Unknown Analyst  

Good morning, everybody. Thanks for joining us here. We are thrilled to have you guys here and what should be a pretty interesting conversation with Okta leadership. We have the COO, Eric Kelleher, join us today. So really thankful to him for his time.

Just to level set stage here, we'll have a 30-minute fireside chat. We'll, of course, take questions as it comes through. And feel free to kind of e-mail me or -- at the conference link, and we'll take it as it goes or at the very end.

Unknown Analyst  

So with that, we'll get started. So just to kind of level set and kick off things here, Eric, so just curious, what are you really seeing on the field since you have been at the helm, right? Of course, Okta has transitioned and evolved fast from being an identity access player to now a full identity platform story. And now with kind of essentially AI taking shape and you guys, of course, are very much at the center of that, can you talk a little bit about the platform feedback on the field and all the traction you're seeing there?

Eric Kelleher   President & COO

Yes. First of all, thanks for the invitation to be here today. It's great to be talking to you. We -- at Okta -- I see we have a slide up here. So our mission is to enable everyone to safely use any technology. And our core business historically has been the business of authentication, of making sure that when a human is logging into a piece of technology that, that person is properly authenticated and it is who they say they are. And over the years, that mission has gotten more and more important and also more and more sophisticated.

So what used to be basic login has gotten into advanced step-up capabilities like multifactor authentication, 2-factor authentication you're familiar. And then as multifactor starts getting compromised through threat actors and cyber-attacks, we get into nonphishable multifactor, which is if you send someone an e-mail for a token or an SMS as a token, someone can intercept that and then use that and log in on their behalf. So how do you provide nonphishable things like biometrics? So how do you do a face ID or a thumbprint scan for your multifactor?

So our business has gotten -- has advanced to get more sophisticated on those fronts. But really, what we've seen overall and really in the past 2 years is a shift from the industry and our customers viewing identity as primarily a functional tool to identity being, first and foremost, a security tool. So today, depending upon whatever source you read, north of 80% of cyber-attacks start with some form of compromised identity. And so the problem of securing identity has never been more important. As threat actors are busier than ever, state-sponsored threat actors are busier than ever, our business has become more important than ever.

And then in addition to that core workflow I described in securing identity and authentication, the introduction of nonhuman identities is becoming increasingly important. So in addition to people that are authenticating, most systems that are out there, most technologies that are out there are deployed with something called service accounts. These are machine-to-machine accounts that APIs use to log into applications and log into technologies. And historically, customers, companies have not been great about securing the credentials for those accounts. And so service accounts can and are frequently used as a threat vector for actors to get into systems and create trouble within those systems.

So our customers are being increasingly mindful of how they secure their nonhuman identities. And that includes things like, for example, knowing where they are. So we've added a product to our portfolio this year called Security Posture Management -- Identity Security Posture Management. This tool scans customers' networks and identifies all the systems that they have deployed in their networks and identifies which machine accounts, which nonhuman accounts are configured in those networks to make them aware of where those credentials lie.

We then have a product called Okta Privileged Access, which allows them to take the credentials for those service accounts and manage them in a vaulted fashion where they're securely managed and they can be rotated. So we can cause them to make sure they're changing those credentials over time. Historically, once these service accounts were created, they were typically hardcoded into config files and hardcoded into APIs and never changed. And so they were really significant threat vectors.

And then we have an Identity Governance product, which also allows customers to provision and deprovision those machine accounts only when they're needed. So you shouldn't have a machine account that can be used or taken any time. It's when you're in a workflow and then you need to take action with that account, you want to have it turned on and then turned off immediately after it's completed. So our space has evolved in those areas with new product offerings that have helped customers solve related problems.

And then on the developer side, as people are developing custom applications, they need to manage identity for their users. They also need to manage authorizations. So it's one thing to know who an individual is. It's another thing to know what that individual is allowed to do and what data they're allowed to access.

You can think about this as your Google Workspace login. If you log into Google Workspace, when you log in with your username and password and multifactor or your passkey, you're coming in and you're authenticated. But then once you're into that account, we look at the problem of what you should have access to, what documents do you have privilege to read to edit, to comment. That's authorization, having fine-grained authorization.

