Okta, Inc.

91% of enterprises deploy AI agents, but only 22% have a way to identify them. To secure your enterprise, you must answer, where are my agents? What can they connect to? What can they do? With Okta, your agents are first-class identities, discovered and onboarded with a clear owner, connected only to what they need, and governed with a kill switch if one goes rogue. This is how Okta secures AI.

Hi, everyone. Welcome to Okta's first quarter of fiscal 2027 earnings webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's meeting will be Todd McKinnon, our Chief Executive Officer and Co-Founder, and Brett Tai, our Chief Financial Officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting. At around the same time the earnings press release hit the wire, we posted supplemental commentary to our IR website. Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Security Litigation Reform Act of 1995, including but not limited to statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance, or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-K. In addition, during today's meeting, we'll discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. The reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents are available in our earnings release. You may also find detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website. In today's meeting, we'll quote a number of numeric or growth changes as we discuss our financial performance. And unless otherwise noted, each such reference represents a year-over-year comparison. And now I'd like to turn the meeting over to Todd McKinnon. Todd?

Thanks, Dave, and thank you everyone for joining us this afternoon. We're pleased with a strong start to FY27. Consistent with recent quarters, our results were driven by strength with large enterprises, partner engagement, and contribution from our newer products. Underpinning this performance is the durability of our core business, with the Okta and Auth0 platforms both contributing to steady momentum across our entire portfolio. That said, the number one topic of interest from customers to investors is Okta's AI strategy. So today I'll focus my remarks on how Okta is uniquely positioned to capture the AI opportunity. The future of technology is agentic. For Okta, this represents a tremendous opportunity and an even greater responsibility. Every AI agent inside an enterprise is a new identity. Today, AI agents are the fastest growing identity in the enterprise, but also the least governed. Okta helps bring agents under control by treating them as first class identities that can be managed and governed by their existing identity management system. We believe, over time, most large enterprises will have more agentic identities than human ones. This shift broadens the attack surface because every agent comes with credentials, privileges, and the ability to act on a user's behalf. In turn, this raises the strategic value of the identity layer because governing autonomous systems requires the kind of control, audit, continuous intent-driven authorization and real-time enforcement only an identity platform can deliver. To help our customers confidently secure this shift, we're building on three unique advantages, each with powerful network effects, distribution, product breadth, and neutrality. Today, I'll cover all three, starting with distribution. Okta pioneered identity for the cloud era. Over the past 17 years, we've built the most modern and comprehensive identity platform, which is now the identity system of record trusted by more than 20,000 customers. In the agentic era, identity becomes even more foundational. When a customer secures their agents with Okta, they are not taking on a new platform. They are extending the trusted foundation they already rely on with Okta. We've already seen how our customers benefit from this expansion in other parts of our business. Customers are finding value in Okta's unified identity system, as Okta Identity Governance was once again the leading contributor among our new products. This distribution flywheel is evident in our results. Our new product portfolio represented approximately 25% of Q1 bookings, a meaningful increase from Q1 last year. We see a 40% ACV uplift when new products are included in a deal. The same customers who trust Okta for workforce and customer identity are extending that trust into agent identity. Our second unique advantage is product breadth. We are the only vendor with solutions that address both sides of the agent security problem. Okta for AI Agents, which became generally available last month, gives enterprises a single control plane to discover, govern, and manage agents across their organization. It is the first and best implementation of the blueprint for the secure agentic enterprise, an industry framework for bringing agents under control by answering the three questions that have dominated my customer conversations over the past several months. Where are my agents? What can they connect to? And what can they do? Enterprises need to maintain visibility and control over their sprawl of agents, ensuring they have governed identities, consistent access policies, and ways to shut them down to secure every agent end-to-end. Okta provides customers with centralized visibility into agents with identity governance capabilities, including ownership assignment and lifecycle management, while giving IT and security teams critical security controls to deactivate rogue agents. For developers building AI agents, Auth0 for AI agents provides the identity foundation to ship secure agents inside their products. Auth0 for AI agents secures agents, APIs, and users effortlessly for B2B, B2C, and internal apps, all backed by the enterprise-grade auth they already trust. In tangible terms, pipe generation in Q1 was strong, driven in part by these two new products. The third unique advantage is neutrality, which is more important than ever. The AI landscape is evolving rapidly. Customers need an identity solution that frees them to choose whatever technology serves their business best, without fear of vendor lock-in. As the leading independent and neutral identity platform, Okta gives organizations the flexibility to do exactly that. In the same way enterprises run workloads across multiple clouds, they are deploying agents across various platforms like OpenAI, Anthropic, Google, Microsoft, Salesforce, and a growing set of open source frameworks. Managing and securing an autonomous workforce requires a neutral, independent identity layer that others can't provide. In practice, cloud providers, model providers, and agent platforms are partnering with Okta to securely manage agent identities as they continue to proliferate across the enterprise. Okta is the only modern identity platform purpose-built to sit above the agent ecosystem, and it federates with whatever identity provider a customer runs. That means the opportunity for Okta for AI Agents is not limited to our existing workforce customers. It extends to every enterprise with a multi-platform AI strategy. These three advantages are unique and mutually reinforcing. The more organizations use Okta to secure their agents, the more identity signals flow into our platform and the stronger our governance and detection becomes. And our neutrality allows us to secure current and future agent frameworks for customers, allowing Okta to capture more of the addressable market. Neutrality becomes even more important when it comes to technology partnerships and integrations. Like the traditional cybersecurity landscape, no single company can address the Agentech security market alone. That's why we've partnered with AI leaders from ISVs to hyperscalers to frontier AI vendors. And I'd like to highlight a few of those partnerships today. We've entered into a partnership of ServiceNow that integrates their AI control tower product with Okta for AI Agents. Our partnership with Google brings centralized identity governance and access control to Google's agent gateway. Okta for AI Agents now integrates with Amazon Bedrock Agent Core to provide customers with identity governance capabilities for their agents. We were a launch partner for OpenAI's release of GPT 5.5 Trusted Access for Cyber. And finally, we're collaborating with Anthropic in a number of ways, from testing Anthropic's Cloud Mythos preview model as part of Project Glasswing, to a new integration between Okta Identity Security Posture Management and the Cloud Compliance API. It's still early days, but the agentic era is fundamentally transforming how we deliver success for our customers. By leveraging our unique advantages, great products, deep partnership, and industry expertise, we are well-positioned to help customers thrive in this fast-moving landscape, which will unlock a new growth vector for Okta. To wrap things up, FY27 is off to a strong start as we look to build on our momentum as we move through this year and beyond. I want to thank the entire Okta team and our loyal customers and partners who put their trust in us every day. And now, here's Brett to cover the financial commentary.

