Sign in

You're signed outSign in or to get full access.

Okta - Earnings Call - Q2 2026

August 26, 2025

Executive Summary

  • Q2 FY26 delivered revenue of $728M (+13% YoY) with non-GAAP diluted EPS of $0.91; both beat S&P Global consensus, and non-GAAP operating margin expanded to 28% from 23% a year ago. The beat was driven by strength in public sector, Auth0, and new product adoption.
  • Remaining performance obligations (RPO) rose 18% YoY to $4.152B and cRPO rose 13% YoY to $2.265B, while operating cash flow was $167M (23% margin) and free cash flow $162M (22% margin).
  • Guidance raised: FY26 revenue to $2.875–$2.885B (from $2.850–$2.860B), non-GAAP operating income to $730–$740M (from $710–$720M), EPS to $3.33–$3.38 (from $3.23–$3.28), and FCF margin to ~28% (from ~27%). Management also removed the prior macro conservatism from guidance.
  • Stock-relevant catalysts: DoD-scale deployments (myAuth replacing DS Logon), strong federal renewals and largest deal in the quarter with a DoD agency, and the new Cross App Access protocol for securing AI agents, reinforcing Okta’s identity security fabric narrative.

What Went Well and What Went Wrong

What Went Well

  • Public sector momentum: five of the top ten Q2 deals were in U.S. public sector, including the largest deal with a DoD agency; renewals were strong, underscoring mission-critical status of Okta solutions.
  • AI and platform innovation: management previewed an “identity security fabric” and introduced Cross App Access to secure AI agents; Okta’s independence and neutrality positioned as strategic advantages versus platform entrants.
  • Go-to-market specialization: record pipeline generation, improved AE-driven pipeline, and partner touch on the top 20 deals, supporting productivity gains and second-half execution confidence. “We generated an all-time high for pipe in Q2” (Eric Kelleher).

What Went Wrong

  • Procurement delays and contract restructuring at civilian agencies (headcount reductions), partially offset by upsells of new products within the public sector.
  • cRPO growth decelerated vs prior quarter YoY rates (Q4 FY25 cRPO +15% YoY vs Q2 FY26 +13% YoY), reflecting normalization after duration and comp plan changes last year.
  • Workforce ACV growth pace drew analyst scrutiny; management emphasized continued efforts to expand awareness and deployment of governance, privileged access, and threat protection to drive upmarket breadth.
View the full earnings report

Transcript

Speaker 2

Hi everyone, welcome to Okta's second quarter of fiscal 2026 earnings webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's meeting will be Todd McKinnon, our Chief Executive Officer and Co-Founder, and Brett Tighe, our Chief Financial Officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting. At around the same time that the earnings press release hit the wire, we posted supplemental commentary to the IR website. Today's meeting will include forward-looking statements pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995, including, but not limited to, statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance, or achievements to be materially different from those expressed or implied by the forward-looking statements.

Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-Q. In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to, and not a substitute for, or superior to, measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non-GAAP financial measures, and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents, are available in our earnings release.

You can also find more detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website. In today's meeting, we will quote a number of numeric or growth changes as we discuss our financial performance, and unless otherwise noted, each such reference represents year-over-year comparison. I'd like to turn the meeting over to Todd McKinnon. Todd?

Speaker 3

Thanks, Dave, and thank you everyone for joining us this afternoon. We are pleased to report solid Q2 results with continued strength with large customers, Auth0, new products, the public sector, and cash flow. We are seeing encouraging signals from our newly specialized go-to-market teams, and we're excited to build on this progress as we enter the second half of the year. Brett will cover more of the Q2 financial highlights, and I'll cover product innovation, securing agentic AI, and preview some of the innovations we'll be highlighting at Okta next month. Now, let's get into our Q2 results. Consistent with the past four quarters, new products from Okta Identity Governance, Okta Privilege Access, and Okta Device Access to Identity Security Posture Management, Identity Threat Protection with Okta AI, and Fine Grain Authorization had another strong quarter of contribution. Okta's unified identity platform is delivering differentiated value to our customers.

For example, a leading healthcare billing company chose Okta to rebuild and modernize its identity security practice from the ground up. They needed a single identity platform to unify workforce identity and scale with growth. Okta delivered OIG, OPA, ISPM, and ITP, supporting thousands of apps and integrations. By consolidating identity with Okta, this first-time buyer replaced a fragmented multi-vendor approach to implement a modern, scalable identity security practice in one decisive move. In a move that we believe will further accelerate Okta Privilege Access growth, I'm delighted to announce that we've signed a definitive agreement to acquire Axiom Security, a modern PAM vendor. The team at Axiom built complementary technology that helps organizations eliminate standing privileges and secure critical infrastructure, including key features for securing both human and non-human identities.

Once we close the acquisition, which we anticipate will be later this quarter, we will support Axiom's customer base while we work to integrate their technology into Okta Privilege Access. Combined, we'll be able to deliver superior security and compliance outcomes like unified control and just-in-time access to a wider set of resources for our customers. Going forward, we believe every organization will need an identity security fabric, an architecture that enables them to fully secure every identity, including AI agents, every identity use case, and every resource across their business. The Okta platform helps organizations bring this identity security fabric to life. Take our approach to securing non-human identities, or NHIs. Okta's unified platform helps ensure they receive the same level of visibility, access control, governance, and remediation as human identities.

This includes the ability to detect and discover NHIs wherever they exist, provision and register them properly, authorize and protect them with appropriate policies, and govern and monitor their behavior continuously. That's the power of an identity security fabric enabled with Okta's unparalleled breadth of modern identity security products. No other company can deliver that level of sophistication. With our Auth0 platform, we're enabling developers to build agents that are secure by design, an identity security fabric ready from day one. Auth0 for AI agents, formerly known as Auth for GenAI, delivers user authentication that works seamlessly with AI workflows, token vaults that securely manage credentials, async authorization that lets agents work autonomously while maintaining user control, and fine-grained authorization that permits AI agents to only access authorized data.