Our Auth0 platform allows developers to build both authentication and fine-grained authorization for the systems that they're building and to manage their assets. That is increasingly important to your question about how does AI impact all of this. As people are developing new agents and developing agents in AI, it's very important that they can secure those agents from the get-go. So as they're developing in the beginning, they can use Auth0 with our new product that's in preview right now called Auth for GenAI, which allows them to build credentials for those agents that are properly vaulted and stored and to call APIs -- having the agents call APIs in a protected way as well.

Unknown Analyst  

Yes, that's great. I appreciate all the color. And since you touched upon the auth for essentially gen AI and it's already in early access and I think the GA is in summer sometime, just curious, what are some of the kind of initial trends and feedback you're seeing that's kind of emerging from some of the bigger enterprises? I know you're seeing some traction there. If you can tell us a little bit about it.

Eric Kelleher   President & COO

Yes, it's still very early. It's been a couple of months that it's been out. It's in developer preview. So we have -- a high volume of developers have accessed it and are using it now to build agents. We're working with many of those larger customers right now to assess when we believe it will be ready for GA. We've announced we expect that to be in the summer, so just in a couple of months. Here we are in June. So we're really encouraged by what we're seeing so far.

Unknown Analyst  

That's great. And since you touched upon machine identities, right, we were earlier in the day talking to 1Password, which is one of your key partner, CEO, CFO. And they were talking, of course, excited about the [ Janet ] future. And you guys have previewed also kind of the fascinating future and the vision, how the gen AI agents would kind of authenticate each other autonomously. Just on the field, right, in terms of you guys talking to the CISOs and the CIOs, how are they responding? Is it still like sort of a vision stage? Are we seeing meaningful material conversations, which are kind of translating to sort of either pipeline or at least kind of talks about that? Just curious on -- yes.

Eric Kelleher   President & COO

Yes. So every -- all of our customers are talking about AI. I spent a lot of time in my role talking with CISOs at our customers. I'm exec sponsor for a number of our accounts. I co-chair a forum of Chief Information Security Officers, the Okta CISO Forum. We meet formally in person twice a year, but then we have monthly briefings where we brief them on Okta threat intelligence and things that we're seeing. It's a very active and engaged group. And we had a group of them at Jackson about 2 months ago now. And this topic is very much top of mind for CISOs and how they solve it. And all their users and all their companies are bringing AI tools into the workplace.

And so they have a 2-part problem. Part 1 is what AI tools do they allow their employees to use as sanctioned and in a properly controlled and configured way and what AI tools do they need to be aware of employees using that are not sanctioned and how do they take inventory of that. So this is very top of mind for people and how they think about it.

From a development standpoint, what this means for identity? Well, for Okta, what we've done historically is we have made sure that an individual taking action is the individual that it claims to be or he or she claims to be and that when they take action that they're authorized to do the thing that they've said that they're going to do. And that's been our core business that's grown us to the size we are today. This shift in the industry fundamentally changes that because we're no longer limited by humans.

So I have one employee identity. So that's important. So for Okta, I have an employee record. I have multiple customer identities. So I have a Netflix account. I have an account with my bank, with my airline, with my utility companies. But I'm still one person who's gated with that. If I'm now one person that has a dozen agents operating on my behalf or 100 agents operating on my behalf, the identities that need to be managed become much more complicated and they have much higher volume.

And so we're working with our CISO customers and partners to understand how we grow our product offerings to best support them, how we evolve our pricing strategy to best support those agents and make sure that we're supporting them as well, and on the developer side, to help people build these agents in a way where they can be built and protected as well.

Unknown Analyst  

That's great. Since you brought up pricing, right, that's been sort of a big debate discussion, right, how to monetize this. And where do you -- from your perspective, where do you see the pricing land? Of course, I mean, you have a seat-based model, which doesn't seem like kind of scales appropriately, API calls, kind of orchestration. Just curious about your thoughts, how things will shake out.