Thanks, Todd, and thank you, everyone, for joining us today. The investments we've made in product innovation, our go-to-market team, and partner network are yielding tangible results. We're pleased with the strong start to FY27 and are confident we're on the right path to accelerate the business. My commentary will provide insights into our Q1 performance and then move into our outlook for Q2 and FY27. I'll start by highlighting the strength we saw in our go-to-market performance. As a reminder, at the beginning of Q1 last year, we further specialized the go-to-market team into Okta sellers addressing security and IT buyers and Auth0 sellers addressing developer buyers. The teams are now fully settled into place, allowing us to start this fiscal year with far less change. The stability of the sales team coupled with strong execution led to positive go-to-market KPI improvements, including increased sales productivity, strong pipeline build, and low AE attrition. We're also seeing the investments we've made in our partner initiatives take root as partner source bookings experienced a meaningful increase, including multiple million-dollar-plus deals in Q1. Moving on to our balance sheet and capital allocation. We had another strong quarter of cash flow in Q1 and ended the quarter with a very healthy balance sheet consisting of approximately $2.6 billion in cash, cash equivalents, and short-term investments. Next month, our convertible notes reach maturity and we will settle the remaining principal amount of $350 million in cash. Over the course of Q1, we repurchased and retired just over 3 million shares for a total cost of $241 million. $680 million remains under the $1 billion repurchase program that we launched in January as we look to take advantage of what we believe to be an undervalued share price. We continue to regularly evaluate Okta's capital allocation priorities to ensure we're well positioned to deliver sustainable long-term value to shareholders. Now let's turn to our business outlook. Our guidance philosophy is unchanged as we continue to take a prudent approach to forward guidance. For the second quarter of FY27, we expect total revenue growth of 9%, current RPO growth of 11%, non-GAAP operating margin of 26%, and free cash flow margin of 20% to 21%. For the full year FY27, we now expect total revenue growth of 9% to 10%, non-GAAP operating margin of 25% to 26%, and a free cash flow margin of 27% to 28%. As I called out last quarter, the FY27 revenue guidance includes about a one point impact related to a strategic decision to shift more of our professional services business to our partners, specifically global systems integrators. This change will result in lower professional services revenue and is expected to start to materialize in Q2. In addition, the FY27 free cash flow margin guidance includes about a one point impact related to lower interest income due to the combined impact from the stock repurchase program and our intent to settle the remainder of the 2026 notes in cash. To wrap things up, we're optimistic about the trends we're seeing in the business. We've been disciplined with our cost structure while investing for growth, putting Okta in a great position to extend our leadership in identity security. We've demonstrated exceptional leverage in our model and are positioned to deliver profitable growth for years to come. With that, I'll turn it back to Dave for Q&A. Dave?