We're in the middle of this exciting and rapidly changing environment, and with these two platforms, Okta is driving the industry to an architecture where identity is both more valuable and more secure. Securing AI is the next frontier, and our introduction of a new open standard called cross-app access is a key part of the solution. This is an important innovation that helps control what AI agents can access, allowing us to help make our customers and ISVs more secure and providing better end-user experience. In short, cross-app access allows for support of AI agents within the identity security fabric and the flexibility to safely connect to other technologies. Already, there is strong interest in cross-app access from partners and ISVs, including AWS, Boomi, Box, and Zoom. We had over 1,100 attendees at our identity summit on the topic earlier this month.

At our Octane Conference next month, we will share how we are enabling every organization to build, deploy, and manage AI agents safely, securely, and at scale. In addition to the keynotes and product demos, we will be hosting a Q&A session for analysts and investors at the event, featuring myself, Brett, Eric Kelleher, our COO, and John Addison, our CRO. Come join us in Las Vegas or join us online for the AI Security Event of the Year. Finally, I know you're all interested in our views on the Palo Alto Networks CyberArk announcement. Okta has pioneered the modern identity market. As platform companies enter the market, it underscores two very important things: identity's central role in security and the importance of Okta's independence and neutrality.

To this day, we remain the only modern, comprehensive, cloud-native solution built to secure every identity, from employees to customers to non-human machine identities to AI agents, without locking customers in. On the whole, we think the transaction further validates the importance of identity but won't meaningfully change the competitive landscape. That flexibility is why the world's largest organizations across the public and private sector trust Okta and why we're confident we're on the winning path. To wrap things up, we're pleased with our Q2 results, and we're excited about the future with our growing portfolio of modern identity solutions and how Okta secures AI. As more and more customers turn to an identity security fabric to simplify control and strengthen protection across their organizations, Okta is here to meet them with the most modern and comprehensive identity security platform in the market today.

As always, I want to thank the entire Okta team for their tireless effort and also thank our loyal customers and partners who put their trust in us every day. I look forward to seeing all of you at Octane, and now here's Brett to cover the financial commentary and talk about how we're positioned for long-term profitable growth. Thanks, Todd, and thank you everyone for joining us today. My commentary will provide insights into our Q2 performance and then move into our outlook for Q3 and FY26. Last quarter, we introduced some conservatism in our business outlook with regard to uncertainty in the macro and our federal vertical. I'm pleased to say that neither materialized, and we're removing them from our outlook for the remainder of the fiscal year.

While we're only two quarters into our go-to-market realignment, we're encouraged by the signals we're seeing, including improved sales productivity and record pipeline generation. This success echoes the long-term performance of our already specialized teams in areas like the U.S. SMB market and public sector. The positive signals from Q2 give us great confidence that our increased specialization will drive long-term growth for both Okta and our customers. That's a nice segue into the strong Q2 performance we saw in our public sector business. While we did experience some contract restructuring with civilian agencies and delays in procurement processes, renewals across all of federal were strong, reflecting the mission-critical nature of our solutions. Okta continues to perform well with government organizations at all levels, highlighted this quarter by multiple new business and upsell deals with the U.S. Department of Defense and state agencies.

Overall, five of our top 10 deals in Q2 were with the U.S. public sector, including our biggest deal of the quarter, which was secured with a U.S. Department of Defense agency. In that particular deal, the agency needed to replace its aging legacy logon system while ensuring compliance with federal mandates on cybersecurity and zero trust. Working closely with our partners, the agency will be modernizing with Okta Customer Identity as a central component of their new access system. It's worth noting that about a year ago, we made the strategic decision to reinvest in Okta Customer Identity, and those efforts have led to substantial growth in the product. In the first half of FY26, OCI bookings have really accelerated and were a strong contributor to pipeline generation, driven by deals in both the public and private sectors.

Turning to capital allocation, we ended the quarter with a strong balance sheet consisting of approximately $2.9 billion in cash, cash equivalents, and short-term investments. Next week, the 2025 convertible notes reach maturity, and we will settle the remaining principal amount of $510 million in cash. We regularly evaluate our capital structure and capital allocation priorities, which include investing in the business, tuck-in M&A, and opportunistic repurchasing of the 2026 notes, of which $350 million remains outstanding. Now, let's turn to our business outlook. For Q3 and FY26, we continue to take a prudent approach to forward guidance that factors in our go-to-market specialization that was rolled out at the beginning of this fiscal year. For the third quarter of FY26, we expect total revenue growth of 9% to 10%, current RPO growth of 10%, non-GAAP operating margin of 22%, and free cash flow margin of approximately 21%.

For the full year FY26, we are raising our outlook and now expect total revenue growth of 10% to 11%, non-GAAP operating margin of 25% to 26%, and a free cash flow margin of approximately 28%. To wrap things up, we're pleased with the solid Q2 results. We've significantly increased our profitability and cash flow over the past couple of years and remain focused on accelerating growth. We're excited about the adoption of new products and the rapid pace of innovation, and we remain confident that Okta's independence and neutrality position us best to lead the identity industry. With that, I'll turn it back to Dave for Q&A. Dave?

Speaker 2

Thanks, Brett. I see that there's already quite a few hands raised, and I'll take them in order until the top of the hour. In the interest of time, please limit yourself to one question. With that, we'll get started with Brad Zelnick. Brad.

Great, thank you so much. Video on. There we are. Congrats, guys, on a strong Q2. My question for you, Brett, great to see the NRR stabilize. I know in the past you talked about downsell pressures subsiding into the back half of this year, and I just wanted to understand what other indicators might you look at as inputs into your guidance and the macro caveat that you've now removed this quarter. Does that still hold that, as we proceed from here, we feel good that NRR should effectively have bottomed? Thank you.

