CarMax, Inc. (KMX) Earnings Call Transcript & Summary

Welcome to Okta Showcase 2020. I'm Todd McKinnon, Chief Executive Officer at Okta, and I'll be your host today. What you just saw was a short recap of what our social impact arm, Okta For Good, has been doing for some of the nonprofits around the world we partner with, providing all of them the technology they need to be effective even in the face of some increasingly difficult challenges. Just like every organization in the world, nonprofits have to jump the digital divide to provide resources and services to those in need. And now is more important than ever for so many of them. As part of Okta For Good's work, Aaron brought up Tech Pathways Week, an internal event designed to connect young people from every walk of life with technology careers. This year, we're opening it up to all of you. We've created the pathways to opportunities fund, benefiting organizations around the world who support economic opportunity and fight for a more equitable future. We're matching donations and you can donate through the link on your screen. Today's show will be all about how technology is driving the economy in 2020. Here in the U.S., we're still very much experiencing the effects of the pandemic. While other nations have been able to return to something close to normal. But even with those returns to normal, things have changed. Remote work technology has taken impossible things and made them a daily occurrence. Employees can collaborate and communicate from every corner of the world. We've all adjusted to work from home and proven it can be surprisingly productive. Even though we had to get used to seeing ourselves on Zoom, upgrade our lighting and learn to look at the camera and not the monitor. We've also seen how our new normal has changed the way we interact with the products, services and brands we love. What was once known as the digital economy is now just the economy, customers around the globe have moved their spending voices and actions online as they deal with all the uncertainty COVID brings. While global retail has predicted to tumble over 10% in 2020, e-commerce worldwide is still expected to grow at 17%, equaling nearly $4 trillion. Online grocery shopping has already grown 30% in 2020. We are witnessing a digital revolution and it's happening across every facet of our lives. Jobs don't rely on the office. Our location doesn't determine the stores we visit. The global economy depends on who someone is, not where someone is. Identity has always been core to how we think of ourselves, but it's become an access that all other choices rotate around, who we work for, where we live, how we buy, all of this is rooted in the technology we choose to use. At Okta, we're building the platform that powers identity for the Internet. That goes for workforces everywhere, protecting access to the apps and tools you rely on to get your job done. It extends to customer identity where Okta has become the backbone of secure, seamless customer experiences. But before we dive into today's news, let's take a quick look at how Okta has continued to stay agile over the past 6 months, while putting the safety of our team and community at the forefront of everything we do. Some quick highlights. We raised the industry bar by offering 99.99% uptime for every customer. We teamed up with Proofpoint, CrowdStrike and Netskope to drive a comprehensive Zero Trust security approach. We hired a new Chief Security Officer, David Bradbury. Say hi, David. We hired a new Chief Information Officer. Say hi, Alvina. We launched Okta Japan, announcing our first Japan Country Manager. Say hi, Takashi. We're thrilled to welcome our new President of Worldwide Field Operations, Susan St. Ledger. Say hi, Susan. And from March to August of this year, we saw over 19 billion unique log-ins through the Okta Identity Cloud and saw MFA use jump to 300% of 2019 levels. In one of my favorite moments, I asked Twitter for your favorite books and documentaries, I received over 200 incredible recommendations and look forward to 5-plus years of reading and watching movies or this spring, if I'm stuck in shelter in place much longer. Okta isn't the only company rapidly adjusting to meet the needs and demands of the new world. How do our innovative customers think about the present and future? I'd like to introduce our Okta Showcase Field Correspondent, Executive Vice Chairman, Chief Operating Officer and Co-Founder of Okta, Frederic Kerrest. How's it going, Freddie?

Thanks, Todd. I'm doing well, and I'm thrilled to be part of today's show. Throughout the program, I'm going to sit down with some of the leaders of global businesses that are navigating today's technology challenges. And learn about how they're doing it, both today in the present and also going forward. I'm joined first by Warren McNeel, Senior Vice President of Technology at T-Mobile, to hear more on what their transition out of the office looked. Like the merger, obviously, with Sprint, and more importantly, what comes next for their business. Warren, thanks a lot for joining us today. We're thrilled to have you. I know that you've been with T-Mobile now for nearly 20 years. So you've obviously seen a lot of change go on in the organization. Probably in the last 6 months alone, T-Mobile stores, call centers, a lot's changed. The merger with Sprint. Dealing with COVID-19 requirements. I mean, I don't know if we could throw more at you in a compressed amount of time. So let's just start with the shift to remote work. How did the transition go for T-Mobile? What's it like onboarding a new massive company, Sprint, during this time? Just share some of that with us.

It's an interesting story because, yes, we are a company going through a massive merger, and we're just a couple of weeks out from getting to that close. And got a phone call. And the question that was being posed to me was, say, look, we have thousands of people across the country working in call centers is there any way that we can get them to be able to work remote. And within 2 weeks, we had thousands of people pulling up in front of call centers, in their cars, they'd open the trunk, we'd put a box in it with their equipment, they take it home. And then we'd start routing the calls to them.

T-Mobile, obviously, has been overhauling its entire technology stack for the past 5 years now. I know because we've had the fortunate opportunity to work with you for some of those years, how did this set you up to succeed in this new normal?

It was a complete change of our processes, how our people thought getting comfortable using other technology that other companies like Okta provide so that we could do authentication to allow us to integrate much more quickly. That change fundamentally restructured what we were doing in our technology group, and it's been very successful. A couple of years ago, I sat down with the business unit, and I said, look, we need to advance what we're doing with things like call routing. Why? Because we need to be able to innovate. What I didn't know is that 2 years later, it would be in the middle of a pandemic that, that innovation would show itself.

Well, now that we're more than 6 months into this pandemic and the changes that it's brought on, how is T-Mobile thinking about the future? What's next for T-Mobile in terms of the technology stack? And the plans for continued remote work?

