Okta, Inc.

Yeah, we do need tighter security, but it can't slow down our business. Actually, with Okta, your business moves fast and stays protected, even from AI threats. Another bot bites the dust. Welcome to stronger security and awesome experiences. Rewards VIP alert.

So, great security without the trade-offs.

Exactly. Okta makes it all possible.

Hi, everyone. Welcome to Okta's second quarter fiscal 2026 earnings webcast. I'm Dave Gennarelli, senior vice president of investor relations at Okta. Presenting in today's meeting will be Todd McKinnon, our chief executive officer and co-founder, and Brett Tai, our chief financial officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting. At around the same time that the earnings press release hit the wire, we posted supplemental commentary to the IR website. Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance, or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represents our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-Q. In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents are available in our earnings release. you can also find more detailed information in our supplemental financial materials which include trended financial statements and key metrics posted on our investor relations website in today's meeting we will quote a number of numeric or growth changes as we discuss our financial performance and unless otherwise noted each such reference represents year-over-year comparison and now i'd like to turn the meeting over to todd mckinnon todd

Thanks Dave and thank you everyone for joining us this afternoon. We are pleased to report solid Q2 results with continued strength with large customers, Auth0, new products, the public sector, and cash flow. We are seeing encouraging signals from our newly specialized go-to-market teams and we're excited to build on this progress as we enter the second half of the year. Brett will cover more of the Q2 financial highlights and I'll cover product innovation, securing agentic AI, and preview some of the innovations we'll be highlighting at Octane next month. Now, let's get into our Q2 results. Consistent with the past four quarters, new products from Okta Identity Governance, Okta Privilege Access, and Okta Device Access to Identity Security Posture Management, Identity Threat Protection with Okta AI, and Fine Grain Authorization had another strong quarter of contribution. Okta's unified identity platform is delivering differentiated value to our customers. For example, a leading healthcare billing company chose Okta to rebuild and modernize its identity security practice from the ground up. They needed a single identity platform to unify workforce identity and scale with growth. Okta delivered OIG, OPA, ISPM, and ITP, supporting thousands of apps and integrations. By consolidating identity with Okta, this first-time buyer replaced a fragmented, multi-vendor approach to implement a modern, scalable identity security practice in one decisive move. In a move that we believe will further accelerate Okta Privilege access growth, I'm delighted to announce that we've signed a definitive agreement to acquire Axiom Security, a modern PAM vendor. The team at Axiom built complementary technology that helps organizations eliminate standing privileges and secure critical infrastructure, including key features for securing both human and non-human identities. Once we close the acquisition, which we anticipate will be later this quarter, we will support Axiom's customer base while we work to integrate their technology into Okta Privilege Access. Combined, we'll be able to deliver superior security and compliance outcomes like unified control and just-in-time access to a wider set of resources for our customers. Going forward, we believe every organization will need an identity security fabric, an architecture that enables them to fully secure every identity, including AI agents, every identity use case, and every resource across their business. The Okta platform helps organizations bring this identity security fabric to life. Take our approach to securing non-human identities, or NHIs. Okta's unified platform helps ensure they receive the same level of visibility, access control, governance, and remediation as human identities. This includes the ability to detect and discover NHIs wherever they exist, provision and register them properly, authorize and protect them with appropriate policies, and govern and monitor their behavior continuously. That's the power of an identity security fabric enabled with Okta's unparalleled breadth of modern identity security products. No other company can deliver that level of sophistication. With our Auth0 platform, we're enabling developers to build agents that are secure by design and identity security fabric ready from day one. Auth0 for AI agents, formerly known as Auth for GenAI, delivers user authentication that works seamlessly with AI workflows, token vaults that securely manage credentials, async authorization that lets agents work autonomously while maintaining user control, and fine-grain authorization that permits AI agents to only access authorized data. We're in the middle of this exciting and rapidly changing environment, and with these two platforms, Okta is driving the industry to an architecture where identity is both more valuable and more secure. Securing AI is the next frontier, and our introduction of a new open standard called cross-app access is a key part of the solution. This is an important innovation that helps control what AI agents can access, allowing us to help make our customers and ISVs more secure and providing better end user experience. In short, cross-app access allows for support of AI agents within the identity security fabric and the flexibility to safely connect to other technologies. Already, there is strong interest in cross-app access from partners and ISVs, including AWS, Boomi, Box, Writer, and Zoom. And we had over 1,100 attendees at our Identity Summit on the topic earlier this month. At our Octane conference next month, we will share how we are enabling every organization to build, deploy, and manage AI agents safely, securely, and at scale. In addition to the keynotes and product demos, we will be hosting a Q&A session for analysts and investors at the event, featuring myself, Brett, Eric Kelleher, our COO, and John Addison, our CRO. Come join us in Las Vegas or join us online for the AI security event of the year. And finally, I know you are all interested in our views on the Palo Alto CyberArk announcement. Okta has pioneered the modern identity market. As platform companies enter the market, it underscores two very important things, identity's central role in security and the importance of Okta's independence and neutrality. To this day, we remain the only modern, comprehensive, cloud-native solution built to secure every identity from employees to customers to non-human machine identities to AI agents without locking customers in. So on the whole, we think the transaction further validates the importance of identity but won't meaningfully change the competitive landscape. That flexibility is why the world's largest organizations across the public and private sector trust Okta and why we're confident we're on the winning path. To wrap things up, we're pleased with our Q2 results and we're excited about the future with our growing portfolio of modern identity solutions and how Okta secures AI. As more and more customers turn to an identity security fabric to simplify, control, and strengthen protection across their organizations, Okta is here to meet them with the most modern and comprehensive identity security platform in the market today. As always, I want to thank the entire Okta team for their tireless effort and also thank our loyal customers and partners who put their trust in us every day. I look forward to seeing all of you at Octane. And now here's Brett to cover the financial commentary and talk about how we're positioned for long-term profitable growth.