Eric Kelleher   President & COO

Yes. We're still early stages thinking about that. We haven't published any model. We haven't committed to any model yet, but we're having the same conversation all the vendors are having in the space as to how we bring things to market. We have not announced pricing yet for -- I mentioned we have Auth for GenAI in developer preview on Auth0. We've not yet announced pricing for that, but it will be coming in the summer.

Unknown Analyst  

Got it. Just promising one last one on AI and then kind of switch gears. It's a bigger TAM question, right? And of course, so far, everybody has been talking about the opportunity based on human and as there's nonhuman piece and machines as well as agentic AI. If agentic identities become kind of essentially real customers, right, you've got to authenticate and authorize everything. How do you reframe -- or how does that reframe the TAM calculus and your positioning, right? I mean we're saying it could be multiple of the TAM, which you currently have.

Eric Kelleher   President & COO

Well, it makes it bigger. But the reality is our -- we don't feel limited by our TAM right now. So our TAM is huge. So we've -- the most recent update we published to our TAM puts the workforce identity market at about $50 billion and the customer identity market at about $30 billion, so $80 billion in total. We've guided this year for about $2.85 billion.

So there's tons of upside in our -- for us in our market already. So I think it's safe to say that we believe that the introduction of agents needing to be authenticated and authorized will create upside for us, but we haven't quantified our model for what we think that does to the TAM. And we don't feel a need to be specific on that yet.

Unknown Analyst  

Yes, that's fair enough. And we'll switch gears to go-to-market, which has been kind of a big focus area for you. And you guys have announced the go-to-market specialization early in February, kind of bifurcation for customer piece and then the workforce. Just curious how that is trending in terms of kind of key metrics. In terms of the rep productivity, how are you seeing that trend since the time you launched versus kind of year-over-year? And just curious, like what kind of upside in similar kind of productivity levels are you hoping for or you're really going after?

Eric Kelleher   President & COO

Yes. We're really confident in the specialization strategy we've talked about for this year. So if you go back a few years -- so this year's specialization -- by the way, it's our third wave of specializing our go-to-market team. I can provide some context on that. But this year's focus for specialization is on our 2 distinct identity management platforms. So we have the Okta platform, which is targeted for IT and security buyers. And then we have the Auth0 platform, which is targeted for developer buyers.

And our specialization this year is we've segmented the majority of our sales force, so people sell one or the other. And what that means is it allows our sellers to focus on the buying personas, which are very distinct. A CIO and a CISO buying tools to manage and secure identity has very distinct needs and very distinct use cases and very distinct expectations. And we now have sellers that are focused on providing a great service to that buyer and make sure they get everything that they need from Okta with the Okta platform.

Conversely, a developer, someone who's building an application, whether they're a SaaS provider or they're inside an IT organization that's building an internal service or service to use externally -- we have customers that use us for customer loyalty programs, et cetera. Developers need different things. They need developer tools and developer toolkits, and they need an architecture that will support the scale of the service that they're building specifically. And we're allowing our buyer -- our sellers to focus specifically on that developer buyer and what that developer needs and getting really great at providing really high-quality service.

The other thing that specialization does is it allows us to separate our road maps for these 2 technologies and make sure that we're prioritizing each of those personas for what they need. So one example of that is the Okta product historically has also supported customer identity use cases with a module called Customer Identity solution. We had, in recent years, been encouraging customers to buy Auth0 to solve that use case. But what we've heard loud and clear from our customers over that product is they don't want to switch products. They bought the Customer Identity solution because they wanted it, because it met their criteria, because it worked, because it scaled and they wanted to keep it.

And so now we're able to bring back a road map that very specifically services those needs. And by the way, that's a meaningful product in our ARR. So getting our road map separate and getting our sellers separate allows us to be better at servicing both of those markets and opportunities.

The other thing that has caused us to decide that this is the right time to do this now is we've been so successful in recent years at adding products into the mix that it's just become too hard for one seller to sell all of the products. So on the Okta platform alone, we've introduced Identity Threat Protection with Okta AI. This is a product that listens to signals. And if it detects an anomaly that suggests a session might be compromised, it can force logout from every session. So think about you're logged into Salesforce. You're logged into Workday. You're logged into Oracle. One signal comes in, we can log out of all those things at the same time. This is -- we call this feature Universal Logout. It's triggered by Identity Threat Protection. That is a conversation for sellers to have with buyers as a very distinct use case.