Part of the reason we were able to move so quickly and take people off-line is because of our ability to just do things like authentication. Something that took months to integrate systems before we can do in just a couple of days or even within hours. That matters when you're bringing together 2 large organizations. So we're going to take advantage of that. And then I think longer term, along with the network, there's just tremendous amount of opportunity in AI, machine learning, I think that is going to show itself across just a broad spectrum of products.

Warren, thanks a lot, again, for joining us for taking time out of your busy schedule. We greatly appreciate it. Also on behalf of the entire Okta team, thank you very much for the support and the partnership over the years. It's been really a pleasure to work with the entire T-Mobile organization. And as always, it's great to chat with you.

In the first phase of the pandemic, we figured out how to work remotely. The next phase is about how to keep our employees safe when they return into the office. The return to the office is just as dependent on identity as working remotely. It's exciting to bring on Bret Taylor, President and Chief Operating Officer at Salesforce to discuss how we're making work as safe and productive as possible. So to get started, what have you guys learned from this crazy time we've been through?

Yes. It's been really crazy. It's interesting because I was just having a conversation with a colleague at Salesforce. And we were talking about the fact is, a year ago, someone said, you have a year to prepare, but next year, your entire company has to work in a distributed way for the whole year. It would have felt like the biggest project of the year, and we have been preparing for it. And instead, we're giving like a week's notice.

With technology taking over the world generally and impacting so many industries and so much of society. We talk about every company having to become a technology company to survive and to thrive. And then really like digital transformation to get there. What have you seen across your customer base as it's gone from being this kind of idea to be in this really digital imperative that customers have to do?

One of my favorite quotes was the Chief Digital Officer of L'Oreal. He said, in e-commerce, we achieved in 8 weeks what otherwise would have taken us 3 years to do. And it's exactly what I'm hearing across their customer base, right? So marketing just like this. It's not in a convention center. It's a virtual event. I think across every industry, we've digitally transformed. And I think the -- kind of the most interesting part about that from my perspective is, I think a lot of these habits will remain. And I was the type of guy who used to love to go to the grocery store and pick up the vegetable and feel it and buy it, and now I'm shopping online. I've never done that before. And I know that as much as I'm looking forward to going back and visiting my local shop, I'm going to retain some of those habits, right? This transformation isn't going to necessarily go backwards.

Yes. The -- so if you think about remote work and the changes there and then digital transformation in every company having to connect with customers digitally. Salesforce has introduced work.com. And I think part of that is to help us get back to this new normal. Why don't you talk about that and how it fits into this balance in new normal with the inevitable changes we've gone through?

Yes. Well, before this pandemic, I never heard of contact tracing before. Now we're...

We're social distancing or anything.

Yes, social distancing. I mean these are something that Larry Brilliant probably knew all about it, and I didn't know anything about. But now we're doing it in about 35 states. And actually, it all comes from our customers. So early on in this pandemic, Marc Benioff got a call from Governor Gina Raimondo of Rhode Island and then she asked for help with their contact tracing. And I think she sort of saw, I think, a similarity between tracking people who may have come into contact with people who had COVID and saw some similarities to customer relationship management and our platform. And hey, this is a problem that every single community is going to have and every single company is going to have because this pandemic isn't going to get solved overnight. It's not like we all get vaccinated and everything is okay. It's all about reopening gradually and safely. And it's everything from contact tracing to a command center that you can use to track the health of your employees and contractors, it's employee wellness checks. You can make sure if someone has symptoms, they don't show up in the office. It's crazy stuff like the -- I call it, the Disney fast pass of the elevators, right? You need to make sure that you're scheduling time, so you'd end up on a crowded elevator. These are things I don't think any of us thought we'd ever encounter in our lifetime, but I think now they're a requirement to reopen.

Yes. It's impressive work and it's very exciting. And today, we're -- we couldn't be more excited to announce a partnership with Salesforce and work.com specifically around combining what Okta does with identity and security and integrating to other systems in the environment with work.com to help us both jointly get deployed to as many customers as possible and impacting as many users as possible and hopefully, helping get as many people back to work safely and productively as possible, as fast as possible.

Well, I totally agree with you, Todd, and I'm so grateful for the partnership. I think of Okta, right? It's the connective tissue for our company, right? It connects all of our applications. And what does it mean to open safely? It's not one application, right? It's your HR system like Workday, it's your facilities management system and to be able to integrate with Okta and really have this platform connect to every system that you need to reopen safely is absolutely vital. And it's what our customers are asking for, which is, we need all of these applications to work together to produce the outcome we need to reopen safely. So really grateful for the partnership.

Yes. The feeling is mutual. Salesforce is an amazing company. You guys are the leaders in the cloud and more broadly than that, just this evolution of technology into the future, not to mention the responsiveness to this pandemic that you guys have demonstrated, and we're really excited to be working with you and look forward to working closely for many, many years ahead.

Thanks, Todd.

Thanks, Brett. Thanks for joining us. Remote work has been an important part of these last 6 months. But our main story for Okta Showcase is all about our future, one where every business must evolve its digital experiences. It's businesses that have been already thinking heavily about digital transformation and the move from offline to online that have been best prepared for this moment. Let's bring on one of the true pioneers of digital commerce, CarMax's Chief Information and Technology Officer, Shamim Mohammad, to hear what they're seeing and how they've been successful. CarMax is the largest previously owned car retailer and has always been digital, which must be something you are all very thankful for today. How is CarMax thinking about the digital experience in this environment? And what changes have you seen to customer shopping patterns since the start of the pandemic?

So at CarMax, we are committed to driving safety and security of our associates and our customers. And the omni gives our customers the flexibility, it puts them in the driver's seat. They can do as little or as much on their own, from their home or from any place they prefer. The other things we have done is, we implemented a Curbside Pickup option for our customers. So car buying is a very expensive and very complicated process. So we've simplified the process for them. So customers are doing a lot of the work online on their own, then there's scheduling an appointment and picking up the car without talking to anybody from the store.

As a technology leader, what role does identity play in all of this innovation?