Thanks, Todd, and thank you everyone for joining us today. My commentary will provide insights into our Q2 performance and then move into our outlook for Q3 and FY26. Last quarter, we introduced some conservatism in our business outlook with regard to uncertainty in the macro and our federal vertical. I'm pleased to say that neither materialized and we're removing them from our outlook for the remainder of the fiscal year. While we're only two quarters into our go-to-market realignment, we're encouraged by the signals we're seeing, including improved sales productivity and record pipeline generation. This success echoes the long-term performance of our already specialized teams in areas like the US SMB market and public sector. The positive signals from Q2 give us great confidence that our increased specialization will drive long-term growth for both Okta and our customers. That's a nice segue into the strong Q2 performance we saw in our public sector business. While we did experience some contract restructuring with civilian agencies and delays in procurement processes, renewals across all of Federal were strong, reflecting the mission-critical nature of our solutions. OCTA continues to perform well with government organizations at all levels, highlighted this quarter by multiple new business and up-sale deals with DoD and state agencies. Overall, five of our top 10 deals in Q2 were with the U.S. public sector, including our biggest deal of the quarter, which was secured with a DoD agency. In that particular deal, the agency needed to replace its aging legacy logon system while ensuring compliance with federal mandates on cybersecurity and zero trust. Working closely with our partners, the agency will be modernizing with Okta Customer Identity as a central component of their new access system. It's worth noting that about a year ago, we made the strategic decision to reinvest in Okta Customer Identity and those efforts have led to substantial growth in the product. In the first half of FY26, OCI Bookings has really accelerated and was a strong contributor to pipeline generation, driven by deals in both the public and private sectors. Turning to capital allocation, we ended the quarter with a strong balance sheet consisting of approximately $2.9 billion in cash, cash equivalents, and short-term investments. Next week, the 2025 convertible notes reach maturity, and we will settle the remaining principal amount of $510 million in cash. We regularly evaluate our capital structure and capital allocation priorities, which includes investing in the business, tuck-in M&A, and opportunistic repurchasing of the 2026 notes, of which $350 million remains outstanding. Now let's turn to our business outlook. For Q3 and FY26, we continue to take a prudent approach to forward guidance that factors in our go-to-market specialization that was rolled out at the beginning of this fiscal year. For the third quarter of FY26, we expect total revenue growth of 9% to 10%, current RPO growth of 10%, non-GAAP operating margin of 22%, and free cash flow margin of approximately 21%. For the full year FY26, we are raising our outlook and now expect total revenue growth of 10% to 11%, non-GAAP operating margin of 25% to 26%, and a free cash flow margin of approximately 28%. To wrap things up, we're pleased with the solid Q2 results. We've significantly increased our profitability and cash flow over the past couple of years and remain focused on accelerating growth. We're excited about the adoption of new products and the rapid pace of innovation, and we remain confident that Okta's independence and neutrality positions us best to lead the identity industry. With that, I'll turn it back to Dave for Q&A. Dave?

Thanks, Brett. I see that there's already quite a few hands raised and I'll take them in order until the top of the hour. And in the interest of time, please limit yourself to one question. So with that, we'll get started with Brad Zelnick. Brad.

Great. Thank you so much. And video on. There we are. Congrats, guys, on a strong Q2. My question for you, Brett, great to see the NRR stabilize. I know in the past you talked about downsell pressures subsiding into the back half of this year. And I just wanted to understand, you know, what other indicators might you look at as inputs into your guidance and the macro caveat that you've now removed this quarter. And does that still hold that, you know, as we proceed from here, we feel good that NRR should effectively, you know, have bottomed. Thank you.

Hey, Brad, before Brett jumps in, maybe I could just make a high-level comment. I think on the quarter, we're very pleased with the execution. I think it was solid execution. And then looking forward, I think we're very excited about the strategy. Our strategy is to be the one-stop shop for identity. That's what customers want. They want fewer identity vendors. I work with one of the largest high-tech companies in the world, and they're replacing 50 identity vendors with Okta. So customers want to consolidate on Okta. they want it on a single identity partner, and then they want to do it in a way that covers all of these different use cases. And you'll hear different variants of this across the call, but I think that's really what makes us so excited about the future and that our strategy is really working along with solid execution.

And Brad, you broke up for a second in the middle of your question. So you were asking around NRR and how it's trending, but you also said something around macro. Can you just clarify what you're saying?

Well, maybe incorrectly, but I think of those concepts going hand in hand. And in the past, you've talked about downsell pressure alleviating come the back half of this year. We now see NRR having... wanted to appreciate what other inputs you look to when you remove the macro caveat in your guidance going forward, and if we can have confidence that, in fact, you know, 106% is a level from which we can now re-expand. Thank you.

Yeah, absolutely. So, you know, I've said for a couple of quarters now, actually a few quarters now, around the NRR effects of the macro being, you know, impacting that NRR. And I was saying, you know, the last few years, you know, kind of the COVID cohort, I would say not having as much of an effect after the first half of FY26, and we still believe that to be the case. In terms of what we expect it to be for the balance of the fiscal year, we still think similar to what I said before, which was plus or minus a little bit from here, just depending on mix of business, whether there's more new business or more upsell in the quarter. So that's how we think about the NRR side. In terms of Brett KenCairn, macro effect on the rest of the guidance in the in the in the earnings remarks today yeah we've removed that because we clearly didn't see anything. Brett KenCairn, That was was that differentiating in Q2 it seemed a lot more of the same from what we've seen over the last several quarters and so that's what we think it's going to be for the balance of the fiscal year.

