
Code, extension, application, and / or integration reviews
Support sessions
Troubleshooting sessions
Technical design documentation
Remediation of an existing security incident / breach
Specific industry / regulatory compliance or audit checks
General Identity Access Management health check best practices (not related to security posture)
Review of Okta Identity Governance, Okta Access Gateway, or Advanced Server Access usage.

4. Fees & Expenses

Customer shall pay Okta the Fees and expenses set forth on the applicable Order Form in accordance with the terms of the Agreement. Actual reasonable and out-of-pocket expenses and taxes are not included herein and will be invoiced separately per the terms of the Agreement.

The Professional Services described in this SOW will be provided on a fixed fee basis. The term of this SOW (“SOW Term”) shall commence on the date the Order Form is fully executed (“Order Form Effective Date”) and shall expire on the earlier of: (a) six (6) months after the Order Form Effective Date, or (b) upon completion of the Project Scope set forth in Section 2. The Professional Services included in this SOW will be available to Customer during a six (6) week period within the SOW Term commencing on the initial Project Kick Off Meeting (as defined above) which may be scheduled after execution of the applicable Order Form. All Professional Services available under this SOW may only be redeemed during the SOW Term. Project delays resulting from Customer’s failure to Cooperate (as defined below) will not extend the SOW Term Okta is not responsible for and shall be relieved of responsibility for performing any Professional Services which have not been completed during the term due to Customer’s failure to Cooperate or failure to schedule such Professional Services in a timely manner. No refunds or credits will be provided for any Professional Services Fees. Fees will be invoiced upon the execution of the Order Form and will be due in accordance with the terms of the Agreement.

5. Scheduling

Each project begins with a Project Kick Off Meeting to review requirements and to ensure that all stakeholders understand project objectives; identify resources, roles, and responsibilities; identify and mitigate risk; develop a project schedule, and maintain velocity during project execution. As such, Okta and Customer project managers will be responsible for planning, management and execution of a project schedule for Okta resources.

Okta will provide Professional Services during regular business hours (8:00 a.m. to 5:00 p.m.), Monday through Friday, except holidays (''Business Hours'') of the Okta office which is providing the Services. Okta will work remotely based on a mutually agreed plan throughout the execution of this engagement. Customer must cancel any Professional Services scheduled to be provided at least two (2) business days in advance or it will lose the scheduled working session(s) and that particular session will be marked as complete.