Thanks, Brett. I see that there are already quite a few hands raised, and I'll take them in order until the top of the hour. And in the interest of time, please limit yourself to one question. So with that, we'll take the first question from John DeFucci at Guggenheim.

Thanks. Thanks, Dave. Thanks, everybody. Nice job, you guys. Really nice to see. I guess I'm going to stick. I was going to have a couple, but I'm going to have one, Dave. And it's going to lead into what Todd was talking about with AI. It's not one I like to ask usually, but I think based on our work anyway, you guys have done a great job of gaining AI mindshare among the channel. Like the channel is talking about what a good job you're doing that and getting in front of customers. But we realize it's still early. Can you talk about how this is materializing in the market? Are customers actually at the point where they're actually securing agents yet? Are they just talking about it? Or are there a lot of them that aren't even really doing that and you're trying to make sure you're in front of it? Thanks.

Hey, John, let me set the stage for you out there. I've spent the last six months, I'm on this goal to talk to in-person, face-to-face with our top 100 customers, about 75 customers in. And when you mix that with a bunch of other conversations, here's what's going on. Everyone is deploying agents in some way, shape or form, but they're really just starting to think about and put in programs in place to, to lay out the rails of governed managed adoption. So a concrete example is you'll have a development team that is using cloud code, but it's connected to GitHub and their Jira system with static tokens in the local developer box. So that company is using agents, but they've really done it in a haphazard, non-secure way. And what's happening now is they're figuring out those rails. They're figuring out how they're going to have secure connections, have a system to monitor where all the agents are, have the ability to support it from multiple platforms. And that's why you're seeing the record interest and the record pipeline for what we do with Okta for AI agents and Auth0 for AI agents. The reality is of these products, it's still early. They're not materially contributing to the business in Q1. In fact, we're still being prudent in our guide. They're a little bit in the guide, but not significant in the guide. But it's going to be big. We're pouring a lot of R&D effort into this and focused on it. And the interest is super high, unlike anything we've ever seen. And I think it's because we've focused on it. We have a good story and good thought leadership, as you mentioned with the channel. But I think another big reason is that it's ours to win because they're used to looking to us for trusted infrastructure. that they use to connect their employees and their customers to all these resources. So it's very natural to say, who can really manage these connections and give me these governed rails for all these secure connections, where my agents are, what they're doing, what can they do? It's a natural fit for us. So I think as they build out this infrastructure, we're in this really great position to have this be a super, super meaningful part of the business and TAM over the next several quarters and several years. And that's why we're working so hard to Take advantage of it.

Todd, that all makes sense. If you could just in this same topic, when do you think this will start to happen in mass? And like I said, you're up ahead of it.

Well, one thing that's already happening is that we're already starting to get pull through in the sense that these agentic AI conversations are raising the strategic importance in many of our customers' eyes of what Okta is. Beyond just workforce access management to this really, hey, these guys could be this broad platform across governance, privileged, posture management, identity security, identity infrastructure management. And that is having impact. That is in the numbers now. Like if you look at our 12% revenue growth, we look at net retention inflecting up to 107, you know, CRPO of 12. That's being driven by Okta being put in a more strategic light because of this thought leadership in AI. And that's going to continue throughout the year as well.

Great. Thanks a lot, Todd. Thanks, John. Next up, let's go to Brian Essex at JPMorgan.

Great. Thanks, Dave. And thanks for taking the question. I wanted to follow up on John's question a little bit. So Todd, we'd love to know from a macro and spending perspective. I mean, you heard beginning of the year, I think there was a little bit of caution around IT security budgets. And then we started hearing about security getting access to budgets outside typical budgets, whether it's like marketing budgets and so forth. And now we're starting to hear about like panic or incident response. spend now that that mythos has come out last week, which you mentioned, I think CIOs a little bit fearful of the how the threat environment might accelerate. So could you could you tie that back into what you're seeing for demand and access to IT budgets? Are you getting that incremental spend? Is is the panic around the threat environment? a headwind to your sales cycles or are you benefiting from it? We'd love to just get what you're hearing from customers.

