 In this next demo, our partner, Okta, will introduce the concept of Zero Trust Security, centered on identity. In our multi-service world, people are the new security promote. According to recent studies, the adoption of modern technologies is resulting in an explosive growth in identities. This is not only a challenge to manage, but identity has become a critical element in any security strategy. Users are targeted as the weakest link in any security chain, responsible for 20% of breaches with stolen credentials being the most common initial attack vector. But why does that matter? The problem isn't just managing the users themselves. When an account gets compromised, it impacts the overall business. Did you know the average cost of a breach was more than $5 million? It's clear that a critical element to addressing this area is to have a solution that provides the ability to establish a trust relationship with users before access is granted. And where can you start building that trust? Let's take a look. When we're talking about identities from various different entities, what it boils down to is people and groups, and bringing them into Okta's universal directory. Here at the Okta dashboard, let's head over to directories and groups. We can see here we have groups of users from various different entities represented by their source icon. Some are Okta groups, or Workday groups in our HR system. We could also bring in identities from directories as well. Let's jump over to directory integrations. And you can see we can connect to Active Directory and LDAP as well as a CSV directory. Regardless of your user source, be it Active Directory or Workday, policy controls and application access can be centrally managed in Okta. Let's take a look at that in action. I'll jump over to my box app. Here I can see which users have been assigned to this app as well as which groups. This app as well as all apps have their own set of sign-on policies so we can get very granular with access at the app level. We can see here a set of sign-on policies specific to this app, and each policy has its own set of rules. Let's take a look at those rules. Here we can see the various different conditions that can be applied to access decisions, be it people, location, or client restrictions, such as mobile or web requests. Based on these conditions, we have the options to specify whether or not they were prompted for a second factor. So as you can see, user identities can come into Okta from several different locations, including existing directories, apps, or third-party identity providers. But regardless of their location, the same set of policies apply. Let's take a look at the sign-on experience. Welcome to the login page. The policy for this particular login page only asks for the user's username, but also allows authentication via a PIV card. We'll enter the username and hit Next. You'll see we're prompted for Okta Verify Push. This is the first factor requested. Once accepted, the user can be allowed access or move on to the next factor based on the determined risk. In this case, it's determined that this is a risky login, so now it's going to prompt for a password. I'll enter the password, and we're now in the Okta dashboard, where we have access to all our applications. With Okta, working from anywhere is made seamless for your users, no matter what they're accessing. It could be a cloud app, an on-prem app, or a server. And it all starts with app access. App access starts with integration. There are several ways to integrate apps with Okta. The first being the Okta integration network, which has over 7,000 integrated apps, each with their own unique set of step-by-step instructions. Okta also supports deep integrations for more than 18 different protocols, one being Radeus, which is most commonly used with Cisco ASA. We can also integrate with other network appliances such as Palo Alto Networks, Akamai, and F5. This covers your cloud apps and VPNs. For apps that aren't in the cloud, Okta Access Gateway provides a method to gate access to on-prem apps without the need for VPN, apps such as Oracle EBS. And finally, the same access controls used for apps expands onto servers with Okta Advanced Server Access. Giving you zero-trust access decisions for your server fleet. Let's take a look at this in action. We'll start by logging into the Okta dashboard. From here, we can see all of our assigned applications, things like Cisco Umbrella or on-prem apps like Oracle EBS. Now, let's jump over to our PC and fire up a VPN session with Palo Alto Global Protect. As you can see, the Okta logging experience here is the same experience you have when accessing via the Okta dashboard. And finally, let's log into a server. This can be done from the Okta dashboard, but for this demo, I'll start it from a terminal window. I'll establish an SSH connection here. You can see I'm redirected to Okta. I'm prompted for MFA, and now I'm granted access to my server.