Hey, hey, Brad, before Brett jumps in, maybe I could just make a high-level comment. I think on the quarter, we're very pleased with the execution. I think it was solid execution. Looking forward, I think we're very excited about the strategy. Our strategy is to be the one-stop shop for identity. That's what customers want. They want fewer identity vendors. I work with one of the largest high-tech companies in the world, and they're replacing 50 identity vendors with Okta. Customers want to consolidate on a single identity partner, and they want to do it in a way that covers all of these different use cases. You'll hear different variants of this across the call. I think that's really what makes us so excited about the future and that our strategy is really working along with solid execution.

Speaker 3

Brad, you broke up for a second in the middle of your question. You were asking around NRR and how it's trending, but you also said something around macro. Can you just clarify what you're saying?

I may be incorrectly, but I think of those concepts going hand in hand. In the past, you've talked about downsell pressure alleviating come the back half of this year. We now see NRR having stabilized. Wanted to appreciate what other inputs you look to when you remove the macro caveat in your guidance going forward, and if we can have confidence that, in fact, you know, 106% is a level from which we can now re-expand. Thank you.

Speaker 2

Absolutely. I've said for a couple of quarters now, actually a few quarters now, around the NRR effects of the macro being, you know, impacting that NRR. I'm saying the last few years, kind of the COVID cohorts, I would say not having as much of an effect after the first half of FY2026, and we still believe that to be the case. In terms of what we expect it to be for the balance of the fiscal year, we still think similar to what I said before, which was plus or minus a little bit from here, just depending on the mix of business, whether there's more new business or more upsell in the quarter. That's how we think about the NRR side.

In terms of macro effect on the rest of the guidance in the earnings remarks today, we've removed that because we clearly didn't see anything that was that differentiating in Q2. It seemed a lot more of the same from what we've seen over the last several quarters, and that's what we think it's going to be for the balance of the fiscal year.

Thanks for taking my question, and congrats again.

No problem. Thanks, Brett. Next up is Matt Hedberg.

Great, thanks for taking my question, guys. I'll offer my congrats as well. Really solid execution, including the new product success. It's great to see. Todd, I had a question for you. When we look at the AI native cohort, are there any interesting adoption trends that you're seeing there in terms of what products they're taking, how they're using the platform, any consolidation trends? Is there any thought of some of the early AI natives from a DIY perspective? Just sort of curious on how those folks are approaching your platform.

It doesn't seem dramatically different than other cohorts in terms of adopting workforce solutions or Auth0. It looks pretty much the same, except they're growing very fast. I guess that's a difference, especially on the revenue metrics. It's growing very fast, and we think we're well positioned in that cohort. I think it's similar to every company. They're trying to figure out how they can be secure internally as they're growing very fast. I know from a workforce identity and identity security perspective for their internal operations, they're sitting on a lot of very valuable data, and definitely hackers want to attack them, like they want to attack every important company. They're really investing in identity security, and Okta helps them with that.

In terms of building their products and how they're connecting with their customers, they want to obviously connect on the web and mobile channels, but also they want to, they're all building AI agents themselves. That's one of the customers, every enterprise is being really, they have to make these choices about how many AI agents they buy, who they buy them from, and all of these AI native companies are working hard to fill that void along with Salesforce and Workday and more of the established companies. What it means for customers that are on the enterprises that are trying to adopt these great new coding tools or these great new business automation processes or even the agent building platforms is they have to figure it all out in a way that has really high security implications.

Everyone's heard this story of how big companies are doing simple AI chatbots, and then all of a sudden confidential information is leaked because the AI chatbot leaked the wrong thing. Big security implications, but at the same time they see big business value, and they're not really sure which platform to invest in. One of the things we're really focused on is trying to provide the right security for this agentic future, but also at the same time give them choice and flexibility as every new AI company is trying to give them an agent platform and a capability to build these things. As established vendors, it's pretty complex for these companies to figure out. We're trying to help them through it all, but it's an interesting time out there.

I think it's a good time to be an identity company, and we're really excited about where this is all going.

Great to hear. Thanks.

Thanks. We'll go to Eric Kelleher.

Speaker 0

Thanks, Dave, and congrats, Todd and Brett. If I could ask one for Todd and one for Brett, I mean, Todd, you've always been very clear that identity should be its own independent standalone platform. Can you just elaborate a little bit more on the comments of why you think that's critical for identity to be independent? Brett, if I could just on a modeling question, great, very exciting deal with the U.S. Department of Defense, the expansion deal. How should we think about that as it relates to RPO and CRPO and think about it in the model going forward?

Speaker 2

Yeah, I think on the category of identity, back when, a long time ago when I started Okta, it was like, would it be important enough? You know, could you build a big company around identity? At the time it was like identity was a part of another platform and people didn't think it could be a big company. Over, you know, a decade and a half since, it's very clear it's super important now. Now this new question is like, should it be its own independent platform or should it be part of another platform? As you mentioned, we have a very strong worldview that it should be independent, neutral, and it's really two reasons. The first reason is that it's too fragmented and there's too many niche players and there's too many legacy platforms and it's too complicated for big companies. In that sense, it has to consolidate.

It's too complicated. It's holding companies back. I mentioned this, one of the biggest technology companies in the world, we're helping upgrade all of their disparate identity platforms from SailPoint to CyberArk to HashiCorp to Ping to ForgeRock. They're consolidating them all in Okta. The reason they're doing this is because two reasons. It's cost. It's expensive and it's operationally challenging to keep all this stuff running. A lot of them are legacy platforms running in their own data centers or Amazon. The second reason is that it's preventing them from adopting the future. It's preventing them from rolling out more agentic workflows, et cetera. There's just the simple argument of cost and fragmentation. Now the second answer is like, which, and that could be true of any category. People want, in theory, fewer vendors and less operational cost for many categories: collaboration applications, security tools, et cetera, et cetera.

