Okta Data Analyst Case Interview: Identity & Authentication Analytics

This case mirrors Okta’s real analytics interviews—customer-obsessed, security-first, and pragmatic. You act as a Data Analyst embedded with the Workforce Identity (WIC) product team, partnering with PM, Security, and SRE to diagnose and improve authentication outcomes at scale. What the case covers (Okta-specific focus areas): - Identity and access metrics: login success rate, MFA enrollment/usage, step-up prompt rate, auth latency (p95), lockout rate, suspicious event rate, and SSO coverage across the Okta Integration Network (OIN). - Tenant (org) health and adoption: activation, time-to-first-value, app assignment breadth, and cohort-based retention by segment (enterprise vs. mid-market) and plan tier. - Reliability and security tradeoffs: how policy/risk changes (e.g., Adaptive MFA, WebAuthn/FIDO2) impact conversion, support volume, and attack resistance. - Incident-style thinking: rapid root-cause framing, clear comms, and transparent assumptions aligned to Okta’s trust and transparency culture. Structure (60–75 min flow): 1) Problem brief (5 min): "Three weeks after rolling out a new conditional access policy, APAC orgs report a 7–10% drop in login success and higher support tickets. Diagnose and recommend next steps." 2) Data exploration with SQL (25–30 min): Write and reason through queries live. Expect to slice by org_id, app_id, factor_type (Okta Verify push, WebAuthn, SMS), device_type, country/region, and risk_score. You’ll compute funnels and cohorts and reconcile data quality edge cases (sandbox tenants, bot traffic, backfills). 3) Experiment/design (10–15 min): Propose and evaluate an A/B for making WebAuthn the default second factor for eligible users. Define success, guardrails (latency, failure rate, support tickets), unit of randomization (user vs. org), and contamination risks. 4) Exec readout (8–10 min): Deliver a crisp narrative and recommendations, calling out security implications, customer impact, and a rollback or mitigation plan. 5) Q&A (5 min): Discuss data governance (PII handling, aggregation), assumptions, and follow-ups. Sample schema you’ll reference (representative of Okta data domains): - auth_events(event_ts, org_id, user_id, app_id, outcome, error_code, factor_type, device_type, country, risk_score, session_id) - orgs(org_id, created_at, segment, plan_tier, region) - apps(app_id, app_name, oin_partner, category) - support_tickets(ticket_id, org_id, category, created_at, closed_at) Core tasks you’ll perform: - Define and compute key metrics with precise formulas (e.g., Login Success Rate = successful_auths / total_auth_attempts; MFA Enrollment Completion = users_completed / users_prompted; Step-Up Rate = challenges_issued / total_auths; p95 latency from event timestamps). - Build an MFA adoption funnel: eligible → prompted → enrolled → first-use → 30-day active. - Diagnose APAC drop by slicing outcomes across factor_type and recent policy changes; quantify impact on top 10 OIN apps by volume. - Propose an experiment plan and minimal dashboard to monitor leading indicators, guardrails, and anomaly alerts. What interviewers look for (anchored to Okta’s style): - Customer and security mindset: balancing friction vs. protection; clear rollback criteria. - SQL rigor and data hygiene: correct joins, handling late-arriving data, deduping session-level events, and defensible cohort boundaries. - Analytical judgment: selecting the right denominators, explaining variance, and distinguishing correlation from causation. - Communication and transparency: clear assumptions, risk callouts, and concise exec-ready storytelling. - Collaboration: how you’d partner with PM/SRE/Security and support CSMs with tenant-level insights. Deliverables in-session: - 2–3 SQL queries (readable, commented) producing table cuts for funnel and regional comparisons. - A brief, structured recommendation: root cause hypotheses, expected impact, guardrails, and next steps (e.g., staged rollout, policy tweak, additional telemetry). Red flags: - Hand-wavy metrics, missing denominators, ignoring guardrails/latency. - Overfitting to one slice without tenant/app context. - No plan for data privacy, incident-grade communication, or mitigation.