Brett KenCairn, Thanks for taking my question and congrats again.

Brett KenCairn, No problem.

Brett KenCairn, Thanks next up is matt Hedberg.

Great. Thanks for taking my question, guys. I'll offer my congrats as well. Really solid execution, including the new product success. It's great to see. Todd, I had a question for you. When we look at the AI native cohort, are there any interesting adoption trends that you're seeing there in terms of what products they're taking, how they're using the platform, any consolidation trends? And is there any thought of some of the early AI natives from a DIY perspective? Just sort of curious on on how those folks are approaching your platform?

It doesn't seem dramatically different than other cohorts in terms of the adopting workforce solutions or Auth0. It looks pretty much the same, except they're growing very fast. I guess that's the difference, especially on actually the revenue metrics. It's growing very fast, and we think we're well-positioned in that cohort. And I think similar to every company, they're trying to figure out how they can be secure internally as they're growing very fast. I know from workforce identity and identity security perspective for their internal operations, they're sitting on a lot of very valuable data and definitely hackers want to attack them. They want to attack every important company. So they're really investing in identity security and Okta helps them with that. And then in terms of building their products and how they're connecting with their customers, they want to obviously connect on the web and mobile channels, but also they want to They're all building AI agents themselves. So that's one of the customer... Every enterprise is being really... they have to make these choices about how many AI agents they buy, who they buy them from, and all of these AI native companies are working hard to fill that void along with Salesforce and Workday and more of the established companies and what it means for customers that are on the enterprises that are trying to adopt these great new coding tools or these great new business automation processes or even the agent building platforms is they have to figure it all out in a way that has really high security implications like Everyone's heard the story of how big companies are doing simple AI chatbots and then all of a sudden confidential information is leaked because the AI chatbot leaked the wrong thing. So big security implications, but at the same time, they see big business value and they're not really sure which platform to invest in. So one of the things we're really focused on is trying to provide the right security for this agentic future, but also at the same time, give them choice and flexibility as every new AI company is trying to give them an agent platform and a capability to build these things. And as established vendors, it's pretty complex for these companies to figure out. So we're trying to help them through it all. But it's an interesting time out there. I think it's a good time to be an identity company. And we're really excited about where this is all going.

Great to hear. Thanks.

Next, we'll go to Eric Heath.

Thanks, David. Congrats, Todd and Brett. If I could ask one for Todd and one for Brett. I mean, Todd, you've always been very clear that identity should be its own independent standalone platform. But can you just elaborate a little bit more in the comments of why you think that's critical for identity to be independent? And then, Brett, if I could, just on a modeling question, great, very exciting deal with the DoD, the expansion deal. Just how should we think about that as it relates to RPO and CRPO and think about the model going forward? Thanks.

Yeah, I think on the category of identity, back when a long time ago when I started Okta, it was like, would it be important enough? You know, could you build a big company around identity? And, you know, at the time it was like identity was a part of another platform and people didn't think it could be a big company. So over a decade and a half since, it's very clear it's super important now. So now this new question is like, should it be its own independent platform or should it be part of another platform? And as you mentioned, we have a very strong worldview that it should be independent neutral. And it's really two reasons. The first reason is that it's too fragmented and there's too many niche players and there's too many legacy platforms and it's too complicated for big companies. So in that sense, it has to consolidate. It's too complicated. It's holding companies back. I mentioned this. One of the biggest technology companies in the world were helping upgrade all of their disparate identity platforms from SailPoint to CyberArk to HashiCorp to Ping to ForgeRock. They're consolidating them all in Okta. And the reason they're doing this is because, two reasons, it's cost, it's expensive, and it's operationally challenging to keep all this stuff running. A lot of them are legacy platforms running in their own data centers or Amazon. The second reason is that it's preventing them from adopting the future. It's preventing them from rolling out more agentic workflows, et cetera. So there's just the simple argument of cost and fragmentation. So now the second answer is like, and that could be true of any category. People want... In theory, fewer vendors and less operational costs for many categories, collaboration applications, security tools, et cetera, et cetera. So why should your point of consolidation be identity? And our answer is simple. It's because you can, like I mentioned before, you can save a lot of money, a lot of time, a lot of energy. And secondly, it's the one thing you can consolidate on and still preserve choice across everything else. So if, if you are adopting Microsoft identity, you are making a decision that your first choice and your preferred vendor for everything else is going to be Microsoft, which could work for some companies, but it's not going to work for most companies, especially large companies. If you, so that's the independence argument. And that's why we think when companies are, when you see in the results, right. 13% CRPO growth, um, and the, the success we're having across the board. what we're seeing is that customers are showing this preference too. They want to consolidate. They want to pick the right points of consolidation. In our case, we're having the most products, the most modern products, the breadth of capabilities, the reliability, the security, it's resonating with them.

And then Eric, to answer your question, fairly simple, like many other public sector deals, the RPO value and the current RPO value are going to be the same because it's a one-year deal. So that's just how it works with a lot of the public sector.

Okay, next up, we're going to go to Brian Essex.

Great, thanks. And Dave, did you say Eric Helher is on as well?

He is, yeah.

All right, awesome. So maybe for- Hi, Andy, it's good to see you, Brian. Yeah, good to see you too. So, you know, when we met IntraQuarter, you gave us some great context of the evolution of the sales force, both 100 farmer model and the decision to specialize. Could you maybe like bring us up to date in terms of where that sales, where each of those kind of specialization or specialized sales forces have evolved to? And how does that drive confidence and ability to execute through the remainder of the year, both from a productivity as well as plans for hiring going forward?