I mentioned Identity Security Posture Management, bringing that to market to help manage -- identify and manage nonhuman identities. That product has its own sales cycle and its own expectations and meeting specific buyer use cases. We brought to market Okta Identity Governance, which we've talked about publicly. And we shared some metrics on that in our Q4 results, which has been very successful and represents about 30% of the value of the contracts for people that are buying it. Governance is its own sales cycle and its own conversation with customers.

Behind governance in our pipeline, we have a privileged access product called Okta Privileged Access, which is also coming. Having one seller being able to sell all those products while also spending time selling to developers for developer use cases for the Auth0 use cases, it got to be difficult. And we understood that we were going to limit our ability to be productive from a sales standpoint, and we're going to be better able to focus on one platform per rep.

So it's early. You asked for metrics. We don't have metrics to share yet. It's early. We made these changes in February, and we just closed out our first quarter. What we said in our quarterly results is we feel like we're very much on track for what we expect out of this. And obviously, we made this change because we believe it's going to be beneficial for us.

Unknown Analyst  

Yes, understood. And on the ground, and since you have mentioned like you are seeing stronger kind of pipeline conversions, even sort of linearity also getting better, some of the questions which kind of come to us a lot is kind of how much would you attribute -- I know it's still early days, but how much -- since you mentioned about the confidence as well, how much would you attribute to -- specifically to the go-to-market specialization? Or it's still very, very early to kind of attribute?

Eric Kelleher   President & COO

I think our guidance for the year reflects all the variables, including specialization and what productivity we expect to obtain with it. I think we don't have any metrics to break out beyond what we've guided in the macro.

Unknown Analyst  

And in terms of the size of the deals, right, just given, as you highlighted, all the key, I would say, segments which are seeing traction, right, for the longest time like Customer Identity and all kind of having that inflect up. You have the OIG scale-up. You mentioned about the Threat Protection. So it seems like the platform stories are really coming together. Just curious, is that translating to like upfront kind of larger ACVs? And how is the go-to-market evolving around that, right?

Eric Kelleher   President & COO

We haven't talked specifically about deal composition and mix, but we have talked about how Identity Governance I mentioned a moment ago -- Identity Governance now in aggregate represents about 30% on average, 30% of the contract value for customers that included in the governance. So you can extrapolate from that data point that these products are meaningful and that people are buying into the platform story. They're not just buying access management with add-ons. It's a meaningful contributor.

Privileged Access is a year newer, and it's behind governance in the pipeline. So it's going to take time for it to gain similar traction. But the reason that we've expanded in these areas is because customers have pulled us in these areas. Customers that have deployed the Okta platform for core access management with single sign-on and multifactor and now adaptive multifactor have pulled us into needing some workflow capabilities.

And so we introduced Lifecycle Management, which is an Okta product that does some provisioning and then introduce workflows for more generic workflows, which have led us to build Okta Identity Governance as a new product. And we've been pulled in that direction because customers have needed us to provide more capabilities. And what they're telling us is they believe identity is a core platform. Securing identity is core to their business. It's core to their ability to secure their companies. And they're asking Okta to bring to market the secure identity fabric that ties all these components together.

So access management, governance, privileged access all need to live together. And it's even more important in a world where you're supplementing humans with nonhuman identities and with agentic AI. So for that -- and we expect this to continue to be a focus for us. It will take us some time to catch up on -- Privileged Access is a newer product. It's -- we don't win deals starting with Privileged Access in volume today, but we'll see that pick up over time.

Unknown Analyst  

Got it. That's great. And more recently, you guys have moved towards this kind of good, better, best model, right, from a la carte. Just curious, how is that shift really kind of gaining traction? I mean simplified pricing face of it should definitely help. Curious to know how enterprise traction is.

Eric Kelleher   President & COO

Yes, it's still really early. So you're referring to -- we announced a change to our product pricing a couple of months ago to now offer suites. We have 3 different suites that we offer for the Okta platform. And that was in response to customer feedback and analyst feedback that our product catalog had grown so deep in products and capabilities that it was getting really complicated for customers to navigate it and complicated for our sellers to navigate it, too, for that matter.

