Okta Tech Advisory Build Services

Statement of Work

Confidentiality Notice

This Statement of Work constitutes Okta Confidential Information and is intended for the internal use of Okta Customers only to evaluate the Statement of Work and may not be duplicated, used or distributed externally or reproduced for external distribution in any form without express written permission of Okta, Inc.

1. Project Summary

This Statement of Work (“SOW”) is issued under and subject to the terms and conditions of the Master Subscription Agreement entered into between the parties (“Agreement”).

Okta Technical Advisory Build Services “Professional Services'' are based on Okta’s practices for integrating the Okta Service with Customer’s applications in a series of virtual workshop sessions (“Working Sessions”) with the Customer (collectively the “Professional Services”). Okta offers Technical Advisory Sessions for Workforce Identity Cloud (“WIC''), Customer Identity Cloud (“CIC”),and Customer Identity Solution (“CIS”) customers.

A Working Session is intended to cover a single topic. The parties must agree to the
topic at least one (1) week in advance of the scheduled Working Session, so the Okta technical advisor can prepare for the Working Session. At Okta’s discretion, multiple topics may be covered in a single session. The Customer and Okta will work together to prioritize topics within scheduled Working Sessions.

2. Project Scope

The following activities shall be within the scope of this SOW:

Working Sessions will be facilitated by an Okta Tech Advisor Consultant to assist Customer with building designated Identity Access Management (“IAM”) topics. Build sessions focus on implementation advice.

Example topics for a Build Session include:

Tenant Configuration assistance
Multi Factor Authentication setup
Application integration for SSO / provisioning
Data source / directory integration
User import
Workflow advice, including published workflow templates, to address a use-case
User registration / reset flow advice and page configuration

Customer Obligations

To ensure that the Customer receives the most value from each working session, Okta requests the following:

Ensure that working sessions are scheduled and attended by the appropriate resources (Subject Matter Experts “SMEs”: employees, contractors, or third-party) relevant to the working session.
Ensure that the working sessions begin on time and that the resources are available for the duration of the working session.
Complete the configuration / code based on advice given during the Build Session. This includes review, test, stage, and deployment, as appropriate.
Ensure all configuration / code is maintained and stored in any appropriate source control system.

Assumptions

All working sessions will be scheduled in two (2) hour blocks.
There could be a maximum of two (2) ad hoc email requests / discussions outside a working session. If Okta determines these requests/emails require more than 30-minutes, it will be considered as a working session.
The quantity of working sessions purchased are specified on the Order Form.

3. Out of Scope

Not all requests are appropriate for session-based Professional Services.

Requests that could not reasonably be expected to be completed within a single Build Session are out of scope for this SOW. Examples include:

Coding (other than workflow templates / code examples)
Developer Operations (DevOps) automation
Complex Human Resources-as-a-source (HRaaS) integration / configuration
Production deployment activities
Tenant diagnostics / Health checks
Performance tuning of integrations
Complex IDP co-existence models / Hub-and-spoke models

The following products / features require significant coordination of resources and technology. They also cannot reasonably be completed within a single Build Session. Requests for these topics are out of scope for this SOW:

OKTA Access Gateway (OAG)
OKTA Advance Service Access (ASA)
OKTA Identity Governance (OIG)
OKTA API Access Management
Mobile Device Management (MDM) Integration / Device Trust
Multiple / complex on-premise integrations (MS Sharepoint / Exchange, for example)
Fine Grained Authorization (FGA)
Impersonation
CIC Private Cloud offerings
CIC Mobile / Web SSO

Additionally, the following features, functionality and activities are out of scope for this SOW:

Features / integrations not listed in the Okta Integration Network (OIN), Auth0 Marketplace, or Okta Workflows Template directory.
Any functionality that is part of roadmap, beta, or early access programs.
Customer staging, end user communication, and change management.
SSO integrations which are not based on IAM industry standards such as SAML, OIDC, WS-Fed, OAuth, etc.
Devices, authenticators, technology, or integrations not supported by Okta.
Advice relating to FedRamp or HIPAA impacted tenants.