We wanted a solution that would give our customers the option to control how they manage the information and do it in a frictionless way. The other requirement I looked at was the technology had to be -- very seamlessly be embed with our digital ecosystem that we're building. And the third thing I would say is, scalability was a big thing. So I was looking for a solution, identity solution that will allow us to be flexible and adopt quickly as new things emerge.

Well, it's always good to connect with you, Shamim, keep up the good work, and we love having you as a customer. Thanks for everything.

You're welcome, and thank you for the partnership, Todd.

It's impressive. How significant going digital has been for a company like CarMax, disrupting an $800 billion industry twice is not easy. That reality is even more significant in today's climate, where an estimated 25,000 brick-and-mortar stores are predicted to close in the U.S. alone in 2020. Every business is suddenly finding themselves competing with this man, and they're competing on his turf. Our global economy has been nudging its way toward digital commerce for some time, but it's now the focal point of every business. It's in this digital environment where who we are matters so much more than where we are. To hear more about the role identity plays in this change and how we meet these new challenges. Let's hear from Diya Jolly, Okta's Chief Product Officer. So Diya, organizations that are trying to do digital transformation. They need great product leadership, and you bring an amazing perspective on that. As you talk to other product leaders in the industry, what are you talking about as companies take this digital leap?

There are a lot of people that are trying to do digital transformation. And really, when they think about it, they think about it like they're building an app or a website, right? For their customers to come buy something for them to get a service or have a deeper engagement. But really, when you think about digital transformation, it's way more than that. It's about rethinking your entire customer experience end-to-end, whether that's a presale customer experience or a post sale customer experience. Or even how do you actually engage with the customer once they bought something so that you can retain a relationship with them and they will come back.

So it's got to be comprehensive. It's got to be complete, it's got to be easy to use. How do all these requirements filter into Okta's road map and impact our approach to identity?

Identity has become so crucial for every single kind of technological experience in the world, whether that's cloud, whether that's mobile, whether that's AI, personalization, digital transformation, you name it. There are many, many different use cases across many different businesses that identity powers today. So really, if you try to build individual products, what ends up happening is you can only build a couple and you don't give your customers the flexibility and the freedom and the modularity to be able to build what they need, which is why we believe building a platform that actually provides you the flexibility, the customizability, the ability to extend to other systems the way you want. Is crucial for identity, so that you can deliver a seamless, frictionless experience that you need to as a customer of ours.

It's key attributes for today's world, and I appreciate you joining us today and sharing them with us. Thanks, Diya.

Thanks, Todd.

Whether it's piecing together all the new technologies, building secure and seamless end user experiences or comprehensively automating the back end of customer journeys, transforming the business is not without its pitfalls. Getting identity right can solve these complex problems, but it requires every stakeholder and use case to be addressed. That's because each level of the organization is touched by digital transformation. Your CTO, CPO, CMO and CIO, all need to play a part. Everyone is responsible for driving forward new digital projects. So we've built the Okta Identity Cloud to provide everyone something to build with, whether you are a deeply technical developer or a nontechnical business leader. Just look at low-code tools like the Okta Signing Widget, pro code tools like Okta APIS, Hooks and SDKs or no-code tools like Workflows. You can see that manifest in the Okta Identity Cloud through our platform services, where directories, integrations, insights, identity engine, workflows and devices unleash innovation for our own engineers, Okta partners and for you. These platform services let us deliver value up and down the software stack from accessing the cloud architecture you build on, to driving the business logic, you need to connect systems and data together. Much of that process begins at the foundational level of a project with the infrastructure itself and your DevOps teams focusing on scaling up the foundation of your digital experiences. This is where the Okta Identity Cloud centralized identity capabilities can play a key role when you build digital experiences. We introduced Advanced Server Access at Oktane19 and we've seen tremendous momentum for the product with organizations like Zoom and McGraw-Hill, relying on Advanced Server Access to securely access tens of thousands of their servers. Advanced Server Access is Okta's Zero Trust identity and access management solution for cloud and on-premise infrastructure. It allows organizations to extend secure privileged access and automate the life cycle of server accounts and policies across dynamic fleets of infrastructure at any scale. What makes Advanced Server Access so valuable is how it fits within the Okta Identity Cloud, the broad applicability, security and access controls of a centralized identity platform now also applies to infrastructure. It means your team can move faster to build customer-facing digital projects with scale, security and compliance. So how are we taking Advanced Server Access further? First, we're giving your DevOps teams the ability to bake identity and access management functions directly into existing infrastructure as code through providers like HashiCorp and products like Terraform. So as you and your DevOps teams provision resources across Amazon Web Services, Google Cloud platform or Microsoft Azure, you can keep the underlying identity and access policies built into each new virtual machine. Stamping out new servers with identity functions baked in will give your DevOps teams speed to respond to spikes in demand and provide your IT teams with visibility. But we want to further enforce Zero Trust principles across dynamic fleets of servers. With Advanced Server Access policy sync, you can now easily create access policies based on projects and labels with deeper authorization using entitlements to enforce least privileged access. The great part is that policy sync works with the tools you already have from pulling labels from Amazon web services to projects configured with Terraform to sinking projects from GitHub. So if your team is working on a project that requires PCI compliance, you can now import the labeling for thousands of servers across dev, staging and production environments to make it easy to share a single access policy on a per project basis. This same granular access also limits users visibility to the servers and logs for the projects they're working on, so you can enforce role-based access controls. The third upgrade to Advanced Server Access drives directly on an Okta platform service. By combining a product like Advanced Server Access with Okta Workflows and we can create access flows that enforce an explicit time window for when a user can access a server and then tie additional server actions to that time based access. Think about when an engineer gets assigned to a service ticket. They can be assigned to access for a specific set of servers only for the duration of that ticket or a predefined time period. The Advanced Server Access Workflows connector takes that time based access and adds automation with your ticketing and notification services like ServiceNow and Slack. Lastly, we're also launching session capture for Linux that expands our ability to help customers meet the complexities of server access compliance by capturing all inputs and outputs of a user session linked to their identity record in Okta. These logs will be encrypted to keep security high, and they'll be send to your own infrastructure, should you need to inspect them later for compliance. This is a big deal for anyone who needs FedRAMP, SOC2 or PCI compliance for your customer experiences. Freddie is with McGraw Hill's, Chief Enterprise Architect, Joe Turbett. Let's hear more about how valuable secure access is to critical infrastructure and how it leads to better products for customers.