So we've announced suites that bundle up products that are typically purchased together that allow customers to purchase the Okta platform as a suite and then grow into the components of that suite over time. So we're only a few weeks into this. It's early, but we're very confident. The feedback has been good from sellers and from early customers, and we're confident it will continue to be the strategy going forward.

Unknown Analyst  

And in terms of the customer segments, right, and you guys called out in Q4, of course, strength in North America and federal, which is kind of a key vertical, international seems like a tremendous opportunity for you guys, right? It's still, I would say, less than 20% based on what you have disclosed. Like how do you plan to scale there? And since you've been at the helm for the last 6 months, like anything you see there which can really push that growth?

Eric Kelleher   President & COO

Yes. We clearly have an opportunity to expand internationally. As you said, it remains about 20% of our revenue. And for us, that comes with a number of investments. Probably the most meaningful one is we are very purposely investing in a go-to-market strategy called partner first, which is really leaning into channel partners and systems integrators and resellers and markets to allow us to increase our spend and focus. That will make sure that we're able to scale without spreading our resources too thin in markets where we don't have a presence.

We can work with partners that have a strong local presence. And we've made a number of operational changes in the sellers as well. But we also expect the specialization and platform to help internationally and the hunter-farmer specialization that we implemented last year, we -- last year was Americas commercial only. And this year, we're expanding that internationally, which will help there as well. So we're optimistic.

Unknown Analyst  

That's great. And just looking at some of the kind of e-mail coming up as well. One of the common questions, and not surprising, is on the macro front, right? And you guys did comment in terms of some of the April trends versus May trends. And I would say different companies are seeing slightly different things. Just curious as you go into the second half, like how do you think about the macro? Are you being more optimistic or cautiously optimistic or -- yes.

Eric Kelleher   President & COO

Yes. I think it's -- we got a lot of feedback from earnings about -- we talked about our views on macro in the earnings. We are -- we reiterated our guide. So we feel our guide for the year is the right guide. We beat in Q1. So one of the questions people had is, well, if you beat, why aren't you carrying that through your guide? And the way that we've responded to that is we're looking at what's going on in the economy. And we're looking at what's going on with tariffs, and we're looking at what -- the likelihood that, that could create headwinds downstream this year.

So we believe we're being prudent by maintaining our guide. We're starting to have -- on the federal side, we had a strong federal performance in Q1. We had a strong pub sec performance overall in Q1. Four of our top 10 deals in Q1 were federal. Two of our top 3 deals were pub sec, excuse me. Two of our top 3 were also pub sec. Several of those were federal. The -- so we didn't see a negative impact in Q1 related to those or administration changes, but we are having different conversations with customers. And so the government right now is trying to figure out what its strategy and investments are going to be this year. And buyers are looking at guidance that's coming in for what they need to do.

And on the positive side, the government is under mandate to modernize, and they're under mandate to move from complex on-prem systems to best-of-breed cloud systems. They're under mandate to better secure their organizations. And Okta solves all those problems. And our sales cycle with pub sec buyers are emphasizing all those problems. That's why they're talking to us.

And so we don't have a specific headwind there, and we certainly didn't see it in Q1, as we mentioned, but we're mindful of the fact that the people that are buying in that space have some volatility of their own that they're navigating with administration changes. So that's one input. And then we also just were looking at the economy and what we see happening in the economy. So we think our guidance reflects the fact that there is some risk to the economy. And -- anyway, that's why we shared.

Unknown Analyst  

No, that's super helpful. I appreciate that. And on the economy landscape, again, one question kind of comes up quite a bit. Of course, you guys are really differentiated in terms of the native depth of integrations and pricing simplicity, but there's the 1,000-pound gorilla or the elephant in the room depending on who you talk to, Microsoft, right? And recently, after their security incidents, it looks like you guys and customers seem to be ready to kind of decouple identity from Microsoft. Can you talk a little bit about how the win rates look like for you guys there? And are you seeing customers kind of really being aware of the security issues there?