Why should your point of consolidation be identity? Our answer is simple. It's because you can, you know, like I mentioned before, you can save a lot of money, a lot of time, a lot of energy. Secondly, it's the one thing you can consolidate on and still preserve choice across everything else. If you are adopting Microsoft identity, you are making a decision that your first choice and your preferred vendor for everything else is going to be Microsoft, which could work for some companies, but it's not going to work for most companies, especially large companies. If you, that's the independence argument, and that's why we think when companies are, and you see in the results, right, as 13% CRPO growth and the success we're having across the board, what we're seeing is that customers are showing this preference too. They want to consolidate.

They want to pick the right points of consolidation. In our case, we're having the most products, the most modern products, the breadth of capabilities, the reliability, the security, it's resonating with them. Eric, to answer your question, fairly simple, like many other public sector deals, the RPO value and the current RPO value are going to be the same because it's a one-year deal. That's just how it works with a lot of the public sector. Okay, next up, we're going to go to Brian Essex.

Great, thanks. Did you say Eric Kelleher is on as well?

Speaker 3

Yes.

Speaker 2

Yeah. Yeah.

All right, awesome. Maybe for.

Speaker 0

Hi, good to see you, Brian.

Yeah, good to see you too. When we met intra-quarter, you gave us some great context of the evolution of the Salesforce, both a hundred farmer model and the decision to specialize. Could you maybe bring us up to date in terms of where that sales, where each of those kind of specializations or specialized sales forces have evolved to? How does that drive confidence and ability to execute through the remainder of the year, both from a productivity as well as plans for hiring going forward?

Todd, great question. Thanks, Brian. We feel very confident in where we are today. We said last quarter when we got together that we were very much on track for the expected impact and productivity impact of all the changes we made to specialize on the Okta platform and the Auth0 platform. In Q2, our results were very strong as well. As you can see, it's a solid quarter, and they reflect increased productivity from a specialization standpoint. We remain optimistic and confident that this works. This isn't the first time we've specialized, and Brett talked about this in his opening comments. Our first real investment in specialization was for our public sector business, and you've heard us talk for many quarters now about strength in public sector and how that's been performing.

Eighteen months ago, we implemented a 100 farmer specialization in the SMB space for North America, and we've seen that deliver. That group has had a very effective first half of this year. The change management and the change costs associated with that have really played out, and we're really pleased with the productivity for that group and the organization. Our specialization for platforms, now our third major wave of specialization, we feel good about as well. We saw productivity gains in Q2, which were in line with where we're hoping to get. One of the metrics in our commentary, we generated an all-time high for pipe in Q2. That's partly attributed to the fact that we now have people specializing in our buyers, in our buyer personas.

We have people specializing in developer buyers and people specializing in IT and security buyers, and they're more effectively able to identify and qualify and prosecute leads and convert that into opportunity at the top of the funnel. We're very pleased with progress so far.

All right, great caller. Thank you so much.

Speaker 2

Hey, Brad, I would just add one thing to what Eric just said, which is around what he was saying around the pipeline by source. We saw a nice growth in the quarter for pipe being created by AEs themselves, right? That really is attributed to the fact, like what Eric was just saying, they know the products better. If you allow them to specialize, they're going to know it better, and you're going to see numbers like that. That's really a nice sign for us as an organization because it really, it's one of those positive feedback points that we feel like things are working and headed in the right direction.

Right. You've been focused on channel productivity as well. Has that also improved sequentially? Are you getting kind of momentum there?

Yes, absolutely. All 20 of the top 20 deals were touched by a partner. Also, from a pipe gen perspective, in terms of the source where it was coming from, the partners also had very nice growth in the quarter. You add all that up and you get record pipe gen and nice results like we just had.

Good stuff. Congrats on the results. Thank you.

Thanks, Brian. Next up is Josh Tilton.

Thank you, guys. Since I have Todd, I'm going to try and ask a nerdy tech question, although I preface it with I'm not 100% sure I understand what I'm asking. I think investors are kind of trying to understand which piece of the identity puzzle is going to benefit the most from AI. It sounds like you're buying, you're making an acquisition because there's some PAM pieces that are going to help you secure AI. If you dig into cross-app access, it also looks like it's using tokens and protocols and stuff you use for SSO and MFA. What is your view of which piece of this puzzle is really best positioned to benefit from an AI future? More broadly, what is incremental to cross-app access that you're getting from this acquisition you just announced?

Yeah, I imagine, Josh, imagine how confused the buyers are in the market, like when they're trying to buy all this stuff. That's why our, and it's true, right? They're all very excited about, as we all are, the technologists and business people and people that just observe the world of what it could be possible with AI. They're just inundated with this complexity of how you get the best products and what the right platform is, and should you use Microsoft or should you use Google and should you use OpenAI? Like, what's the right thing to build? What's the right thing to buy? Our perspective is quite simple. It's that you have many problems today in your enterprise that are clear and present, and you can get a lot of security benefit by addressing these problems. These are the problems that we talk about a lot.

These are service accounts. These are machine identities. These are putting the right vaulting and governance workflows around all of these things. These are like the bread and butter of our identity platform across governance and privileged access and identity threat protection with Okta AI and the bread and butter of what we're talking about. These are clear and present things today. In addition to that, every company is going to make a huge investment in AI agents. What that's going to do first and foremost is it's going to make that problem I just described five times worse. Every agent wants to connect to 10 service accounts and is going to have its own tokens. We are in this environment where people are very receptive to what we're saying because it's fundamentally understood that this is a problem they have today, and it's getting worse.

I've had the last week, I've had conversations with CIOs of massive companies that everyone's heard of that say, there's no way we're going to be able to do this AI stuff if we don't get our identity foundation in order. That's clear and present. Now, in addition to that, I think there are investments we are making and innovation we're building that is going to even take it a step further, which is actually modeling the identity of an agent and giving more power to the customer to manage and secure these things because it's a native thing inside of Okta, which is also very exciting. That's very early because the amount of companies that are actually playing with AI agents is 100%. The ones that are actually putting them in production at scale is very small.