Joe, thanks a lot for coming on the show today. We're thrilled to have you, and we greatly appreciate it. First, let's talk a little bit about your business. McGraw Hill provides learning experiences to folks in countries, over 100 countries around the world, if I'm not mistaken. And anyone out there with school-age kids has undoubtedly heard of you, but we attract a pretty broad audience here at Showcase. Tell us a little bit about McGraw Hill and how you all have been bridging the digital divide for some time now?

McGraw Hill's history is really amazing, dated back over a century. We actually, though, like to call ourselves a 132-year-old startup. For anyone not familiar with our business, we offer learning solutions to educators world over and employ thousands of people to make that happen every day. We've been fortunate that we've invested in our digital transformation for the last few years. It's a great mode change from textbooks to e learning. And because we started that journey when we did, we were perfectly suited in this COVID-19 era to help and support virtual classrooms and partially virtual classrooms. For example, if you look at just recently, we've moved from about 50% of our product being textbooks to 50% to 70% now being digital. And we continue that journey, and we look forward to what we can do for the virtual classrooms moving forward as we learn from this COVID era.

I love that you refer to your business as a 132-year-old startup, maybe someday at Okta we'll be fortunate to be in the same boat. In the meantime, it's clear that McGraw Hill is at the forefront in the education innovation maturity curve. And in an industry with heavy compliance requirements like yours, I'm curious, how do you stay so agile and fast-moving while making sure the products and the services that you deliver at the same time are very secure?

Credit to Okta. We're able to move fast and secure with our journey to the cloud. Okta has been a huge part of this for us. We follow rigorous standards to ensure that we protect our student data. And one of the main channels that we have is transitioning to the cloud is to adopt a Zero Trust strategy. Really securing our systems and our applications and our servers with a number of different third-party supporters, along with our own tech staff. We need to make sure that we're secure at every level. And doing it with age-old PAM or LDAP wasn't the solution, Okta ASA actually did a great job for us this past summer in the transition from one service provider to another. It is pivotal in making sure that we have Zero Trust to all our solutions.

Great. Well, thanks again for your time, Joe. We greatly appreciate it. And for the support and partnership over the years. It's always great to hear about innovation in such an important area. Now back to you, Todd.

Thanks, Freddie. We just talked about how important identity is to building new products and services fast and securely. Now let's actually see our Advanced Server Access functionality in the wild. Meet some of the team from Pied Pepper, Sami, Ivan and Teju.

Hi. I'm Sami, the Chief Digital Officer at Pied Pepper, the cable TV company, you know and love. Now we decided to use Okta to power our digital transformation for all of our new customer facing applications. So let's get started. We just acquired Ticket Co, which gives us a huge opportunity to be the next best streaming service. But we've got a lot of work to do. Now we're already modernizing our business practices, but we have to move faster to meet our customers' needs. Our marketing team is about to kick things into gear with the new streaming app, so we need to get everything up and running ASAP. I want to focus on updating our infrastructure first, but we still need to make sure we meet our compliance and security obligations, too. So let's go to our compliance Director, Teju. Can you work with our DevOps team to make sure we're doing this right?

Sure thing, Sami. When I sold my company, Aviato, I wanted to do something big to give back, to really make a difference. And that's why I'm the Compliance Director here at Pied Pepper. Now I may wear the compliance hat, but I'm also a supporter of the speed of business. And because we collect customer payment data, we must adhere to PCI DSS and SOC 2 guidelines across our infrastructure. Now our approach to compliance is very closely tied to identity, making sure we have control over who has access to what, what permissions they have and a log of what they do. Now Okta is identity standard for our company, and we've recently upgraded to Advanced Serves Access to help secure our server fleet. That's been great for us because it takes everything we already know and love about Okta, single sign-on, multifactor authentication, life cycle management, helps us apply that to server and ASA handles the complexities of the last mile. Now Ivan on our DevOps team built out our infrastructure automation, so let's have him talk through how it works.

Yes, sure, Teju. So as the DevOps engineer here at Pied Pepper, it's up to me to ensure that all of our infrastructure is highly available, resilient and perform it. So you all can get your bits to watch your shows. Now I've been assist admin for over a decade. It's not magic. It's talent and it's sweat. But then we started to automate everything with Okta and fine, I'll admit, maybe it's a little bit like magic. Now you heard it from Sami, speed is the name of the game for the business, but I'm with Teju. We can't compromise on compliance and security. So my mantra is to move fast without breaking things. So we've automated as much as we can, from how software gets out the door to how infrastructure gets provisioned. Now there is a lot to that. But one thing I know for certain, the only way to secure dynamic server fleets at scale is to bake in identity, not to try to bolt it on after the fact like we used to. And that's where Okta and Advanced Server Access really come into the picture. Now we use Terraform to provision our cloud environments and Okta place very nicely in line. I can use the certified Advanced Server Access Terraform provider to dynamically configure the right role-based access controls in parallel with deploying new cloud environments. These processes are kicked off by Workflows that are hooked up to our GitHub repositories for events. Now here's where the magic happens. When any new server is spun up and enrolled with Okta, that means that the right users, the right groups and the right entitlements are just there without me having to lift a finger. Now that's pretty cool. But imagine doing that across hundreds, thousands, even tens of thousands of servers, only Okta makes that possible via automation. Without all that duct tape and the fire extinguishers I was using before. So as an engineer, Advanced Server Access, pleases me greatly. We can't forget about security, so I'll pass it back to Teju to talk about how we manage our smart access controls. Teju?