Great question. Thanks, Brian. We feel very confident in where we are today. We said last quarter when we got together that we were very much on track for the expected impact and productivity impact of all the changes we made to specialize on the Okta platform and the Auth0 platform. And Q2, our results were very strong as well. As you can see, it's a solid quarter and they reflect increased productivity from a specialization standpoint. So we remain optimistic and confident that this works. Again, this isn't the first time we've specialized, and Brett talked about this in his opening comments. So our first real investment in specialization was for our public sector business, and you've heard us talk for many quarters now about strength in public sector and how that's been performing. 18 months ago, we implemented a hunter-farmer specialization in the SMB space for North America. And we've seen that delivered. That group has had a very effective first half of this year. And so the change management and the change costs associated with that have really played out. And we're really pleased with the productivity for that group and the organization. And our specialization for platforms, now our third major wave of specialization, we feel good about as well. We saw productivity gains in Q2, which were in line with where we're hoping to get. And one of the metrics in our commentary, we generated an all-time high for pipe in Q2. And so that's partly attributed to the fact that we now have people specializing in our buyers, in our buyer personas. So we have people specializing in developer buyers and people specializing in IT and security buyers. And they're more effectively able to identify and qualify and prosecute leads and convert that into opportunity at the top of the funnel. So we're very pleased with progress so far.

All right. Great color. Thank you so much.

Hey, Brian, I would just add one thing to what Eric said, which is around what he was saying around the pipeline by source. We saw a nice growth in the quarter for pipe being created by AEs themselves, right? And that really is attributed to the fact, like what Eric was just saying, they know the products better. And so if you allow them to specialize, they're going to know it better and you're going to see numbers like that. And so that's really a nice sign for us as an organization because it really, it's one of those positive feedback points that we feel like things are working and headed in the right direction.

Right. And you've been focused on channel productivity as well. Is that, is that also improved sequentially? Are you getting kind of momentum there?

Yes, absolutely. So we've 20 of the top 20 deals were all touched by a partner. And also from a pipe gen perspective, there was also very in terms of the source where it was coming from the partners that also had very nice growth in the quarter. So you add all that up and you get, you know, record pipe gen and nice results like we just had.

Good stuff. Congrats on the results. Thank you.

Thanks, Brian. Next up is Josh Tilton.

Thank you, guys. Since I have Todd, I'm going to try and ask a nerdy tech question, although I preface it with, I'm not 100% sure I understand what I'm asking. I think investors are kind of trying to understand which piece of the identity puzzle is going to benefit the most from AI. And it sounds like you're buying, you're making an acquisition because... There's some pan pieces that are going to help you secure AI. But then if you dig into cross app access, it also looks like it's using tokens and protocols and stuff you use for SSO and MFA. So maybe like what is your view of which piece of this puzzle is really best positioned to benefit from an AI future? And then just kind of more broadly, like what is incremental to cross app access that you're getting from this acquisition you just announced?

Yeah, imagine, Josh, imagine how confused the buyers are in the market, like when they're trying to buy all this stuff. And that's why our, and it's true, right? And so they're all very excited about, as we all are, the technologists and business people and people that just observe the world of what it could be possible with AI. But they're just inundated with this complexity of how you get the best products and what the right platform is. And should you use Microsoft or should you use Google and should you use open air? Like, what's the right thing to build? What's the right thing to buy? And our perspective is is. is quite simple. It's that you have many problems today in your enterprise that are clear and present, and you can get a lot of security benefit by addressing these problems. These are the problems that we talk about a lot. These are service accounts. These are machine identities. These are putting the right vaulting and governance workflows around all of these things. These are like the bread and butter of our identity platform across governance and privilege access and identity threat protection with Octa AI and the bread and butter of what we're talking about. These are clear and present things today. In addition to that, every company is going to make a huge investment in AI agents. And what that's going to do first and foremost is it's going to make that problem I just described five times worse because every agent wants to connect to 10 service accounts and is going to have its own tokens. And so we are in this environment where people are very receptive to what we're saying because it's fundamentally understood that this is a problem they have today, and it's getting worse. The last week, I've had conversations with CIOs of massive companies that everyone's heard of that say, there's no way we're going to be able to do this AI stuff if we don't get our identity foundation in order. So that's clear and present. Now, in addition to that, I think there are investments we are making and innovation we're building that is going to even take it a step further, which is actually modeling the identity of an agent and giving more power to the customer to manage and secure these things because it's a native thing inside of Okta, which is also very excited. But that's very early because the amount of companies that are actually playing with AI agents is 100%. The ones that are actually putting them in production at scale is very small. So the timing is right here to solve this problem they all have today, the surface accounts and token vaulting, etc. And then over time, be the system of record for the AI agents themselves and give them choice and flexibility on if they want to use Salesforce or what they want to use Salesforce for agents or ServiceNow agents or build their own agents and give them the fundamentals across all of that, which are security control and governance. Now, specific to your questions about Axiom, we're very excited about Axiom, but it's a little different. Axiom is, first of all, These folks on this team are super talented, and they are deep, deep privileged access management experts. And one thing we're doing at Okta right now is we're on this mission to recruit across the entire company the best identity people in the world. And Axiom falls in that bucket. So we get some of the best PAM experts in the world. to join our privileged access management team, which is great. And they also have a technical capability around securing infrastructure connections to databases that is world class and gives us an enhanced benefit there. But honestly, it's really about the team and having this great technology for sure. But it's this expert privileged access engineers and product people to join our PAM team, which is, you know, we're trying to build the world's best team across the board. And it's a great addition too. I know this is a long answer. I'll try to say one more thing. Cross-app access is an industry-wide effort. It's actually three years old. We've been working on this for three years. And it came out of Mike from Atlassian and Eric from Zoom and many other SaaS leaders wanted a way to standardize how, when they sold their products into companies, how those products were then hooked up to everything else in the company. So Zoom wants to connect to your calendar, wants to connect to a note-taking. Atlassian wants to connect to all of your other software development tools. So we invented this protocol and this concept and have published this open standard to solve a very important problem. How do you give your IT teams and your security teams visibility into all these application connections that happen between apps? Now, guess what? That's a problem that's existed for a long time. And guess what's happening with AI? AI is supercharging this problem. Now, every agent, guess what it wants to do? It wants to connect to 15 applications and guess what you need? You need an open protocol for all of those applications that are letting those agents connect, publish and share that information with the security team so they can have visibility and control and audit that. So that's why cross-app access is so important. It lets the ecosystem form around this system of how agents can share their connection information in an open and transparent way.