The timing is right here to solve this problem they all have today, the service accounts and token vaulting, et cetera, and then over time be the system of record for the AI agents themselves and give them choice and flexibility on if they want to use Salesforce or what they want to use Salesforce for, agents or ServiceNow agents or build their own agents and give them the fundamentals across all of that, which are security control and governance. Now, specific to your questions about Axiom, we're very excited about Axiom, but it's a little different. Axiom is, first of all, these folks on this team are super talented, and they are deep, deep privileged access management experts. One thing we're doing at Okta right now is we're on this mission to recruit across the entire company the best identity people in the world. Axiom falls in that bucket.

We get some of the best PAM experts in the world to join our privileged access management team, which is great. They also have a technical capability around securing infrastructure connections to databases that is world-class and gives us an enhanced benefit there. Honestly, it's really about the team and having this great technology for sure, but it's these expert privileged access engineers and product people to join our PAM team, which is, you know, we're trying to build the world's best team across the board, and it's a great addition too. I know this is a long answer. I'll try to say one more thing. Cross-app access is an industry-wide effort. It's actually three years old.

We've been working on this for three years, and it came out of Mike from Atlassian and Eric from Zoom and many other SaaS leaders wanted a way to standardize how, when they sold their products into companies, how those products were then hooked up to everything else in the company. Zoom wants to connect to your calendar, wants to connect to a note-taking. Atlassian wants to connect to all of your other software development tools. We invented this protocol and this concept and have published this open standard to solve a very important problem. How do you give your IT teams and your security teams visibility into all these application connections that happen between apps? That's a problem that's existed for a long time, and guess what's happening with AI? AI is supercharging this problem. Now, every agent, guess what it wants to do?

It wants to connect to 15 applications, and guess what you need? You need an open protocol for all of those applications that are letting those agents connect, publish, and share that information with the security team, so they can have visibility and control and audit that. That is why cross-app access is so important. It lets the ecosystem form around this system of how agents can share their connection information in an open and transparent way.

Actually, very helpful. I appreciate the long response. Thank you.

Yeah, thanks. Thanks for the question, Josh.

Speaker 3

Hey, let's go to Greg Moskowitz.

All right, terrific. Thank you, guys. Congratulations on a really good quarter. Brett, I'm wondering if there was any change in upsell or cross-sell rates among SMB customers or enterprise customers, and then realized that it's still early days, but what are you seeing so far regarding demand for your new suites? Thank you.

Speaker 2

Yeah, I'll let Eric talk about the suite side of the house, but from an overall upsell/cross-sell perspective, it was fairly similar to what we've seen in the last few quarters. You've heard us talk about for several quarters now the pipeline being more weighted toward upsell and cross-sell as opposed to new business. That continues to be the case. You see these bigger customers getting bigger as a result of that, right? That's why you see the greater than $100K having a nice add. You see the greater than $1 million, almost 500. We're at 495, up 15% year over year. That upsell/cross-sell continues to work, especially as you've heard Todd talk about, we keep adding all these new products into the mix, depending on which side of the business you're on, and ultimately helping us across the board there.

Speaker 0

Yeah, on the suites part of that question, and thanks, Greg, for the question. We're pleased with what we're seeing with suites. We introduced suites for the Okta platform a few months ago, and it was in response to demand from customers who have bought into Okta's vision of the secure identity fabric. These are companies that, as Todd mentioned earlier, are looking for an identity partner that they can work with to help them solve all of their identity use cases, whether that's threat protection or security posture management, access management, governance, privileged access. That is the secure identity fabric vision that Okta is bringing to customers. What we found is our customers want easier ways to engage with us to get the secure identity fabric for themselves. The suites are really designed to do that.

They bundle pieces of the Okta portfolio to help customers address the use cases that are most compelling for them right now, but also give them room for where they're going to grow on their roadmap as they go forward. We're pleased with what we've seen. We're a few months in, so we're not breaking out numbers for suites for that packaging specifically, but we're seeing the impact we expected.

Speaker 2

I think it's a, I'll just add real quick, just to give the group some really detailed color about what's going on. We have a sales team now that's focused totally on selling the Okta products, and the opportunity there is big simply because we have to make sure the customer understands the breadth of what we have. It's much broader than it was just a couple of years ago. Just a couple of days ago, I was on a call with a big federal agency, and it's been a customer of Okta forever, but they really think of Okta as multi-factor authentication and just login. They had no idea we have a governance solution, we have identity threat protection, we have all these other products that can help them be secure across the board and consolidate vendors, et cetera, et cetera.

Their eyes just lit up, and the size of that deal potential just, you know, probably tripled or more. It's really about getting this message out there that this is possible. We have the best solution, the most comprehensive solution, the most modern solution. There is a better way, and that's why these things like suites or specialization dovetail right into that strategy that's working.

It's also a tie back to the conversation we've been having for a few quarters now around specialization. One of the reasons specialization to us was the winning strategy is we've seen so much innovation on the product side of the business for both the Okta platform and the Auth0 platform. To Todd's point, our sales reps were having difficulty really articulating and evangelizing the full benefits of the entire portfolio, the entire secure identity fabric to our customers. Specializing gives them more opportunity to get deeper. Whether it's Identity Threat Protection with Okta AI or Identity Security Posture Management, Okta Identity Governance, Okta Privileged Access, fine-grained authorization, highly regulated identity, all the products that have been coming out for both of these platforms and now Auth0 for agentic AI.

These are specialists that are better able to get into the specifics of these technologies for the specific use cases our customers are talking to us. That's bringing us help. The suites are helping with that from a design and purchase standpoint.

Great. Thank you, guys.

Next up, we have John DiFucci.