Great work, Ivan. Okta gives us flexible security controls that work with our automation, which I definitely appreciate. And now using policy sync, we've configured Advanced Server Access to enforce fine-grained least privileged access controls based on roles and labels. Now Okta also makes our back straightforward with this project structure. For example, I only want our DevOps team to be able to access servers in the CICB cluster, and I only want our data team to be able to access servers in the database cluster. Now what's great about these servers groups is that the roles are mapped back to Okta groups. So life cycle management is fully automated from our system of record, all the way to our downstream service. So for several roles, we want to go even further. I don't want our data team to have group access on any of the servers. So I manage their access at the command level with pseudo entitlements. Here, I'm just allowing them to run specific commands to view specific directories. Now pseudo management is really hard at scale. So I love having a central control plane to do this. Now also for our production servers that serve our customers and streaming services, we have even stricter compliance guidelines. For these servers, we leverage the new SSH session capture feature, which passes all traffic through the gateway services so that the commands are captured for our audit loans. Gateways are assigned by label, which gives me another way to apply these flexible access controls. Now another area that's important for compliance, of course, is temporary access. Some members of the team need permanent access to servers and others don't. And it's not just contractors. I don't want our support team or really even our security team to have permanent access to any of these servers. Their job to be done on servers should be tied to very specific events and for a very specific period of time. So what's nice is that we can set up this type of authorization with Okta Workflows and ServiceNow, which we use for our ticketing system. And since we have adopted Workflows, we've been able to implement event-driven security policies in a simple-to-use and simple-to-understand manner. So to see this in action, let's see what happened when we try to run a simple patch update on a server. So when the Workflow runs, a couple of things are going to happen. First, we're going to grab the ticket from ServiceNow and map that to the correct user in Okta. Then we specify an explicit number of hours for the preauthorization. Here, you can see us set up 2. Then we actually create the preauthorization in Advance Server Access. And finally, an engineer on our end is going to be notified via pager duty that they need to take some type of action on the server. So I've already spilled out a ticket for Ivan here, we can see I've asked him to update one of our streaming servers. But just to make sure he definitely enters that pager duty, I'm going to go ahead and set this to high urgency. Now once this workflow runs, Ivan will get a notification via pager duty to pass the server.

Hey, look at that. I just got another page from pager duty. Never a dull moment around these parts at Pied Pepper. All right, let's see what I got to do. This ticket tells me I have a 2-hour preauthorization window to log into one of the streaming servers to run a patch update. 2 hours, I'm trembling. All right. Let me fire my terminal and log into this machine. Now it's cool because we use Advanced Server Access, I can use SSA just like I normally would. But I'm not using a key log-in. Instead, anytime I log into a machine, Okta's going to mime a short-lived client certificate, just for that session. Very nice and clean. But to me as an end user, it's just keyless SSO, which is very elegant. Now this is a production server. So I know that all my commands are being logged by session capture. Also because we use Okta, I know that I'm logged in as my Okta user account, not some shared account. In fact, all the users that have accounts on this machine have their own user accounts tied to Okta. Very nice and clean and good for our compliance. All right. I know what I got to do here. I'm just going to run my quick update command, fire that off. And as I expected, that was pretty nice and quick and easy. Don't need the 2 hours. But while we're here, let's just leave Teju a little Easter Egg for her audit logs, because I know she's watching. And you know what, identity does roll. All right. I'm done with this ticket, which means I can finally start my weekend. Back to you, Teju, maybe give me a harder ticket next time.

Thanks, Ivan. Glad I can make that easy for you. Now as a compliance manager, I'm confident in our policy adherence using Okta Advance Server Access. But of course, I need to approve this for our auditors for PCI DSS and SOC 2. We already have a clean log using Advanced Server Access of which user look into which server and from which device. But now with this SSA session capture for Linux feature, we also have a clean log of the specific commands that the user entered on each server. And here, we can see that Ivan has run a few patch updates on our streaming services. Great stuff to ship off to our auditors to prove our excellent security posture with a strong foundation in identity using Okta. Now that wraps up the features of an Okta Advanced Server Access that really help our team enforce fine-grained least privileged access controls across our server fleet. Ivan is always complaining about how I give him too much work, but I also always hear him talk about how much he likes this product over others we've used in the past.

I think we'll be hearing more from the Pied Pepper team. For the new Advanced Server Access features we just saw, some are live and generally available today like the Workflows Connector and the Advanced Server Access Terraform provider, others like session capture and policy sync are available in early access. The infrastructure you're building on must be protected and secured. But what about the actual digital experiences? Now more than ever, the developers building cutting-edge digital products and services are doing so for more and more users across the globe. The proof is in the dollars. $77 billion more dollars were spent online in the U.S. alone from March to June of 2020 than the same time frame last year. To really make those high-value experiences as effective as possible, end users need to quickly and securely get what they need in the most seamless way imaginable. Developers need flexibility to tailor their experiences exactly to their requirements. Critical to that vision is our devices platform service. We've invested in devices as a core platform component because we recognize how kind device and user identity together creates the kind of security that can add to user experience instead of detracting from it. Today, we're adding new ways to engage with our devices platform service, unlocking a whole world of possibilities for developers and end users to ultimately embed Okta on every device regardless of endpoint or operating system. We're introducing our new Okta Devices SDK to build branded bespoke functionality. You can leverage the Okta Verify authenticator technology with the look and feel of your own brands. We know how valuable developer resources are and how important a developer's experiences to building new, innovative and creative products efficiently. We're delivering the tools to make that possible. That means biometric or push authentication to power pass-through less experiences across devices, and this SDK opens the door for incredible potential to eliminate security and usability trade-offs throughout the customer journey. The devices SDK also puts more power in the hands of end users by registering customer devices within universal directory. That gives them visibility into their own device registration, allowing for self-service removal if a device is lost or stolen. That's the kind of device identity capability joined with user identity that benefits every organization by creating better security and user experiences. And that's just one example. Developers are a creative bunch. And we're excited to see what you can build with Okta devices. The devices SDK will be available early next calendar year for Okta customers. Identity's impact on your digital experiences goes beyond logging in and accessing infrastructure. It extends to the entire customer journey. Think about how important it is to know who your users are, identity feeds into your relationship management system to turn prospects into customers. It feeds into consent management and privacy to build trust with customers. And it feeds into maintaining an ongoing relationship with those customers through marketing activities. And that's just the beginning. What if you could automate, how identity data integrates into your complete tech stack, how much of a difference maker would that be for your business? We introduced Okta Workflows as a platform service at Oktane in April and made it clear just how powerful no-code automation can be for identity centric business processes. It makes all of the Okta Identity Cloud programmable, and it makes it that way for everyone within a business, whether that's a nontechnical business unit like marketing or developer, looking to take advantage of Okta Hooks in a new way. We started with life cycle management for workforces. And today, we're continuing that vision of making the Okta Identity Cloud programmable now for customer identity. This new product empowers Okta customers to make identity centric actions completely programmable, whether that's taking advantage of low-code options like Okta Hooks with workflow serving as a run time or as a fully no-code option for non developers this is a game-changing way to automate complex customer identity processes like consent management and privacy and to replace custom code with user-friendly drag and drop tooling. We talked about DevOps teams creating secure velocity through Advanced Server Access and developers building new experiences through the Okta Devices SDK. Now we're talking about how Okta gives technical and nontechnical team members, the power to influence and inform the customer journey across the software stack. Freddie has more with MGM's Vice President, Information Security, Elena Seiple.