Actually very helpful. So I appreciate the long response. Thank you.

Yeah, thanks. Thanks for the question, Josh.

Okay, let's go to Greg Moskowitz. All right, terrific. Thank you, guys. Congratulations on a really good quarter. Brett, I'm wondering if there was any change in upsell or cross-sell rates among S&P customers or enterprise customers, and then realize that it's still early days. But what are you seeing so far regarding demand for your new suites? Thank you.

Yeah, I'll let Eric talk about the sweet side of the house. But from an overall upsell, cross-sell perspective, it was fairly similar to what we've seen in the last few quarters. You've heard us talk about for several quarters now, the pipeline being more weighted toward upsell and cross-sell as opposed to new business. That continues to be the case. And you see... these bigger customers getting bigger as a result of that, right? That's why you see the greater 100K having a nice ad and you see the greater million dollars, almost 500, we're at 495, up 15% year over year. And so that upsell cross sell continues to work, especially as you've heard Todd talk about, we keep adding all these new products into the mix, depending on which side of the business you're on and ultimately helping us across the board there.

And on the Suites part of that question, and thanks, Greg, for the question, we're pleased with what we're seeing with Suites. Again, we introduced Suites for the Okta platform a few months ago, and it was in response to demand from customers who have bought into Okta's vision of the secure identity fabric. And these are companies that, as Todd mentioned earlier, are looking for an identity partner that they can work with to help them solve all of their identity use cases, whether that's threat protection or security posture management, access management, governance, privileged access. That is the secure identity fabric vision. that Okta has bringing to customers. And what we found is our customers want easier ways to engage with us to get the secure identity fabric for themselves. And the suites are really designed to do that. So they bundle pieces of the Okta portfolio to help customers address these cases that are most compelling for them right now, but also give them room for where they're going to grow on their roadmap as they go forward. So we're pleased with what we've seen. We're a few months in, so we're not breaking out numbers for suites for that packaging specifically, but we're seeing the impact we expected.

I think it's a, I'll just add real quick, just to give the group some really detailed color about what's going on. So we have a sales team now that's focused totally on selling the Okta products. And the opportunity there is big simply because that we have to make sure the customer understands the breadth of what we have. It's much broader than it was just a couple of years ago. Just a couple of days ago, I was on a call with a big federal agency and it's been a customer of Okta forever, but they really think of Okta as multifactor authentication and just login. And they had no idea we have a governance solution. We have identity threat protection. We have all these other products that can help them be secure across the board and consolidate vendors, et cetera, et cetera. And their eyes just lit up and the size of that deal potential just probably tripled or more. So it's really about getting this message out there that this is possible. We have the best solution, the most comprehensive solution, the most modern solution. There is a better way. And that's why these things like suites or specialization dovetail right into that strategy that's working.

It's also a tie back to the conversation we've been having for a few quarters now around specialization. And one of the reasons specialization to us was the winning strategy is we've seen so much innovation on the product side of the business for both the Okta platform and the Auth0 platform. To Todd's point, our sales reps were having difficulty really articulating and evangelizing the full benefits of the entire portfolio, the entire secure identity fabric to our customers, specializing gives them more opportunity to get deeper. So whether it's identity threat protection or identity security posture management, identity governance, access, fine-grained authorization, highly regulated identity, all the products that have been coming out for both of these platforms and now Auth0 for a GenTech AI, Our specialists are better able to get into the specifics of these technologies for the specific use cases our customers are talking to us. That's bringing us help. So the suites are helping with that from a design and purchase standpoint.

Great. Thank you, guys. Okay. Next up, we have John DeFucci.

Thanks, Dave. And thanks, everybody. There's a lot of good information coming out tonight, especially things like cross-app access. And it just demonstrates your leadership position in the whole identity space, especially when you're able to contribute that to the whole ecosystem. But my question is for Brett, and it's a little more tactical, I think, because otherwise, I know I'm going to get, we're all going to get this question all day tomorrow. Brett, you said that the sort of, I forget your exact words, but excess conservatism around the US Fed, which was strong, and macro were no longer implied in your guide. So I guess I just want to make sure I understand what that means. Does it mean that we potentially won't see the same amount of beats going forward? You sort of alluded to that in the past. And along the same lines, how long do you think the go to market changes that happened in fiscal one Q will present a potential headwind to your business momentum? Because that's still in the guide, right?