Thanks, Dave, and thanks, everybody. There's a lot of good information coming out tonight, especially things like cross-app access, and it just demonstrates your leadership position in the whole identity space, especially when you're able to contribute that to the whole ecosystem. My question is for Brett, and it's a little more tactical, I think, because otherwise I know I'm going to get, we're all going to get this question all day tomorrow. Brett, you said that the sort of, I forget your exact words, but excess conservatism around the U.S. Fed, which was strong, and macro were no longer implied in your guide. I just want to make sure I understand what that means. Does it mean that we potentially won't see the same amount of beats going forward? You sort of alluded to that in the past.

Along the same lines, how long do you think the go-to-market changes that happened in fiscal 1Q will present a potential headwind to your business momentum? That's still in the guide, right?

Absolutely. Yes, we did remove that layer of prudence for macro going forward. The primary reason is it didn't come to fruition like we thought it was going to the last time we spoke, probably about 90 days ago, John. To answer your second part of your question, yes, the go-to-market specialization is still baked in there. Although we're seeing positive signs and positive feedback from the field, we're still a couple of quarters in. As you remember, when we first started talking to all of you about this, it takes time for these things to come to fruition and really hit their full stride. We talked about U.S. public sector. We've talked about U.S. SMB. It's taken a little, it takes some time. You have to be methodical in your approach.

Yes, to your point, John, we are trying to shoot for closer to the pin than we have historically. We started trying to do that about three, four quarters ago. I will admit that I was probably a bit a little wrong on the macro side, and we delivered a really nice beat this quarter. If you look 90 days ago, the world was a little different. I will take that charge. Ultimately, we are trying to get a little closer to the pin than we have historically.

That's really helpful. Thank you, Brett.

Next up, we have Shreenath Atkari.

Great, thanks for taking my question. Congrats on the great quarter. Just on the cross-app access securing AI agent workflows, I know it's still early days to settle on any kind of pricing or monetization model to capitalize on this opportunity. If you can help expand on how you are viewing the monetization path for this, is it going to be embedded in the existing tiers? You highlighted the initial traction from your good, better, best suite or something you see evolving to standalone. Just curious, what are the earlier signs or feedback from like Zoom or AWS or all these customers trying to standard out in terms of downstream enterprise security spending and plans on this one? Thanks.

Yeah, I would think of it this way. It's a really good question. This is how I, when we've talked about it and modeled it out, this is how we think about it. First of all, the cross-app access is an open industry standard. If we were able to talk last year around Octane, we talked about this, another new standard we've put out there and are working with all the identity companies on and a bunch of technology companies, it's called IPSI. These are two open standards we're pushing out there with the ecosystem. The effect of both of these things for Okta is going to be basically identity providers are going to be more valuable tools to their customers. They're going to have better control, better fine-grained control into resources, better policies, more value. The whole identity market gets more valuable and bigger.

That's the way to think about these open standards. Now specifically on how Okta is going to monetize these two layers I've talked about. I talked about the clear and present issue today, which is service accounts, non-human identities. We monetize that through Okta Privilege Access and Identity Security Posture Management. Identity Security Posture Management detects the non-human identities and the risks in a proactive way that's comprehensive across all platforms. Okta Privilege Access and Okta Identity Governance can vault the credentials and rotate the credentials and have the right governance workflows. Axiom, of course, is going to add capability to Okta Privilege Access to have better support and more extensive support for database connections. That's the monetization of the clear and present thing today. That's affecting the results today. We talked about new products contribute healthily to the bookings, and that's true today.

Now, on top of that, in a world of AI agents, our belief is strong that you are going to manage AI agents with your identity system. That's how we're going to monetize that. When you put a bunch of AI agents inside Okta, that's going to be more valuable from an identity security perspective, and we're going to be able to have, we're going to be able to charge for that with our customers. They're kind of separate things in two layers, but that's how we see the world unfolding. It all is kind of predicated on a vibrant, healthy, growing AI agent ecosystem, which I think is, there's a lot of different thoughts on how that exactly plays out, but who's the vendor going to be? Who's the platform? SaaS vendors versus, you know, custom development, whatever.

I think whatever happens, you're going to need to manage this stuff. That's why we're inserting ourselves on that dimension, and that's why we're very excited about where this is all going.

Super helpful, Todd. Thanks a lot.

Next, let's go to Adam Borg.

Awesome. Thanks for taking the question. Maybe for Eric on the go-to-market changes, you did talk about this a few minutes ago in your answer to Brian, but where are we today with sales productivity relative to historical levels? What do you guys need to see in order to put more gas in the sales new hiring process, either in the back half of the year or ultimately as we head into fiscal 2027? Thanks.

Speaker 0

Yeah, you bet. We talked about at the end of last year, based upon our first two rounds of specialization in public sector and Hunter Farmer, I think it was in our Q4 results, we talked about how we would hit a multi-year high for sales productivity. We were leaning into the specialization work and reorienting our sales capacity and our supporting teams in pre-sales and post-sales and also our marketing generation teams. As I mentioned earlier, we generated a record amount of pipeline for us in Q2. Specialization is definitely helping at the top of the funnel. We're pleased with that. I think from a sales productivity standpoint, we saw gains in Q2 as well. We are very much on track with what we expected out of this model. Our guidance for the second half reflects that as well.

We're confident in the strategy of specializing on our buyers and our platforms.

Awesome. Thanks again.

Speaker 2

One thing I'll add there is that our year is, like a lot of enterprise companies, back-end loaded. In terms of that confidence and putting the investment level, cranking the investment in terms of go-to-market and growth acceleration, et cetera, et cetera, a strong Q3, a strong Q4 is worth more than a strong Q1 and a strong Q2. That's just the nature of the numbers and how they play out. As we go through the rest of the year, we're looking to build on this strength and get super confident exiting this year and going into next year.

Thanks again.

Here's the question, Adam.

Sorry, next up.