So when we talk to customers, they're cyber professionals and they're entrusted with keeping their organizations secure. So any kind of intelligence they can get, any kind of like edge or information, whether that's something on the dark web or that's some new model, they're all over it. And there's a ton of energy around getting access to Mythos and Glasswing and OpenAI's new model. So they're very interested in that. So that being said, I think The world and the population has extrapolated that from thinking that they're panicking and changing their priorities. And that is not true. I think what it's doing is everyone is reinforcing the fundamentals. They know what they have to do. There's been zero days forever. And now there's going to be more and we can debate how many more. But they've known what they have to do. They have to have a good zero trust environment. They have to have solid identity. They have to make sure they have a patching process. They have to make sure they have visibility. So I think what I'm seeing is that boards and CEOs are saying, we know this agentic thing is real. We've got to put the guardrails in place for that. And we know that security is real. And we're going to spend money on that. And the reality of it, Brian, is that it's the fundamentals. It's identity. 80% of breaches go through identity. and and you know you know you have to patch your systems you know you have to have a good multi-layered defense and zero trust so you can defend from multiple ways and so that's i think that's why we're so well positioned to be that key identity platform in an unmatched array of products that no one has no one has governance pam identity infrastructure identity security agentic story so that's why we're really excited about what's going on that's helpful but are you seeing that materialize in like

accelerated sales cycles, or is this more of a conversation?

I think this return to the fundamentals and knowing you have to fix your fundamentals is helping the identity market and the identity security market. I don't think it's necessarily showing up in agentic identity yet. That's still early, but it's accelerating the importance of investing in your identity infrastructure and your identity security.

Makes a lot of sense. Thank you.

Great. Let's go to Todd Weller at Stevens.

Thanks, Todd. Question for you on agentic. If you laser into kind of the runtime authorization and policy enforcement area, could you kind of provide some details on Okta's role in that layer and then how you interplay with some of these embedded capabilities we're seeing in the hyperscaler and agentic AI platforms?

Yeah, so sometimes it's all moving so fast and everyone's got their release and their announcement and everyone kind of says the future of Agentic is centered around what they traditionally have done, right? So it's a little bit hard to pull apart. Here's what Okta does. And it's very much a key part of what is needed. And that is, you know, we connect... resources to uh we connect um traditionally as people to resources whether that was the apps you need to do your job whether that was the apps your customers wanted to browse on your website or mobile app and now it's very similar with agents we we tell you who your agents are there's a directory of agents we can scan multiple platforms and multiple systems and give you that source of truth of where your agents are And we can help you set a policy on what they can connect to. Agents can read this from Teams and they can read this from Slack and they can read this information from Snowflake and they can read this from GitHub. So it's like a single sign-on or access management. Now, all the protocols are different. So it's a new product capability and the way agents are built are different than some of these other apps are built. So it's a new set of capabilities, but at a high level, it's the same thing. And then you mentioned this last part, which is really key, which is like, once you can get into these systems what can the agent do what what types of data can they see is it read only is it read right how does it work and so we can lay that authorization actually so we can surround the agents with an authorization layer that will control what the agents can do without having to go into these large enterprises that we're working with the FedExes, the Dells, the biggest companies in the world, they have thousands of applications. And it's not realistic to go require the customer to rewire all these applications to set up their agents. So we can surround the agents with an authorization layer that does that in a very scalable way. So it's detecting agents, controlling how they can connect to things, and then what they can do in there. And there's a few fundamental truths, right, that are gonna play out, I think. One is that they're going to get agentic capabilities from many, many companies. They're going to have different platforms. They're going to have hyperscaler platforms. They're going to have foundation model platforms. They're going to have open source platforms. They're also going to get agentic capabilities from apps. Salesforce is going to have their workdays is going to have their service nows and on and on. Everything is going to have agentic capabilities. But we know they're going to have to have a directory of these things, a roster of these things, a policy layer, and they're going to have to make sure they can connect to things. And so we're seeing our customers, it's a kind of a no regrets move to pick this independent and neutral identity layer that can solve those fundamental problems without locking them into, hey, you got to be all agent core, you got to be all agent 365, or it's agent force. They want flexibility and choice across multiple things.

Thank you.

Okay, let's go to Eric Heath at KeyBank.

Thanks, Dave. Congrats, everyone. Todd, just to stick with the theme, I wanted to ask about the pricing strategy for AI agents and understand everything's early. So just curious to get your perspective on where the market is in terms of figuring out how we're going to price these things. And then just any update you might be able to share on the uplift you're seeing from AI agent deals at this point. Thanks.