Elena, great to have you. MGM is one of the largest global hotel and gaming companies in the world, multiple iconic brands. How are you using technology to respond to COVID and enhance the customer experience in new ways? And how do those modifications fit into the larger approach for MGM?

Thank you, Freddie. It's an honor to be here. MGM, digital transformation in Okta have been tremendous partners over the last several years. And when we entered into COVID this year, we already had several things on our road map regarding digital transformation, but COVID helped speed up the deployment of that journey. We wanted to be ready for when our customers came back to Las Vegas. And we wanted to make sure that they felt safe. So we launched a new frictionless check-in process via our line buster application. It provides guests with digital keys on their phone via mobile check-in, so they can avoid lines or close contact with hotel staff and just feel safer on their journey.

Yes. Makes a lot of sense. The digital experiences that you're delivering are really focused a lot on the safety of your guests. You just highlighted a couple of the physical ones, but it's true also in the digital world. So when you think about social distancing, how are you thinking about also implementing digital safeguards, making sure online mobile experience is secure? And how does identity make that all work together?

Well, identity is core to our customer experience strategy, and we built an entire security strategy around identity and access management to protect patron's information. Okta enables MGM to tie everything together, making the lives of our patrons easier, enhancing security and it aids in beta orchestration to support privacy and consent management.

That's great. Here at Showcase today, we're announcing the Okta Devices SDK and the capabilities to unite device identity and user identity. Talk to us a little bit about how you're using that and leveraging that at MGM?

This is really important. As our customers' mobile devices play an important role in how MGM is securing customer's access, while adding little friction to their experience. Devices are strong proxy to confirm a user is who they say they are, some of the things we are exploring here, for example, are giving guests the ability to accept an MGM brand and push notification to unlock the room. Pay with their M Life points or make a large gambling transaction on the casino floor. This will increase device security posture and give customers visibility into device registration.

That's great. Another thing that we're announcing today is showcase, Elena, which I know you're leveraging our Customer Identity Workflows. So how you go about automating complex, custom processes around digital transformation and doing that without heavy code.

Privacy consent is also extremely important to us. And we're working with Okta partners such as OneTrust as we continue this shift towards more digital experiences. As we continue to learn more about our customers and their preferences, SIEM workflows, integrated with OneTrust can help us manage that information securely and effectively. It also provides no-code automation solutions, so developers can focus on building new features, the cool stuff rather than managing patron identities.

That's great. Well, Elena, it was great having you on today. I especially appreciate you wearing that fantastic Okta t-shirt that you've got on right now. I know you were telling me earlier that you also support that at your local jujitsu events. So thank you very much for pushing that out there. We're very excited to be part of what you're building at MGM. We greatly appreciate the opportunity and the partnership and support over the years. Now we'll head back to you, Todd.

What MGM is doing with the Okta Identity platform really illustrates just how impactful identity can be for a business. Customer Identity Workflows is available as part of our early adopter program, and we'll be moving to generally available in Q2 of next calendar year. As a neutral and independent identity platform, Okta has long embraced and organizations need to find the best tools to accomplish its goals. To hear more about how we're enabling our customers to do more with our expansive ecosystem of partners. Let's go to Maureen Little, Okta's Vice President of Strategic Partnerships.

Thanks, Todd. Partners are always a huge part of our product innovation here at Okta because we know that our customers must use multiple different pieces of product and software to ensure a secure and positive customer experience. Today, we're announcing new connectors for our Customer Identity Workflows. OneTrust, Marketo, Salesforce and others will all be available to allow you to seamlessly determine when, how and in what order, complex pieces of software are going to interact. Joining me now is Kabir Barday. Founder and CEO of OneTrust. Kabir, thank you so much for joining us. We're really excited to be able to announce a partnership with OneTrust and have you here. Let's start sharing with our audience a little bit about OneTrust. What role are you guys playing in this digital transformation so many companies are focused on right now?

Yes. One of the key things with digital transformation is a lot of personal data is moving to cloud environments that have different data residencies, different access permissions, and is just a quagmire of privacy problems, understanding where the data is, who has access to it? Where is it going? Is it in scope for GDPR? And so OneTrust is a platform that enables organizations to really easily comply with the plethora of requirements from a privacy, security, compliance perspective out there.

Awesome. And that's why we're so thrilled with this partnership. And you've been an early partner with our SIEM products. So we know that every company needs a consent and privacy solution just like they need an identity solution. But what we heard from so many customers is the amount of work that they have to do to implement so many different pieces of software along the way. What do you feel that this seamless integration of workflows is going to do for our customers?