Absolutely. So, yes, we did remove that layer of prudence for macro going forward. And the primary reason is. that didn't come to fruition. Like we thought it was going to the last time we spoke probably about 90 days ago, John. But so then to answer your second part of your question is yes, the go-to-market specialization is still baked in there. Although we're seeing positive signs and positive feedback from the field, We're still a couple of quarters in, as if you remember when we first started talking to all of you about this, it takes time for these things to come to fruition and really hit their full stride. We talked about US public sector. We've talked about US S&B. It takes some time. You have to be methodical in your approach. And then, yes, to your point, John, yes, we are trying to shoot for closer to the pen than we have historically, that we started trying to do that last about three, four quarters ago. Yes, I will admit that I was probably a little wrong on the macro side, and we delivered a really nice beat this quarter. But if you look 90 days ago, the world was a little different. So I will take that charge. But yes, ultimately, we are trying to get a little closer to the pin than we have historically.

That's really helpful. Thank you, Brett.

And next up, we have Srinath Kothari.

Great. Thanks for taking my question. Congrats on the great quarter. Just on the cross-app access securing AI agent workflows, I know it's still early days to settle on any kind of pricing or monetization model to capitalize on this opportunity. Just if you can help expand on how you are viewing the monetization part for this Is it going to be embedded in the existing tiers? You highlighted the initial traction from the good, better, best suite or something you see evolving to standalone. Just curious, what are the earlier signs or feedback from Zoom or AWS or all these customers trying to start it out in terms of downstream enterprise security spending and plans on this one? Thanks.

Yeah, I would think of it this way. It's a really good question. And this is how I, when we've talked about it and modeled it out, this is how we think about it. First of all, the cross-op access is an open industry standard. And if you were able to, if we were able to talk last year around Octane, we talked about this, another new standard we've put out there and are working with all the identity companies on and a bunch of technology companies is called IPSE. So these are two open standards we're pushing out there with the ecosystem. And the effect of both of these things for Okta is gonna be basically identity providers are gonna be more valuable tools to the customers. So they're gonna have better control, that fine grained control into resources, better policies, more value. So the whole identity market gets more valuable and bigger. And so that's the way to think about these open standards. Now, specifically on how Okta is going to monetize these two layers I've talked about. I talked about the clear and present issue today, which is service accounts, non-human identities. We monetize that through Okta privilege access and identity security posture management. Identity Security Posture Management detects the non-human identities and the risks in a proactive way that's comprehensive across all platforms. Octa Privilege Access and Octa Identity Governance can vault the credentials and rotate the credentials and have the right governance workflows. Axiom, of course, is going to add capability to Octa Privilege Access to have better support and more extensive support for database connection. So that's the monetization of the clear and present thing today. That's affecting the results today. We talked about new products contribute healthily to the bookings, and that's true today. Now, on top of that, in a world of AI agents, our belief is strong that you are going to manage AI agents with your identity system. And so that's how we're going to monetize that. When you put a bunch of AI agents inside Okta, that's going to be more valuable from an identity security perspective and that we're going to be able to charge for that with our customers. So they're kind of separate things in two layers, but that's how we see the world unfolding. But it all is kind of predicated on on a vibrant, healthy, growing AI agent ecosystem, which I think is, there's a lot of different thoughts on how that exactly play out, but who's the vendor going to be? Who's the platform? SaaS vendors versus, you know, custom development, whatever. I think whatever happens, you're going to need to manage this stuff. And that's why we're inserting ourselves on that dimension. And that's why we're very excited about where this is all going.

Super helpful, Todd. Thanks a lot.

Next, let's go to Adam Borg.

Awesome. Thanks for taking the question. Maybe for Eric on the go-to-market changes, and you did talk about this a few minutes ago in your answer to Brian, but where are we today with Salesforce productivity relative to historical levels? And I guess what do you guys need to see in order to put more gas in the Salesforce new hiring process, either in the back half of the year or ultimately as we head into fiscal 27? Thanks.

Yeah, you bet. We talked about at the end of last year, based upon our first two rounds of specialization in public sector and Hunter Farmer, I think it was in our Q4 results, we talked about how we hit a multi-year high for sales productivity. And then we were leaning into the specialization work and reorienting our sales capacity and our supporting teams and pre-sales and sales. and post-sales and also our marketing generation teams. As I mentioned earlier, we generated a record amount of pipeline for us in Q2. So specialization is definitely helping at the top of the funnel. We're pleased with that. And I think from a sales productivity standpoint, we saw gains in Q2 as well. So we're very much on track with what we expected out of this model. And our guidance for the second half reflects that as well. But we're confident in the strategy of specializing on our buyers and our platforms. Awesome, thanks again.

One thing I'll add there is that our year is, like a lot of enterprise companies, is back-end loaded. So in terms of that confidence and putting the investment level, cranking the investment in terms of go-to-market and growth, acceleration, et cetera, et cetera, A strong Q3, a strong Q4 is worth more than a strong Q1 and a strong Q2. That's just the nature of the numbers and how they play out. And so as we go through the rest of the year, we're looking to build on the strength and get super confident exiting this year and going into next year. Thanks again.

All right. Thanks. Thanks, Dave. And thanks, everyone, for for the time here. I just wanted to cycle back on some of the different dimensions here for public sector. I know that you guys spoke about, hey, there was some restructuring standpoint for some of these civilian contracts. But first, is it is it fair to assume then the Q2 played out better than what you initially anticipated? And then secondly, with the removal of some of that conservatism we had previously introduced to the guide, are we now just operating in a more normalized buying environment? Or are you guys just executing better than planned? Any detail on the PubSec front from that standpoint would be beneficial. Thank you.

