AUTH0 PLATFORM SERVICE LEVEL AGREEMENT

Auth0-Platform-SLA-Rev-4.5.2 02-01-22.docx 1 Confidential

This document (the “Service Level Agreement”) contains service levels for the Auth0 Platform provided by Okta to Customer pursuant to an

Order Form and the Agreement under which Customer acquired its rights to use the Auth0 Platform (as provided in the PSS).

1. Definitions.

Except as otherwise expressly defined in this Service Level Agreement, capitalized terms have the meaning ascribed to them in the Agreement.

For the purposes of this Service Level Agreement, the following capitalized words and phrases are ascribed with the following meanings:

1.1. “Available” means that the Core Services of the Auth0 Platform, in the form provided by Okta, respond to Customer API Calls in

such a manner that results in a Successful Minute; “Availability” has the corresponding meaning.

1.2. “Core Services” means the Auth0 User Authentication and Machine to Machine Authentication Services of the Auth0 Platform.

1.3. “Customer API Call” means a call by Customer or Customer’s End Users to an Auth0 Core Service API in a Customer Tenant.

1.4. “Downtime” means any period of time in which the Core Services are not Available. “Downtime” specifically excludes any time in

which the Auth0 Platform is not Available because of: (a) emergency maintenance, (b) Force Majeure Events, (c) load or penetration testing

by Customer, or (d) usage of alpha, beta, or other non-generally available features or services.

1.5. “Failed API Call” means a Customer API Call that (a) returns an error, or (b) is received by the Auth0 Platform but results in an

unreturned call. “Failed API Calls” exclude: (i) failed Customer API Calls due to client-side application errors outside of the Auth0 Platform’s

control, such as calls to: (1) a custom database, (2) third-party IdPs, (3) Rules, Hooks or Actions, (4) non-Core Service Auth0 extensibility

points, and (5) features not strictly required for a Customer API Call, and (ii) Customer API Calls that do not reach Auth0 Core Services (e.g.,

due to government firewalls or IP blocking).

1.6. “Machine to Machine Service” means that part of the Auth0 Platform used to authenticate and authorize applications, rather than End

Users.

1.7. “Monthly Subscription Fees” means the annual subscription Fees specified in the applicable Order Form, pro-rated on a monthly

basis.

1.8. “Successful Minute” means a minute in which the Auth0 Platform is not repeatedly returning Failed API Calls and includes minutes

in which no Customer API Calls were made.

1.9. “Tenant” means a logical isolation unit, or dedicated share of a particular Auth0 Platform instance; the dedicated share may be

configured to reflect the needs of the specific Customer business unit using the share.

1.10. “User Authentication Service” means that part of the Auth0 Platform used to manage all aspects of Customer’s End User identity

authentication, such as when an End User logs in to the Customer applications, signs up, logs out, and accesses APIs.

2. Service Levels.

2.1. Service Level Standards. During the applicable Term, Okta will maintain in each month the average Availability for the Core Services

of at least 99.99% (“Availability Service Level %”).

2.1.1. Determination of Availability Service Level Percentage (%). The average Availability in Customer’s Tenants in each month will be

measured and monitored from Okta’s facilities and calculated using the following formula:

Availability Service Level % = (total minutes per month – Downtime (in minutes)) / (total minutes per month).

2.2. Service Level Credits. If the Auth0 Platform fails to meet the Availability Service Level %, Customer will be eligible to request a

credit, calculated as follows (the “Service Level Credits”):

2.2.1. Credits for Service Availability Level % Failure. If the Auth0 Platform fails to meet the Availability Service Level % during any

given month, and Customer requests a Service Level Credit per Section 2.4 below, then Okta will provide Customer with a Service Level Credit

equal to the percentage of the Monthly Subscription Fees for the month in which the service level failure occurred, corresponding to the

Availability Level specified in the “Service Level Credits” table below. Each Service Level Credit will be paid by Okta to Customer by way of

a credit on the next invoice submitted by Okta to Customer. If any credits are unutilized upon expiration or termination of the applicable Term,

Auth0-Platform-SLA-Rev-4.5.2 02-01-22.docx 2 Confidential

then Okta will apply such credits to any other Fees or expenses payable by Customer to Okta. If there are no such other Fees or expenses, then

Okta will pay Customer the credit amount.

Availability Level

Service Level Credit

< 99.99% - >= 99.9%

5.0% of the Monthly Subscription Fee applicable to month in which failure occurred

< 99.9% - >= 99.0%

10.0% of the Monthly Subscription Fee applicable to month in which failure occurred

< 99.0% - >= 95.0%

20.0% of the Monthly Subscription Fee applicable to month in which failure occurred

< 95%

50.0% of the Monthly Subscription Fee applicable to month in which failure occurred

2.3. Limited Remedy. The rights to Service Level Credits above are Customer's sole and exclusive remedy for any failure by Okta to meet

the Availability commitments related to providing the Auth0 Platform. The maximum total credit for failure to meet the Availability Service

Level % for any given month will not exceed 50% of the Monthly Subscription Fees. Service Level Credits that would be available but for

these limitations will not be carried forward to future months.

2.4. Scope. The Service Level commitments apply only to production use of the Auth0 Platform, and do not apply to any non-production

Tenants or environments, such as staging and testing Tenants and environments. The Service Levels apply only if Customer’s utilization of the

Auth0 Platform is in compliance with the applicable Order Form. Customer is not entitled to any Service Level Credit if it is in breach of the

Agreement (including Customer’s payment obligations) at the time of the occurrence of the event giving rise to the credit. To request a Service

Level Credit, Customer must contact Okta in writing within five (5) business days of the occurrence of the event giving rise to the credit. If

Customer makes a request for a report on their Availability pursuant to such a Service Level Credit inquiry, Okta will provide a report of

Customer’s Availability in that impacted month.