Thanks, Dave. Thanks everyone for the time here. I just wanted to cycle back on some of the different dimensions here for public sector. I know that you guys spoke about, hey, there was some restructuring standpoint for some of these civilian contracts. First, is it fair to assume then the Q2 played out better than what you initially anticipated? Secondly, with the removal of some of that conservatism we had previously introduced to the guide, are we now just operating in a more normalized buying environment, or are you guys just executing better than planned? Any detail on the public sector front from that standpoint would be beneficial. Thank you.

I was just going to say like three months ago, there was a lot of uncertainty in the public sector. You had massive government layoffs, and you had a lot of people talking about a lot of dramatic changes. I think in the quarter, what we saw is that there were some contracts that were paused or restructured, but what we also saw is that the overwhelming balance of the business was super positive. The impact on some of those government spending efforts, you know, did not materialize in a negative way. I think that is just a different, we have gotten through some of that uncertainty, and it has settled down a little bit. What we are seeing is that the technology we provide is pretty critical and pretty strategic. By the way, the government, particularly the federal government, has a huge need for it. They have legacy systems.

Identity in the federal government often means some massive outsourced operation run by a big contractor. This concept of a modern purpose-built identity security platform is just amazing for them. I think the fundamentals are winning out there in terms of, in some of the short-term uncertainty, I think was a little, we, you know, we overestimated that. Yeah. You see that in some of the structures of the deal, Mike. I talked earlier about, and Todd just said, some of the contract restructuring. What that would look like is, in some cases, oh, we do not have as many users as we used to, because I think we all know that there have been a few layoffs in the government. At the same time, there is an upsell that goes along with it for new products that they are not previously using. We end up in a good place.

It just, maybe we do not get as much of an upsell because ultimately there are less users on the other side because there are less employees in the federal government now. That is what we mean by contract restructuring. It is actually not a bad thing. It is actually them being more ingrained with Okta. We look at that as a positive, as usually more products are on, the higher the renewal rates and the higher upsell rates we get over time.

Thank you, guys.

Hey, let's go to Andy Nowinski.

Okay, great. Thank you so much for taking the question and a nice quarter as well. You know, Todd, I know Auth0 has been doing exceptionally well, and you have a great pipeline on Auth0 given all the new AI products coming out. I wanted to ask a question maybe about your workforce ACV. We continue to hear how customers want to consolidate identity vendors and how they want workforce products like IGA and PAM and SSO all on a single platform, which you guys have. My question is, why hasn't that sort of thirst for a complete platform had more of a positive impact on your workforce ACV growth, which has been decelerating over the last 12 months? Just wondering how you're thinking about sort of your bread and butter workforce ACV going forward.

I think we're going to do better there. I think the market is big. I think the opportunity is substantial, and I think we're doing a better job of explaining to customers what we have and getting the message out and getting real proof points with customers live at scale. By the way, that's one of the real strengths of our product suite, particularly in the identity governance space. Our average customer is live with multiple resources in 30 days. That's unheard of for a SailPoint implementation. It's legacy software. It's pretty heavyweight to deploy. It's hard to get successful with. As those stories get out there of proof points of customers getting live with multiple applications and bringing stuff into the management, bringing resources into the management framework, it starts to resonate. I think that's one of the reasons why we specialize in Salesforce to be more effective there.

It's one of the reasons why we're investing heavily in the R&D for these new products to make sure they're fully featured, particularly up market. That's why we're excited about the Axiom Security acquisition and many other efforts. Like I said before, we're building the best team in identity. If anyone is world-class and wants to work on identity, they should come work for us.

Another. Go ahead, Eric.

Speaker 0

Another thing I would add to that is coming back to the overall vision of the secure identity fabric we've talked about and how to consolidate use cases on a platform. Todd talked about one account he's working with, one of the world's largest technology companies, and consolidating 50 different identity systems onto Okta. From the CIOs and CISOs that I'm talking to at the accounts that I work with, what I'm really hearing is that having such a disparate framework isn't just expensive. It also adds complexity, which adds fragility, which creates security holes. Part of the value in our customer's mind of consolidating use cases with the trusted identity provider is they can have confidence in how they administer the product, how they administer the platform, and knowing that they can have secure identity across all of these use cases.

That's an added value and something that we've seen more and more from our customers as we've seen the wave in industry ride from cloud enablement and how identity is necessary to help people move to the cloud into this phase of security and how we help companies secure identity. Now as we look forward to agentic AI, again, it's going to be even more important for our customers to make sure that they've got a partner that they can work with.

Thank you.

Speaker 2

Okay, next up, we'll go to Jonathan Rookaver.

Yeah, thanks, David. I think, Todd, this is probably for you. I'm curious if you would agree with the view that has been articulated by other industry participants that PAM capabilities can be delivered to all employees at a cost comparable to IAM. I think when you look at the growing need for cloud-native just-in-time ephemeral credentials to support agentic and machine identities, maybe help us understand, does Axiom potentially fit into that thesis that yes, PAM can be deployed more broadly and cost-effectively both across human and non-human identities? What's your strategy along those lines?

Yeah, every identity type, employees, partners, customers, every resource, so database, cloud infrastructure, servers, Kubernetes containers, every resource in machines in the environment, and then every use case. Privileged access workflows, identity governance, attestation reporting, like the core access management workflows around creating accounts and removing accounts. That's what we're building. It's comprehensive, it's complete. I do agree. I do think that you want every employee to have a really locked-down secure identity experience. That's why we have the world's leading authenticator, phishing-resistant authenticator called FastPass, which is employed by, you know, quite a significant number of our customers and has been over the last five years. It's why it's so important to have these different pieces together. I think that's very important. One of the things that's also very important is I talk to customers.

I was talking with a Chief Security Officer of a big beverage company just two weeks ago, and their whole thing was, you know, they want to make sure that their identity provider works with all of their security tools. It's in divisions and companies they bought. They have SentinelOne, they have CrowdStrike, they have legacy technology for endpoint, they have Wiz, they have Zscaler, they have Palo Alto Networks. His plea to me was, he said, "Todd, I need to consolidate something. I can't consolidate all my security stuff. It's too disparate. I can consolidate identity, but you have to make sure it connects to all this stuff. Make sure it connects to Zscaler, make sure it connects to Palo Alto Networks, make sure it connects to Microsoft's network security." I said, "That's what we do. We connect you to everything." I think that's the winning formula.