I was going to say like three months ago, there was a lot of uncertainty in public sector. You had massive government layoffs and you had a lot of people talking about a lot of dramatic changes. And I think in the quarter, what we saw is that there were some contracts that were paused or restructured. But what we also saw is that the overwhelming balance of the business was super positive. And the impact on some of those government spending efforts, you know, didn't materialize in a negative way. So I think that's just a different, different, we've gotten through some of that uncertainty and it's settled down a little bit and what we're seeing is that The technology we provide is pretty critical and pretty strategic. And by the way, the government, particularly the federal government, has a huge need for it. They have legacy systems. Identity in the federal government often means some massive outsourced operation run by a big contractor. And this concept of a modern, purpose-built identity security platform is just amazing for them. So I think the fundamentals are winning out there in terms of some of the short-term uncertainty. I think we overestimated that.

Yeah, and you see that in some of the structures of the deal, Mike. So I talked about earlier about, and Todd just said, some of the contract restructuring. What that would look like is, in some cases, oh, we don't have as many users as we used to, because I think we all know that there's been a few layoffs in the government. But then at the same time, there's an upsell that goes along with it. for new products that they're not previously using. So we end up in a good place. It's just maybe we don't get as much of an upsell because ultimately there's less users on the other side because there's less employees in the federal government now. So that's what we mean by crowd-struck destruction. It's actually not a bad thing. It's actually them being more ingrained with Okta. And we look at that as a positive. It's usually more products you're on, the higher the renewal rates and the higher upsell rates we get over time.

Thank you, guys.

No problem.

Let's go to Andy Nowinski.

Okay, great. Thank you so much for taking the question and a nice quarter as well. Todd, I know Auth0 has been doing exceptionally well and you have a great pipeline on Auth0 given all the new AI products coming out, but I wanted to ask a question maybe about your workforce ACV. We continue to hear how customers want to consolidate identity vendors and how they want you know, workforce products like IGA and PAM and SSO all on a single platform, which you guys have. But my question is, why hasn't that sort of thirst for a complete platform had more of a positive impact on your workforce ACV growth, which has been, you know, decelerating over the last 12 months? Just wondering how you're thinking about sort of your bread and butter workforce ACV going forward.

I think we're going to do better there. I think the market is big. I think the opportunity is substantial. And I think we're doing a better job of explaining to customers what we have and getting the message out and getting real proof points with customers live at scale. And by the way, that's one of the real strengths of our product suite, particularly in the identity governance space. Our average customer is live with multiple resources in 30 days. And that's unheard of for a SailPoint implementation. It's legacy software. It's pretty heavyweight to deploy. It's hard to get successful with. And as those stories get out there of proof points of customers getting live with multiple applications and bringing resources into the management framework, it starts to resonate. And I think that's one of the reasons why We specialize in Salesforce to be more effective there. It's one of the reasons why we're investing heavily in the R&D for these new products to make sure they're fully featured, particularly upmarket. That's why we're excited about the Axiom acquisition and many other efforts. And like I said before, we're building the best team in identity. So if anyone is world-class and wants to work on identity, they should come work for us.

Go ahead, Eric. Another thing I would add to that is coming back to the overall vision of the security identity fabric we've talked about and how to consolidate use cases on a platform. Todd talked about one account he's working with, one of the world's largest technology companies, and consolidating 50 different identity systems onto Okta. I'm from the CIOs and CISOs that I'm talking to at the accounts that I work with. What I'm really hearing is that having such a disparate framework isn't just expensive. It also adds complexity, which adds fragility, which creates security holes. And so part of the value in our customer's mind of consolidating use cases with the trusted identity provider is they can have confidence in how they administer the product, how they administer the platform, and knowing that they can have secure identity across all of these use cases. So that's an added value and something that we've seen more and more from our customers as we've kind of seen the wave in industry ride from cloud enablement and how identity is necessary to help people move to the cloud into this phase of security and how we help companies secure identity. And now as we look forward to agentic AI again, it's going to be even more important for our customers to make sure that they've got a partner that they can work with.

Thank you. And next up, we'll go to Jonathan Rookhaver.

Yeah, thanks, David. So I think, Todd, this is probably for you. I'm curious if you would agree with the view that has been articulated by other industry participants that PAM capabilities can be delivered to all employees at a cost comparable to IAM. And I think when you look at the growing need for cloud-native, just-in-time ephemeral credentials to support agentic and machine identities, maybe help us understand that does Axiom potentially fit into that thesis that, yes, Pam, can be deployed more broadly and cost-effectively both across human and non-human identities? What's your strategy along those lines?

Yeah, every identity type, employees, partners, customers, every resource. So database, cloud infrastructure, servers, Kubernetes containers, every resource in machines, in the environment, and then every use case. So privilege access workflows, identity governance, attestation reporting, core access management workflows around creating accounts and removing accounts, So that's what we're building. So it's comprehensive. It's complete. And I do agree. I think I do think that you you want every employee to have a really locked down, secure identity experience. And that's why we have the world's leading authenticator, phishing resistant authenticator called FastPass, which is. employed by quite a significant number of our customers and has been over the last five years. It's why it's so important to have these different pieces together. So I think that's very important. And I think one of the things that's also very important as I talk to customers, I was talking with a chief security officer of a big beverage company just two weeks ago. And their whole thing was, you know, They wanna make sure that their identity provider works with all of their security tools. So it's in divisions and companies they bought, they have SentinelOne, they have CrowdStrike, they have legacy technology for endpoint, they have Wiz, they have Zscaler, they have Palo Alto Networks. And his plea to me was, he said, Todd, I need to consolidate something. I can't consolidate all my security stuff. It's too disparate, but I can consolidate identity, but you have to make sure it connects to all this stuff. And make sure it connects to Zscaler. Make sure it connects to Palo Alto Networks. Make sure it connects to Microsoft's network security. I said, that's what we do. We connect to everything. So I think that's the one in formula.

