On one hand, the market seems to react to these appropriately. On another hand, the market has a short-term memory and prices go back up.

It's unfortunate Auth0 was acquired by them. Have used it from the beginning and it used to be a great product before the Okta acq. Now it's just constant sales emails, expensive pricing, not much new feature launches, most features are very enterprise focused, bunch of bugs, frequent outages.

Stock 41% up in the last 12 months is not appropriate.. it basically signals, "buy at a huge discount after each incident, we'll keep it rising regardless".

At this point, one could speculate they are not worth almost at all given they fail to deliver on their primary value proposition. They are not and have not been profitable either, only getting worse: https://finance.yahoo.com/quote/OKTA/financials?p=OKTA

This sort of business doesn’t have to immediately realize a profit they just have to expand their base of customer and dig their claws deeper into their customers core infrastructure. Once they do that they can exploit their customers for years before they’l be able to escape. Since they are frequently going to be competing in “lowest bidder wins” competitions they’re be foolhardy to try and make a profit up front honestly, counter-intuitively it would be lighting money on fire. This is also a product with pretty substantial benefits from scale, as Okta gets bigger more things integrate with them so they’re easy to integrate with so they get bigger…

I’m just wondering who in the industry is still stupid enough to stick their neck out for Okta? Why are they getting new customers? Why not go with the other devil you know your cloud provider to offer mostly the same services? What is Okta offering when they seem relatively incompetent compared to the competition that often offers their products for cheaper up front?

They're still growing revenue, at least as of July.

This is not a new breach, it is a disclosure of additional findings from the last breach.

Have heard good things about FusionAuth. (Not a user, but friends speak highly of it).

Thanks for mentioning us! (I'm a FusionAuth employee.)

Entra ID (Azure ad) free above a p2/E3 I think. Auth0 bought by okta. Ping. Google.

If only it were that easy. Yes, you can run it as a docker container and self host.

But self hosting is non-trivial. You have to deal with DNS, TLS certificates, configuring Keycloak, data backups, and redundancy.

I set it up once so I could evaluate it. I may yet choose to self host but I'm not under any illusions that it's easier than paying for a service.

When you're evaluating solutions make sure to look into Authentik too. For my small company needs it was much much easier to understand and setup and it's only gotten better and more featureful.

Authentik takes a little more to set up than KeyCloak, but the effort is well worth it when you go to configure TOTP. Authentik 2FA UX can be quite easy, similar to commercial products.

There are plenty of valid concerns around self-hosting it, but I fear for the future of our profession if things like DNS, TLS certificates and backing up a database on a schedule are now considered hard.

Dns, tls certs and data backups can be handled by something like cloudron.io (there are others too)

Edit: Elest will do it, https://elest.io/open-source/authentik