4. Fees & Expenses

Customer shall pay Okta the Fees and expenses set forth on the applicable Order Form in accordance with the terms of the Agreement. Actual reasonable and out-of-pocket expenses and taxes are not included herein and will be invoiced separately per the terms of the Agreement.

The Professional Services described in this SOW will be provided on a fixed fee basis. The term of this SOW (“SOW Term”) shall commence on the date the Order Form is fully executed (“Order Form Effective Date”) and shall expire on the earlier of: (a) six (6) months after the Order Form Effective Date, or (b) upon completion of the Project Scope set forth in Section 2. All Professional Services available under this SOW may only be redeemed during the SOW Term. Project delays resulting from Customer’s failure to Cooperate (as defined below) will not extend the SOW Term Okta is not responsible for and shall be relieved of responsibility for performing any Professional Services which have not been completed during the term due to Customer’s failure to Cooperate or failure to schedule such Professional Services in a timely manner. No refunds or credits will be provided for any Professional Services Fees. Fees will be invoiced upon the execution of the Order Form and will be due in accordance with the terms of the Agreement.

5. Scheduling

Each project begins with a Project Kick Off Meeting to review requirements and to ensure that all stakeholders understand project objectives; identify resources, roles, and responsibilities; identify and mitigate risk; develop a project schedule, and maintain velocity during project execution. As such, Okta and Customer project managers will be responsible for planning, management and execution of a project schedule for Okta resources.

Okta will provide Professional Services during regular business hours (8:00 a.m. to 5:00 p.m.), Monday through Friday, except holidays (''Business Hours'') of the Okta office which is providing the Services. Okta will work remotely based on a mutually agreed plan throughout the execution of this engagement. For technical consultants, remote work shall be scheduled at a minimum of two (2) hours per working session. Customer must cancel any Professional Services scheduled to be provided at least two (2) business days in advance or it will lose the scheduled working session(s) and that particular session will be marked as complete.

6. Customer Obligations

General Customer Obligations

The Customer will:

Remain engaged throughout the duration of the Professional Services by actively participating, providing requested integration information, and otherwise completing its obligations as set forth in this SOW in a timely manner (“Cooperate”).
Complete the functional and technical analysis and discovery.
Establish a communication and escalation plan including assigning appropriate resources who are knowledgeable about the technical and business aspects involved in the project including a dedicated project manager.
Provide access to any third-party services or software, as required.
Procure services or software and license rights necessary for the Okta Service to integrate to such services or software.
Pay any service provider costs required to enable SSO on applications that are in scope of this engagement.
Provide and test all of the necessary remote access by Okta to Customer systems prior to the commencement of the Professional Service.
Be responsible for all hardware/virtual machines operating system(s), browser(s), commercial application(s), code for custom developed applications, application/web server(s), directory(s), database, network, proxy, and firewall maintenance and security as well as an active backup and recovery strategy as applicable for the aforementioned.
Provide complete and accurate data for integration with the Okta Service.
Prepare and manage all corporate communications and training activities to promote greater adoption and higher satisfaction from Users. Sample communication templates may be provided for Customer use.

7. Assumptions

General Project Assumptions

Any service or activity not specifically included in this SOW is not included in the scope of this engagement.
Support for out of scope requirements will require the execution of a new SOW with an associated cost. Upon execution of a new SOW, Okta cannot guarantee that the Smart Start project resources will be re-assigned to the new Professional Services engagement.
Okta and Customer will work together in good faith to resolve any issues quickly.
Scheduling for the Professional Services to be performed are based upon a first come first serve basis and will be mutually agreed upon by the parties prior to the commencement of the Professional Services hereunder.
Okta will follow independent software vendor guidelines for supported and deprecated versions of a product.
The Professional Services will be conducted remotely.
Okta will have no responsibility for providing any Services on non-Okta Products.
Okta will have no responsibility for other contractors or third parties engaged by Customer or another third-party during delivery of the Services unless expressly agreed to in writing.
Okta will not be responsible for any delays caused by Customer or any third-party.
Services are non-transferrable.