Yesterday, identity and access management (IAM) vendor Okta announced plans to acquire CIAM vendor Auth0 for $6.5B in an all-stock transaction. Founded in 2013, Auth0 has been rapidly growing its developer-focused customer identity and access (CIAM) offering and has raised over $330 million in venture financing. Based on Forrester’s estimates of Auth0’s annual revenue, this acquisition price is around a 80–100X revenue multiple, which is considerable and a by and large unprecedented premium in the IAM space. For reference, we estimated that Cisco’s acquisition of Duo in 2018 was around a 20X revenue multiple and was done as a cash transaction. With this purchase and valuation, Okta is raising its bet and going all in on CIAM.

In Forrester’s opinion, this high acquisition price reflects that:

  1. Secure and easy-to-use digital experiences are a must going forward. Even before COVID-19 pushed many companies to all-digital customer interactions, organizations were investing heavily in building and optimizing digital experiences that provided great user experience without sacrificing on security or privacy. While companies may have previously tried this using homegrown or open source offerings, the pace and velocity of digital transformation requires companies to evaluate turnkey CIAM solutions that can be quickly integrated into existing architectures to support these new digital experiences. This deal reflects that strong overall demand for solutions such as Auth0 to help deliver on this promise and positions Okta to leverage that growing demand.
  2. The 2020 tech stock market rally-up is an M&A accelerant. Okta’s stock has doubled in the last year as it and many other tech-related companies rode a surge in demand due to changing work conditions caused by the COVID-19 pandemic. These higher stock valuations now give public companies the ability to pursue large deals using the higher stock value. As tech stock prices continue to surge, expect more M&A and more all-stock-type transactions.
  3. Okta is under pressure to cater to developers in CIAM. With digital transformation accelerating, identity has become the cornerstone of customer acquisition, management, and retention — traditionally managed by digital product teams, business units, marketing organizations, and buyers’ internal application developers. Access to these organizations’ stakeholders and decision-makers (especially to the app developers) has always been Auth0’s strength. Auth0 gives Okta better access to this developer buying center that Okta has not been as successful reaching.

IAM and CIAM markets remain highly competitive, with a wide range of vendors such as ForgeRock, SAP, IBM, Ping Identity, Salesforce, Microsoft, and Akamai, to name a few. While Okta has built a strong leadership position in workforce IAM, the success of this merger will depend on the following:

  1. How successfully Okta can further integrate Auth0 with non-IAM and non-security solutions. In CIAM, integration with analytics, business intelligence, portals, and marketing solutions are critical to keep a CIAM platform relevant. Okta will have to expand its application ecosystem quickly to remain competitive and to support these new integrations.
  2. How much of a premium customers are willing to pay for identity orchestration. Auth0 had a lot of success through its freemium platform offering, which gave developers easy access to CIAM capabilities. A key factor in the financial success of the acquisition will be Okta’s ability to convert these freemium Auth0 customers into revenue-generating customers (especially when some other vendors include orchestration for free).
  3. How well can Okta apply Auth0 CIAM technology to its existing workforce IAM solution. Okta’s DNA has been providing employee access to cloud apps using its cloud portal — which traditionally has required little orchestration. As Okta expands into protecting legacy on-premises apps and replacing existing on-premises solutions from Broadcom/CA, Oracle, and IBM and starts to compete more with ForgeRock and Ping Identity, Auth0’s orchestration technology will be a critical building block.
  4. How well Okta will tolerate and integrate Auth0’s completely different corporate culture. Auth0’s IAM approach has been original, innovative, and technology-led. Okta’s traditional approach has been business-, execution-, and financial-results-focused. As with many similar past IAM acquisitions, the acquiring company must retain the acquired vendor’s product management and engineering team and continue to innovate — which historically has been a challenging task for many acquisitions.
  5. How quickly and well Okta will eliminate overlaps to provide the best single CIAM solution. When an acquisition happens, there are usually and naturally significant overlaps between the acquiring and acquired vendors’ solutions. In this case, passwordless authentication, multifactor authentication, and even some of Okta’s preexisting developer-centric APIs overlap with Auth0’s offering. Swiftly arriving at a unified, consolidated solution to minimize customer confusion and maximize Okta’s engineering performance is critical to success.