Eric Kelleher   President & COO

Well, the press -- I don't want to talk about another company's security incident. The press covered a lot of what you're referring to last year. And we wish everyone to be as secure as they can be. And we don't disclose win rates specifically. What I will say is we do acknowledge amongst our competitive landscape, Microsoft is our largest competitor. And the primary area where we can -- it's one area. It's a subset of what we do. But the primary area that we compete is in core access management, single sign-on and MFA, which they bundle that capability in the Microsoft, E5 bundle.

So for a customer that is a Microsoft shop that is only using Microsoft apps that only needs SSO and MFA, there's a strong bias for them to deploy those capabilities with Azure Active Directory. But that's something that -- if you're using Office 365 and that's all you're trying to solve for, typically, you're going to deploy Azure Active Directory. For the majority of companies who are not only Microsoft shops that need to maybe do that and then also integrate other best-of-breed apps or other web apps or other on-prem apps, we are the default platform. We have over 8,000 integrations with our core platform. So we compete very well even in companies that are Microsoft shops.

And then our expanded product portfolio goes well beyond those capabilities. So our Identity Governance, Lifecycle Management, Workflows, Privileged Access Management, Identity Threat Protection, Identity Security Posture Management, all these products I've talked about on the Okta side differentiate us for what they do. So for customers that are looking to solve multiple identity use cases, we're again going to be the default platform.

So we do very well. And we believe the -- to your question about have individual incident -- security incidents changed things. I think in the meta, customers today view identity as a security problem that needs to be solved. And that is -- it is because there's an increase in security event activity that's causing all of us to be more aware and more diligent in how we solve for it. So we see that as opportunity. We also feel we have an obligation to make sure that we're providing products that can help companies be more secure. And that's what's driving our road map.

Unknown Analyst  

That's great color. I appreciate that. And talking about the Azure ecosystem, we'd be remiss not to bring up the AWS Marketplace. And you guys have called that out as a force multiplier in the past. Just curious like how large is the pipeline that is currently flowing through AWS. And it seems like that's really been a big lever, which is showing up in a lot of different ways.

Eric Kelleher   President & COO

Yes. We announced, I think, with our Q4 earnings -- Dave will keep me honest. The AWS Marketplace for us, we've passed $1 billion in revenue through AWS Marketplace, which is pretty -- we feel really good about. The -- and that has been accelerating. So I think its growth rate with Q4 earnings was 80% year-over-year. So for us, that channel is a really valuable channel. And we have thousands of AWS sellers that have Okta in their bag. Okta is their core identity platform.

So they have customers that are buying from AWS. Okta is the identity provider that they're going to buy through AWS. So we feel really good about that. And we're also -- our reps are incented to co-sell when needed. So when they need help, our account executives can engage with them and help close those transactions. So we see a lot of continued upside with that relationship. It's been very valuable for us, and we have a great partnership there.

Unknown Analyst  

It's great. I know we have just a minute. There's one more question which has come in, and I think that comes up, again, a lot, is on the federal side. And that's a standard vertical, right? You already mentioned, of course, it's an important vertical. And without really kind of getting into like unpacking or breaking down the growth rates for different agencies, just curious, like where do you see the most, say, opportunity there like across civilian, DoD and [ SLA ] like the public stack? And with the E5 bundling as well, right, and the dynamics in mind, like where do you see that opportunity and the opening of the field?

Eric Kelleher   President & COO

Yes. We see opportunity everywhere, and not just federal but in all public sector. We've been very -- had great success recently with state and local as well. On the federal side, we see use cases from securing employee identity, securing citizen identity for services like the Center for Medicaid and Medicare uses Okta to secure identity for subscribers to Medicare. And we have branches in the military that are using us to secure veteran access. So across the board, we see just enormous potential. And right now, pub sec in total represents less than 10% of our revenue. We're very well diversified, but we have plenty of opportunity to run there as well.

Unknown Analyst  

Awesome. That's all the time we have today. I know there is a breakout session coming up shortly. So a lot of people who want to ask questions can join there. And of course, we're meeting more investors. So I appreciate you joining us today. Thanks a lot.

Eric Kelleher   President & COO

Great. Thanks, everyone.