© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. © Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Day in the life of an enterprise customer

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. © Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Jon Lehtinen Senior Director, Okta on Okta, Okta

This presentation contains “forward-looking statements” within the meaning of the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to, statements regarding our financial outlook, long-term financial targets, product development, business strategy and plans, market trends and market size, opportunities, positioning and expected benefits that will be derived from the acquisition of Auth0, Inc. These forward-looking statements are based on current expectations, estimates, forecasts and projections. Words such as “expect,” “anticipate,” “should,” “believe,” “hope,” “target,” “project,” “goals,” “estimate,” “potential,” “predict,” “may,” “will,” “might,” “could,” “intend,” “shall” and variations of these terms and similar expressions are intended to identify these forward-looking statements, although not all forward-looking statements contain these identifying words. Forward-looking statements are subject to a number of risks and uncertainties, many of which involve factors or circumstances that are beyond our control. For example, the market for our products may develop more slowly than expected or than it has in the past; there may be significant fluctuations in our results of operations and cash flows related to our revenue recognition or otherwise; we may fail to successfully integrate any new business, including Auth0, Inc.; we may fail to realize anticipated benefits of any combined operations with Auth0, Inc.; we may experience unanticipated costs of integrating Auth0, Inc.; the potential impact of the acquisition on relationships with third parties, including employees, customers, partners and competitors; we may be unable to retain key Safe harbor personnel; global economic conditions could worsen; a network or data security incident that allows unauthorized access to our network or data or our customers’ data could damage our reputation and cause us to incur significant costs; we could experience interruptions or performance problems associated with our technology, including a service outage; the impact of COVID-19 and variants of concern, related public health measures and any associated economic downturn on our business and results of operations may be more than we expect; and we may not be able to pay off our convertible senior notes when due. Further information on potential factors that could affect our financial results is included in our most recent Quarterly Report on Form 10-Q and our other filings with the Securities and Exchange Commission. The forward-looking statements included in this presentation represent our views only as of the date of this presentation and we assume no obligation and do not intend to update these forward-looking statements. Any unreleased products, features or functionality referenced in this presentation are not currently available and may not be delivered on time or at all. Product roadmaps do not represent a commitment, obligation or promise to deliver any product, feature or functionality, and you should not rely on them to make your purchase decisions. © Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. An enterprise practitioner’s perspective

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Enable the Business Showcase the Platform Evolve the Product Okta on Okta Mission: Deliver the best-in-class experience for our employees and customers Okta on Okta

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Enable the Business Showcase the Platform Evolve the Product Okta on Okta Workforce IAM ● okta.okta.com ● Workforce Access & Lifecycle Management (LCM) ● M&A Access Enablement Customer IAM ● Okta Events ● Partner Onboarding Federal IAM ● FederalSSO ● FedRAMP High Controls Security & Compliance ● Audit Evidence ● Environment Hardening

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Enable the Business Showcase the Platform Evolve the Product Okta on Okta Product and Engineering ● Feature Enhancements ● Roadmap Feedback Quality ● Beta Testing ● Bug Reporting Customer Success ● Consultations ● Best Practice Discussions First + Best Customer ● Early Access ● Continuous Improvement

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Enable the Business Showcase the Platform Evolve the Product Okta on Okta Marketing ● Oktane ● Conferences & Webinars ● Customer Collateral Sales ● Sales Lead Q&A ● Use Case Consultation Reference Implementation ● Workforce, Customer use cases ● Blogs

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. An enterprise practitioner’s perspective

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Day in the life of an enterprise customer

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Identity is the perimeter of security.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Identity-centric security Users ● Identity verification ● Binding authenticators to user ● Issuance & management of credentials Devices ● EDR/EDM ● Certificates ● Fingerprinting ● Custom apps Context ● Level of assurance equal to sensitivity of resource ● Adjusting policy based on deviations from norm

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Zero trust architecture 1. All data sources and computing services are considered resources 2. All communication is secured regardless of network location 3. Access to individual enterprise resources is granted on a per-session basis 4. Access to resources is determined dynamically…and may include other behavioral and environmental attributes 5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets 6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed 7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture Tenets of Zero Trust Architecture - NIST SP800-267

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Zero trust architecture 1. All data sources and computing services are considered resources 2. All communication is secured regardless of network location 3. Access to individual enterprise resources is granted on a per-session basis 4. Access to resources is determined dynamically…and may include other behavioral and environmental attributes 5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets 6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed 7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture Tenets of Zero Trust Architecture - NIST SP800-267

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. SAML2 – Federated Identity OpenID Connect – Federated Identity OAuth 2 - Authorization SCIM/SCIM2 – LCM FIDO2 – Phishing-resistant Authentication The power of identity standards

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. One set of logon credentials Automatic loss of access to SaaS apps upon account disablement Avoids shadow IT Security gaps from shared accounts Authentication

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Automatic account creation, updates, and removal based on federated source of truth Clear audit records for compliance purposes User LCM

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Identity is the perimeter of security.

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. The “current macroeconomic situation.”

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Support for SSO and automated provisioning/deprovisioning Single administration plane Administration ~ ~

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Federate sign-on Automatic user provisioning & deprovisioning Authentication & user LCM

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Billing Utilization Assignment/reassignment Seat/license management

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Billing Utilization Assignment/reassignment Seat/license management

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Maps to user groups Custom attributes Claims for entitlement mapping { "sub" : "[email protected]", "name" : "Jon Lehtinen", "given_name" : "Jon", "family_name" : "Lehtinen", "email" : "[email protected]", "Role" : "security_admin" }

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Federated authentication User provisioning & deprovisioning Seat management Claims for entitlement

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Single sign-on as a premium feature

© Okta and/or its affiliates. All rights reserved. Confidential Information of Okta – For Recipient’s Internal Use Only. Recap Authentication User lifecycle management Transparent lIcense management and utilization info Authorization Demonstrate commitment to value partnership