Yes. So I think, first, I fully agree, our customers overwhelmingly see the intersection of consumer identity management and privacy and consent management. I'm still naturally stitching together. When you think about personal data and privacy, it's all about the identity and the person. So if you can't correlate the consent and the data you have with the person who it's about, then you don't have privacy management. And I think it's a very natural overlap between our platforms. And I think the Okta team and the OneTrust team are both very technology-oriented companies that think alike in how we build software. And what we always think about is, how do you build software, and not how do you build software that works, but how do you build software that doesn't fail. And it's helping organizations prevent those mistakes and stop them from being able to do something that can mess up. And by our -- a close partnership, it allows us to make sure that is the outcome for our joint customers.

Well, we're thrilled. We're really excited. We're going to show everybody how awesome this product is. In the interplay of our 2 platforms in winning our joint customers, seamless solution, and we're just really proud to partner with OneTrust. Thank you so much. I'm going to throw it back to you, Todd.

Thanks, Maureen. We've just talked through a number of innovations that impact developers, IT admins and truly every business unit that has a role to play in a customer's journey. Now let's send it back to the Pied Pepper team to see these innovations in action.

It looks like our infrastructure is now all set up, secured and ready to scale to support our new streaming app. Now we should really look into how the AppDev team is progressing with the streaming app itself. We've had some challenges with drop-offs at the registration time. And we also have to increase our user engagement with more personalized content so that we can convert more of the registrations into actual paying customers. We have a super short runway before our go live. And James, our lead product manager, is on it. So James. What's the update on the app or the app-date, if you will?

Sure thing, Sami. I'm James, the product manager of planning out this entire digital transformation. And I'm just about done here with the spec. Overall, we want our customers to be able to register for our app easily, and we want to keep them using our app. So to do that, we're creating a passwordless flow across devices. And on the back end, we want to be able to personalize their experience using their preferences in our marketing system. And that's it. This is everything we need to get our users registered into our app and on the path to becoming customers. I just hope our development team is really up for this challenge. We stream live events and building this out is really going to bog them down. Let me reach out to Swaroop, our dev lead, so we can go over the spec. Hey, Swaroop, check it out. This is the entire spec of what we need to build for our digital transformation. What do you think?

This is it, dude. With all the urgent fixes that you've been assigning me lately, how am I supposed to fix this in our release cycle? Based on my previous identity experience at Hula, it took big head and myself months to get done. Worse still, big head's code look like a big ball of spaghetti, and I could never shake this project off my plate. Take a look, your goals alone to reduce drop-offs at sign in. That alone is going to take us a month if we try to fix it.

I thought the same thing, too, but you're in luck. Using Okta, we can easily build all of this. The Devices SDK will give you the ability to build a passwordless sign-in flow, while still protecting the users with push MFA. Not only that, they have an awesome sign-in widget that you can simply drop in. How about you go check it out and let me know how it goes?

Glad I found the new Okta CLI configuration tool on its GitHub repo. Using the new CLI configuration tool, looks like I can set up my sandbox environment, configure my OIDC apps and even customize my bushel, so that I can spend less time jumping around screens and more time building stuff. Let's quickly go ahead and configure an OIDC app using the tool. First, let's give it a name, let's call it PP Web. Next, let's select a web application using spring boot, and I'm good with the default redirect URIs. I guess, with that, we have a few tasks taken care of. Maybe now I can focus on building out the Devices SDK integration so that we can reduce drop-offs at sign-in. Well, that is after net being spins up. Looking at the release notes, Okta says we can even make the experience completely branded, with our own look and feel. So all I need to do is drop the right icon in the right folder, and we're good to go.

Wow. I can't believe we already have this thing built. That new CLI tooling made it easy for our developers to get this up and running. And having the flexibility to use the Okta APIs, SDKs and widgets, really helped customize and bake in our brand into this passwordless experience. Not only that, but we didn't risk our launch date. I think we can just about wrap this project up. Oh, one sec. I just got an e-mail from Sami. He's looking for an update on how we're integrating with the marketing systems. Let's just file that for later. Have you had a chance to look into those integrations?

When I was building out the new app, I also tested out Okta's Customer Identity Workflows. And I must say, it is a pretty slick set of automation tools that I don't need to write code for. So all those GRIs that you just assigned to me, we can hand them over to Danielle, the identity admin to take care of.

That would be perfect. This could help the identity team create marketing automation flows. And since it requires no code, we wouldn't risk our launch date. Let's see if Danielle can get that done in Okta Customer Identity Workflows.

Yes, of course, James. And yet another request. I've been getting requests from evermore business units in our organization, not just IT and security, but marketing, compliance and privacy, and that's just to name a few. Fortunately, Okta Customer Identity Workflows helps me respond to these disparate requests quickly. I now use Okta not just to grant and revoke access, but to move data from place to place across different technology stacks like marketing or privacy, which you can see in the flow that I've built here, which you're going to read from left to right. We're connecting Okta with Salesforce and ultimately Marketo, to create a powerful marketing automation flow. Here in Okta, when a user is created, we're going to go ahead and read that user. We're reading the user because it allows us to extract a bunch of interesting profile information about that user and then drag it downstream. So I can drag all this demographic information wherever I want you, to whatever app I like. Then in Salesforce, we're searching records. We're searching records because we want to see if this person exists. And then we're going to take a few actions based on whether they do or do not exist. So if they don't exist in Salesforce, we're going to go ahead and create a record. And if they do exist, we're simply going to update the existing records. There is one last piece of information. I want to drag to this record. We recently changed our terms of service and I want to make sure that's populated in the Salesforce record because we connect Salesforce with downstream, consent and privacy technology like OneTrust, and I want to make sure that information flows to the right spot. Right. So in Marketo, which we use for all of our customer journey automation, we're going to go ahead and create a lead with that demographic information flowing over here, like I mentioned earlier. And I want to do one last thing. I want to make sure that this person has added to the correct e-mail list. That's going to be our new user e-mail list. So I'm going to go ahead and choose Marketo from Okta's library of apps here. I'm going to click ad leads to list. And then all I need to do is pull the name of the list here. And the lead ID here, I want to make sure that the right person gets added to the right list. And that's it. In a few simple steps, I've created Okta with pretty much our full marketing stack to create a powerful marketing automation flow. And it saves a lot of manual work for both me and my marketing team, so they're really going to love me. I want to show you one more thing. That's the second flow because if this person becomes a paying customer, we, of course, hope they do. They get added to our paying customer e-mail list automatically. So here when a user is added to the group in Okta. In this case, our paying customer group, I'm going to go ahead and search for that lead in Marketo. And then I'm going to add that lead to the paying customer e-mail list. We have lots of fun perks and interesting things that we send to our paying customers through e-mail. So I want to make sure they're added to that list.

