Situation Cards
Situation Cards
Issue Navigator
You heard something on a call. Find your signal below, pull the matching card.
-
"Copilot Studio is going live" → Federal / M365 SLED → Copilot Studio in Federal Accounts
-
"We're upgrading our chatbot to handle transactions" → SLED → Chatbot-to-Agent Transition
-
"How does Zero Trust apply to all these service accounts?" → Cross-sector, federal primary → Service Account Sprawl and NHI Governance
-
"MCP" or "Model Context Protocol" surfaces in conversation → Cross-sector → MCP Identity Governance
-
"We already have CyberArk for that" → Competitive, cross-sector → CyberArk / Palo Alto Networks Competitive
Your agency contact just mentioned Copilot Studio agents are going live
The OneGov deal put free Copilot in front of every M365 G5 user in federal civilian. Now Copilot Studio is live in GCC and GCC-High, and business teams are building agents without waiting for security review. Microsoft documents the risk themselves: agent makers can select "No authentication" and publish anyway. Governance controls exist but they're opt-in, and most agencies haven't configured them yet. If your contact mentioned Copilot Studio agents, you're sitting on an identity governance conversation. Here's how to run it without overstepping what Okta can claim today.
Your agency contact just mentioned Copilot Studio agents are going live
The OneGov deal put free Copilot in front of every M365 G5 user in federal civilian. Now Copilot Studio is live in GCC and GCC-High, and business teams are building agents without waiting for security review. Microsoft documents the risk themselves: agent makers can select "No authentication" and publish anyway. Governance controls exist but they're opt-in, and most agencies haven't configured them yet. If your contact mentioned Copilot Studio agents, you're sitting on an identity governance conversation. Here's how to run it without overstepping what Okta can claim today.
Situation Card — "The Chatbot Is Becoming an Agent" (SLED)
Your state IT director's chatbot is about to start processing benefits and submitting permits. They're excited about citizen self-service. They haven't thought about who credentials the agent, scopes its permissions, or shuts it down when something goes sideways. This card gives you discovery questions that surface the governance gap without requiring technical depth, positioning lines calibrated for SLED buyers, and clear SE handoff triggers. Microsoft is already in the account. You need to know what to say when the buyer tells you Entra handles identity.
Situation Card — "The Chatbot Is Becoming an Agent" (SLED)
Your state IT director's chatbot is about to start processing benefits and submitting permits. They're excited about citizen self-service. They haven't thought about who credentials the agent, scopes its permissions, or shuts it down when something goes sideways. This card gives you discovery questions that surface the governance gap without requiring technical depth, positioning lines calibrated for SLED buyers, and clear SE handoff triggers. Microsoft is already in the account. You need to know what to say when the buyer tells you Entra handles identity.
Situation Card: Service Account Sprawl — The NHI Conversation Starter
Your buyer just said service accounts are multiplying faster than anyone can track. Maybe a throwaway line in a QBR. Maybe a CISO calling AI credentials their new shadow IT. Either way, you're at the front edge of the non-human identity conversation, and most AEs fumble it because they don't know where Okta's story is strong and where it honestly runs out. This card gives you discovery questions, positioning lines, data points you can cite on a call, and the exact moment to bring in your SE. Three-minute read.
Situation Card: Service Account Sprawl — The NHI Conversation Starter
Your buyer just said service accounts are multiplying faster than anyone can track. Maybe a throwaway line in a QBR. Maybe a CISO calling AI credentials their new shadow IT. Either way, you're at the front edge of the non-human identity conversation, and most AEs fumble it because they don't know where Okta's story is strong and where it honestly runs out. This card gives you discovery questions, positioning lines, data points you can cite on a call, and the exact moment to bring in your SE. Three-minute read.
Situation Card: Buyer Drops "MCP" — Model Context Protocol
Your buyer just said "MCP" and you need to know what it means before the conversation moves past you. Model Context Protocol is the open standard letting AI agents connect to enterprise tools, and adoption is outrunning governance by a wide margin. The default implementation pattern breaks zero trust: shared service accounts, no per-user authorization, no audit trail. This card gives you the ten-second translation, the governance gap framing that moves the conversation to identity, and clear lines on where to stop and hand off to your SE.
Situation Card: Buyer Drops "MCP" — Model Context Protocol
Your buyer just said "MCP" and you need to know what it means before the conversation moves past you. Model Context Protocol is the open standard letting AI agents connect to enterprise tools, and adoption is outrunning governance by a wide margin. The default implementation pattern breaks zero trust: shared service accounts, no per-user authorization, no audit trail. This card gives you the ten-second translation, the governance gap framing that moves the conversation to identity, and clear lines on where to stop and hand off to your SE.
Competitive Situation Card: "We Already Have CyberArk"
The buyer says CyberArk handles their agent security. They're not wrong. CyberArk shipped GA agent capabilities in December 2025, and their PAM track record is real. PAM and governance solve different problems, though, and that difference is your entire play. This card gives you the additive angle: how to position Okta alongside CyberArk in accounts where privilege controls are strong and lifecycle governance for agent identities doesn't exist yet. Discovery questions that surface the gap without threatening the relationship, positioning lines calibrated for public sector CISOs, explicit boundaries on what you can claim today, and clean SE handoff triggers.
Competitive Situation Card: "We Already Have CyberArk"
The buyer says CyberArk handles their agent security. They're not wrong. CyberArk shipped GA agent capabilities in December 2025, and their PAM track record is real. PAM and governance solve different problems, though, and that difference is your entire play. This card gives you the additive angle: how to position Okta alongside CyberArk in accounts where privilege controls are strong and lifecycle governance for agent identities doesn't exist yet. Discovery questions that surface the gap without threatening the relationship, positioning lines calibrated for public sector CISOs, explicit boundaries on what you can claim today, and clean SE handoff triggers.