Okta acquihires Stormpath, doubles down on identity in apps and APIs

Okta, the $1.2 billion identity management startup for enterprises that some tip for an IPO this year, has made an acquisition of sorts to expand one of its newer lines of business: managing IDs across APIs and apps. Today the San Francisco-based company announced that it has picked up the team from Stormpath, an early mover in providing a way for developers to implement authentication, authorization and user management into web and mobile apps by way of an API and a few lines of code. On top of this, the company has acquired a license to use Stormpath’s technology. Financial terms of the deal are not being disclosed.

Notably, this is not a full acquisition: Okta’s co-founder and COO Frederic Kerrest, who answered questions about the transaction over email, did not specify who would retain ownership of the technology. We have followed up with him, CEO Todd McKinnon and an Okta spokesperson to see if we can get more details.

The hiring portion covers 35 of Stormpath’s current 45 employees, including co-founders Alex Salazar and Les Hazelwood. And with it, Stormpath announced that it will shut down its current API and corresponding SDKs on August 17, 2017, along with a more detailed migration path for existing customers.

The deal comes relatively quickly on the heels of Okta launching a similar, competing product of its own back in August 2016. Bringing in Stormpath’s team and technology is a sign of two things.

First, there is a demand for the service and to develop it further, and Okta would like to capitalize on that in its bid to compete more comprehensively against others like Microsoft and Ping Identity.

“Our vision for the Okta Identity Cloud is to become the authentication layer for every app, service, device and person, giving developers a better and more secure way to manage user access to whatever they are building,” said McKinnon in a statement. “The Stormpath team brings great technical talent and a deep understanding of developer needs, both of which are necessary to provide a world-class developer experience.”

Second, Okta is looking to do this quickly, rather than continue to build out a competing product organically.

“We’ve built almost the same stack, which is validating for both companies, but would be duplicative of us to integrate,” Kerrest said. “Instead, the teams will move fast to reach feature parity between the two, and then innovate beyond that.”

Stormpath was founded in San Mateo in 2011 and raised just under $25 million in funding from investors that included NEA, Scale Venture Partners, Flybridge and Pelion. The company had picked up more than 2,500 customers and developer users, and Kerrest tells me that the plan is to transition them over time to Okta.

“The teams are currently building tools and offering migration support,” Kerrest said. There were already some crossover customers, he added, including Vivint Solar and Datastax. Okta’s customers, meanwhile, include Adobe, Pitney Bowes, Experian and Rotary International.

“Okta and Stormpath share a similar culture and desire to build products that will help our customers transform their businesses,” said Salazar. “Our team is excited to join Okta and accelerate efforts to help companies better manage identity across a wide spectrum of applications and services as they grow and scale their businesses.”

Okta has traditionally sold its legacy services into the IT department and more specifically the CIO’s office, who integrate the service on a custom basis on top of the apps that are used in the businesses. To date, Okta touts a decent amount of ubiquity in the enterprise world, with integrations with more than 5,000 apps and thousands of customers and a business bolstered by a significant shift to the cloud for enterprise software that requires secure log-ins to use, as well as a rising tide of malicious hacks that have driven companies to have better control over their identity management policies.

This shift into API services and the subsequent subsuming of Stormpath’s tech and team speaks to how the company is looking to grow its identity management business, expanding its customer scope by targeting a larger pool of users: developers.

“Developers are becoming major buying centers and decision makers within organizations, and with no signs of that trend slowing, the need for secure application integration is growing,” Kerrest said. “We’ve seen this first-hand from our customers — and that’s what is driving us to build and scale the product, and the team supporting it, more quickly.”

While Okta is not commenting on its IPO plans at all — “No comment, but nice try!” was the response we got when we asked the other day — we’ve heard from sources, and it appears that others have as well, that it has been quietly laying the groundwork for a public listing.

This is something that Okta essentially projected that it would do when it last raised funding, in September 2015.

Cultivating a line of business in APIs and working with developers gives the company a way to diversify its revenue stream, as well as grow it.

In that vein, other areas of its business that Okta is growing include its relationship with large cloud providers to provide the identification layer for their services.

Last August, around the same time that Okta launched its own API product, the company also announced a significant partnership with Google to be its preferred secure identity management layer for Google Apps for enterprises. This would mean that companies already using Okta could add Google Apps to their log-in list (thereby expanding the scope for Google Apps); and also potentially bring more business to Okta by introducing new customers who use Google Apps.