Now that everything is built, let's see how our customers like the new service.

Hi, I'm Kelsey. I'm spending my COVID time with family in Florida, which has been mostly great, but I am missing previrus activities like hanging out with my friends and going to concerts. Oh, I just got a text from a friend who said that Russ Hanneman is live streaming his latest show on a new act called Pied Pepper. Now this is a must see. It looks like my friends and me a link to download the app. Let's go ahead and check it out.

Here's where we see self-service registration, while we collect a small bit of information about our user as well as consent.

All right. I have the app downloaded. And it looks like if I want to check out Russ' show, I need to sign up for a free account. That seems pretty easy. So I'll go ahead and tap sign up. And it looks like it's asking for my email, my name. And yes, I'm over 21. Go ahead and hit next. And oh, wow, that was it. I am not saying do I hate passwords, I absolutely do. So I'll go ahead and accept and continue that. And it looks like it's sending me to my e-mail to go ahead and complete the registration. When I pop over here to my email, I can see that I have an e-mail here from Pied Pepper and now I just need to click the link to sign-in. When a click the link to sign-in, it's now asking me, do I want notifications? Can't miss Russ' show. So yes, absolutely. And now asking me for face ID. We'll go ahead and say, yes, to that. And, oh, wow, that was it. That was so easy.

We know security is important. So we built it into our app. We're using biometrics and push to verify the user, all made possible by the Devices SDK.

All right. It looks like I'm all said. There's a lot of variety here, too. So maybe I'll check out one of these other shows after Russ'. If things go well. For now, it looks like I'm ready to rock. And then some. Russ' show was great. It actually lived up to the hype. I was just going to pull up my computer, so I can send my friend a few photos from the show. And oh, it looks like I have an e-mail from Pied Pepper.

Now that the 10-day trial period is over, it's time to make Kelsey a customer.

Alas, it looks like my free trial for Pied Pepper has come to an end. The Russ show was pretty great, and I'm already seeing a number of artists and comedians that I want to check out in the future. So I'm going to go ahead and upgrade to a premium account. Looks like I just need to sign in on my computer. Only thing is I haven't signed in from my computer before, and I don't remember what the password is. Well, let's click the link and see what happens. All right. Interesting. It looks like the app is asking me to go to my phone to complete the sign in. All right. We'll pull my phone up here. And it looks like I have a notification here from Pied Pepper. When I touch on the notification, it's asking me if it's me signing in from Fort Myers, Florida. Yes, it is. So we'll go ahead and hit yes there. And back over here on the app. Wow, that was it. That was super easy. I didn't even need to sign in with a password. It looks like now, I just need to put in my credit card information, and I'll be good to go.

Now when Kelsey accesses Pied Pepper from anywhere, she can leverage her registered mobile device to validate her identity for a seamless passwordless experience.

Now that I have upgraded my account. The Pied Pepper app is showing me a number of shows that I was recently checking out as well as some recommendations, so I can personalize my experience. I'm going to go ahead and add the Beyonce to my favorites here. And when I come over to the favorites, I can see that, yes, Beyonce is indeed one in my favs.

Now that she's updated for preferences, these profile changes are being pushed from her account across the entire marketing stack using Okta Workflows.

I'm also seeing a security tab here. When I go ahead and click on that, I can see that I have 2 devices registered to my account, my iPhone and my sister's iPad, which I borrowed to check out Russ' show. I should probably remove that one.

Not only does the device's SDK enabled passwordless, it also captures device security information such as OS version, device name and whether or not the device uses the pin code. This not only helps us ensure the authenticity of her account, it helps Kelsey manage the overall life cycle of her devices.

All right. Now that I've gone ahead and upgraded my accounts, and it looks like I have a variety of shows and great content to check out. Can't wait to see what else Pied Pepper has in store.

With Okta handling user and device authentication and integrating with our marketing stack, the only thing left for us to focus on is our app.

Wow, the outlooks awesome. Great work team. I think we're ready to take this one to the market. Now as you saw here, Okta was the foundation empowering Pied Pepper's digital transformation, securing our infrastructure, improving our end-user experience and adding all the marketing integrations we need. Now Pied Pepper is just getting started, and we expect Okta to power our digital transformation as we grow our paid customer base and rejoin the 3 commerce club. So here's to rebillionizing, and cheers.

The team really showed off just how the Okta Identity Cloud can transform your technology stack and customer experience. These last 6 months have illustrated just how dynamic and adaptable our nations, our businesses and our fellow workers can be. As scary as some of this is, I speak for myself and the entire Okta organization, when I say we're proud to be alongside all of you, and we're here to help in any way we can. I mentioned at the top of the broadcast, Okta For Good and the fund supporting workforce development. Please visit the link on the screen to see how you can help. I personally commit to matching all contributions in support of these causes. So with all that being said, stick around for some great discussions around the new concept of dynamic work, the future of digital analog experiences and some deep dives into how we made the demos you all just watched. And don't forget to tune into a great one-on-one conversation between former Charles Schwab CMO, and Okta Board member, Becky Seger; and global CMO of Netflix, Bozoma Saint John. From myself and the rest of the Okta Showcase news team, thank you, and have a great rest of your day.