Helpful. Thank you.

Next up is Rob Owens. Rob?

Thanks, Dave, and good afternoon, everybody. Actually, it was exactly what I was going to ask, so I'll shift to a more Brett-focused RPO, CRPO question, I guess. Brett, if I look at the last couple of years, just in the RPO acceleration that you guys have seen, number one. Number two, you've talked about constant duration as well. But over that same time, CRPO has been trending down. It's finding a bottom here. But at what point do we see a better marriage, I guess, between prior RPO growth and forward CRPO growth? And maybe you can weave into that just what you're seeing from a retention rate perspective in terms of GRR. Thanks.

Yeah. So you're talking about last year we saw RPO outpace CRPO, right? Is that what you're talking about?

Yeah, for a couple of years, you've seen that acceleration in RPO. And if it's constant duration, it feels like that should come through on the CRPO. But that's not in your guide. And I think a lot of us would look for maybe some of those headwinds to abate here in the second half that have been holding down NRR, potentially providing a lift to CRPO, especially as you're talking about your success with cross-selling and upselling.

Yeah, absolutely. So when I've said the constant duration, I meant the duration of the amount in Kern RPO, you know, because you don't have a 12 month value in Kern RPO at all times. That's just how it works. In terms of duration of contracts that we're signing, if you remember in FY25, we went back to incenting the field on contract duration as part of their compensation plan. The prior couple of years, we hadn't done that. You saw RPO go up in a big way because contract duration went up in a big way. If you look at this year, contract duration is still in their comp plan. Right. And it's still a component that we pay them on. And so you're seeing more of a normalization. We see contract duration actually in the first half slightly ticking up, but it's not going to have the effect like it did last year because it's coming off of a different base, if you will, Rob. So hopefully that answers your question around current RPO and total RPO and the dynamics in between those, because it's, you know, it's a simple, it's a simple sales comp model. That's all it really is.

Any broader comments on GRR?

Yeah, we tend to continue to have that be a strong number for us. It's been healthy. It's been one of those things. It's a hallmark of this company that for years it's been healthy and it continues to be so, at least through the first half of FY26. And we're looking forward to some solid results as we finish out the fiscal year.

All right. Thank you.

Thanks, Rob. They were coming up on the hour, but let's try to get questions in from Annick and Gabriella. Annick Bauman, go ahead.

Hey guys, I'm on for Joe Gallo here. Brett, any verticals beyond federal, because we've talked about that a lot, or geos of strength or weakness to call out in 2Q? And then Todd, can you just talk us through the key to unlocking the international market? Seems like an incredible opportunity relative to what you've built in the US today.

Yeah, I would say larger customers. So enterprise in general and had a really nice quarter. So we're feeling solid about that. That's been actually pretty consistent for a while now. We've talked about bigger customers getting bigger and that's why we see enterprise doing well. But I'll let Eric comment a little bit on that because I know it's near and dear to his heart on that topic.

Yeah, we continue to see strength in upmarket and large customers. I would agree with that focus. And we talked about updated stats and our customers above 100K and customers above a million dollars in ACV spend continue to be growing at high rates. And again, that reflects what we see is the industry trend of the importance of people investing in security. We look now at at cyber events worldwide and over 80% of them start with some form of compromised identity. Our customers, CIOs and CISOs are coming to us to help them build the partnership they need across our expanded product portfolio. So we continue to see great success there.

And on the international question, we have a big opportunity in international and our strategy there is really to invest in our top 10 countries and invest, make sure we fully do everything we need to make those successful and get those to grow to their potential because versus spreading ourselves too thinly. So we're going to continue to really prioritize our countries, our top 10 countries ruthlessly and invest to make those successful because we do think the opportunity is quite substantial.

Makes sense. Thanks, guys.

Okay, last question from Gabriella Borges.

Hey, thank you. For Todd and for Eric, I want to explore this idea of security and identity and the conversions of it. Give us a little bit of an update on where you're seeing progress with the market, specifically with security bias in the enterprise. And the reason I'm asking now is Todd, you mentioned not expecting to see a change in the competitive landscape because of Palo Alto Palo Alto is really good at driving some of these strategic conversations at the top of the house with CISOs. So maybe just an update on how you're progressing and please push back against my comments.

Yeah, I think it's a question of the capabilities of the products you're offering. And I think where a security vendor is going to struggle is the breadth of identity types, first of all, and the breadth of use cases they can support across those identity types. Because what we still see, it's very influenced by security, but it's still more than a security conversation. A lot of the identity management products, particularly governance, they operationally help the companies in terms of being more efficient passing compliance audits, et cetera. I was talking to the chief information officer of a global auto company just a couple of days ago. And they, and she was talking about, I was talking to her about cyber and she goes, yeah, of course, identity is a cyber thing, but it's really about, we want visibility into what people are using. So we know how much we spend on all these things and we want to make sure we automate these workflows that are slowing people down. So although the, while the security voice is very important, I think it's still a, It's not still purely a security cell, which I think is a little bit different for some of these security companies. But I think ultimately, Gabriella, it kind of comes down to having the products. And you have to have a broad range of identity types and use cases and resources to really serve this concept that these customers want.

Thank you for the talk.

Okay, well, apologies for not getting to all the questions today. It is the top of the hour, but before you go, just want to let you know that in addition to hosting on-site and virtual bus tours this quarter, we'll be attending the Citi TMT Conference on September 3rd in New York, the Goldman Sachs Conference on September 9 in San Francisco, the Piper Conference in Nashville on September 10, and the JPMorgan Software Conference on October 8th in Napa. So we hope to see you at one of those events. Thank you. Thanks, everyone.