Helpful. Thank you.

Next up is Rob Owens. Rob.

Thanks, Dave, and good afternoon, everybody. Actually, it was exactly what I was going to ask. I'll shift to a more Brett-focused RPO, CRPO question, I guess. Brett, if I look at the last couple of years, just in the RPO acceleration that you guys have seen, number one. Number two, you've talked about constant duration as well. Over that same time, you know, CRPO has been trending down. It's finding a bottom here. At what point do we see a better marriage, I guess, between prior RPO growth and forward CRPO growth? Maybe you can weave into that just what you're seeing from a retention rate perspective in terms of GRR. Thanks.

You're talking about last year we saw RPO outpace CRPO, right? Is that what you're talking about?

Yeah, it's been for a couple of years. You've seen that acceleration in RPO, and if it's constant duration, it feels like that should come through on the CRPO. You know, that's not in your guide. I think a lot of us had looked for maybe some of those headwinds to abate here in the second half that have been holding down NRR, potentially providing a lift to CRPO, especially as you're talking about your success with cross-selling and upselling.

Yeah, absolutely. When I've said the constant duration, I meant the duration of the amount to incur in RPO, you know, because you don't have a 12-month value incur in RPO at all times. That's just how it works. In terms of duration of contracts that we're signing, if you remember in FY2025, we went back to incenting the field on contract duration as part of their compensation plan. The prior couple of years, we hadn't done that. You saw RPO go up in a big way because contract duration went up in a big way, right? If you look at this year, contract duration is still in their comp plan, right? It's still a component that we pay them on, and you're seeing more of a normalization.

We see contract duration actually in the first half slightly ticking up, but it's not going to have the effect like it did last year because it's coming off of a different base, if you will, Rob. Hopefully that answers your question around current RPO and total RPO and the dynamics in between those. It's a simple sales comp model. That's all it really is.

Any broader comments on GRR?

Yeah, we tend to continue to have that be a strong number for us. It's always been, it's been healthy. It's been one of those things, it's a hallmark of this company that for years it's been, it's been healthy and it continues to be so, at least through the first half of FY2026. We're looking forward to some solid results as we finish out the fiscal year.

All right, thank you.

No problem.

Thanks, Rob.

We're coming up on the hour, but let's try to get questions in from Anik and Gabriella. Anik Bauman, go ahead.

Hey guys, I'm on for Joe Gallo here. Brett, any verticals beyond federal, because we've talked about that a lot, or geos of strength or weakness to call out in 2Q? Todd, can you just talk us through the key to unlocking the international market? Seems like an incredible opportunity relative to what you've built in the U.S. today.

Yeah, I would say larger customers. Enterprise in general had a really nice quarter. We're feeling solid about that. That's been actually pretty consistent for a while now. We've talked about bigger customers getting bigger, and that's why we see enterprise doing well. I'll let Eric comment a little bit on that because I know it's near and dear to his heart on that topic.

Speaker 0

Yeah, we continue to see strength in upmarket in large customers. I would agree with that focus. We talked about updated stats on our customers above $100,000 and customers above $1 million in ACV spend continue to be growing at high rates. That reflects what we see as the industry trend of the importance of people investing in security. We look now at cyber events worldwide, and over 80% of them start with some form of compromised identity. Our customers, CIOs and CISOs, are coming to us to help them build the partnership they need across our expanded product portfolio. We continue to see great success there.

Speaker 2

On the international question, we have a big opportunity in international. Our strategy there is really to invest in our top 10 countries and make sure we fully do everything we need to make those successful and get those to grow to their potential versus spreading ourselves too thinly. We are going to continue to really prioritize our top 10 countries ruthlessly and invest to make those successful because we do think the opportunity is quite substantial.

Makes sense. Thanks, guys.

Okay, last question from Gabriella Borges.

Hey, thank you for Todd and for Eric. I want to explore this idea of security and identity in the convergence effort. Give us a little bit of an update on where you're seeing progress with the go-to-market, specifically with security bias in the enterprise. The reason I'm asking now is, Todd, you mentioned not expecting to see a change in the competitive landscape because of Palo Alto. Palo Alto is really good at driving some of these strategic conversations at the top of the house with CISOs. Maybe just an update on how you're progressing. Please push back against that.

I think it's a question of the capabilities of the products you're offering. I think where a security vendor is going to struggle is the breadth of identity types, first of all, and the breadth of use cases they can support across those identity types. What we still see, it's very influenced by security, but it's still more than a security conversation. A lot of the identity management products, particularly governance, operationally help the companies in terms of being more efficient and passing compliance audits, etc.

I was talking to the Chief Information Officer of a global auto company just a couple of days ago, and she was talking about, I was talking to her about cyber, and she goes, yeah, of course, identity is a cyber thing, but it's really about, we want visibility into what people are using so we know how much we spend on all these things. We want to make sure we automate these workflows that are slowing people down. Although the security voice is very important, I think it's still not purely a security sell, which I think is a little bit different for some of these security companies. I think ultimately, Gabriella, it kind of comes down to having the products, and you have to have a broad range of identity types and use cases and resources to really serve this concept that these customers want.

Thank you for the thought.

Okay, apologies for not getting to all the questions today. It is the top of the hour, but before you go, I just want to let you know that in addition to hosting onsite and virtual bus tours this quarter, we'll be attending the City TMT Conference on September 3 in New York, the Goldman Sachs Conference on September 9 in San Francisco, the Piper Conference in Nashville on September 10, and the JPMorgan Software Conference on October 8 in Napa. We hope to see you at one of those events. Thank you.

Thanks, everyone.

Bye, everyone.

View Q2 2026 Earnings Summary