One of our advantages is that we have 20,000 customers and the way I've organized the team to attack this opportunity is all around focusing our strategy in our product roadmap directly informed by active customer conversations. So we have an AI takeoff team that's out there having hundreds and hundreds of conversations with our customer base, figuring out what they're actually going to do with these agents today, what are their challenges today and tomorrow. So it's very informed by what the customers actually are doing planning to do. I tell the team, in this area, there's so much hype and so much noise. There's a big risk of science experiments, building things that maybe aren't super useful, but sounded like a great idea. So our approach is very pragmatic and focused on the real requirements. And so the way we've done pricing for our products is exactly in line with how our products have been priced in the past. They're priced on, it's an uplift to a named user, or it's an uplift to a monthly active user. Now, you might say, hey, Todd, but agent agents are this new thing. And why are you pricing them on an active user or a named user price? And that's for two reasons. One reason is that's the way customers want to consume it right now. And two, the majority of concrete use cases in the world right now for agents, it's on behalf of a user. It's an agent working on behalf of a software developer. It's an agent working on behalf of a support rep. It's an agent working on behalf of someone in accounting. So it's very natural how they want to buy it and how they're actually being used. So it's an uplift on a named user. It's uplift on an active user. Now, we fully understand that that's going to evolve and there will be more. autonomous agents that have to be priced, not by user base or not an extension of user. They have to be, the unit has to be the number of agents. It's a little bit tricky because it's very hard to define the number of agents because some person might say, oh, I have a thousand agents, but it's really kind of thousand copies of the same agent. or 1000 instances of the same agent. In other cases, it might be literally one instance of an agent acting for many, many different use cases. So the industry is kind of figuring that out. And we'll figure that over time how to monetize and price that now. But right now it's we're pricing for market share and reducing friction and how customers want to buy. And that's we think that's the winning strategy.

The other thing, Eric, I would just add around your question around uplift and how that's going. The average deal size for these AI specific deals is significantly larger than the average deal size for the rest of the company. So we are seeing a good uplift. Look, we're still early. So that has the potential to change. But the early signs are these deals are quite sizable. And that's one of the reasons why we're optimistic about the opportunity in the long run.

Yeah, and we're just in a different, it's a different strategic conversation with customers where you're talking about, you know, we're going to be the backbone for your agenda control plane. And we're going to also do your customer identity and your employee identity versus, hey, you know, we want some tactical multi-factor authentication thing to pass an audit. And it's maybe done lower level in IT. It's a whole different type of conversation we're in. And that's really driving a lot of this positive momentum in the business.

Appreciate that. Thanks, Todd, Brett.

Okay, next we'll go to Adam Tindall at Raymond James.

All right, thanks. Todd, you mentioned a building pipeline on AI. I wonder if you might help with the size of this, maybe relative to other products in the past, or maybe a different way to ask that to Brett.

The pipeline's bigger than anything we've ever seen. No, it's like, we don't get paid for pipeline. Very clear. Very clear. So it's not a pipeline problem. Um, it's, you know, it's how can we execute on turning this pipeline into real dollars? And the reality is if you look at like, if it wasn't the AI agent products were not materially didn't materially contribute to Q1. It's not, there's a little, a little bit of the guidance, but you know, it's heavily discounted being pretty prudent there. Um, But we're optimistic. We vote with our dollars and we're investing a lot of R&D in these products. And if you just look at what is needed in the world and thousands and thousands of customer conversations, the need is there. And customers are going to lay down these rails. They're going to lay down these rails of security and identity for their agents. And we're there to convert that pipeline as soon as we get the opportunity.

And I see it in Brett's guidance is about 100 basis points above where he would normally guide Q2 based on the past couple of years. So I can see some of that. I guess the other part of my question I wanted to ask was the difference between AI for Agents and Auth0 versus Okta, the two different platforms. Maybe just help us to appreciate the technology aspect of that? Is there like a big difference in size of pipeline between the two? Is one materializing faster than the other? They're both healthy. The Okta pipeline is bigger.

And I think that's because it's a little bit of a, I think the companies that are figuring out how to manage and deploy internal agents are further along than people building agents into their products and into their websites. But I think that they're both going to be big opportunities over time. Thank you, congrats.

All right, let's go to Josh Tilton at Wolf Research.

Hey guys, thanks for sneaking me in. Maybe I'll call it a two-parter so Dave doesn't kill me. But the first one is just really strong short-term bookings. I think some of the strongest we've seen in a while. How durable is that growth? And then just maybe my second part, completely unrelated to anything we've talked about so far on the call, but it kind of stood out to me in the prepared remarks. Large customers represent 85% of ACV now. I think you guys used to call out 80% of ACV. Maybe just help us understand what's driving that mixed shift there.

Yeah, I mean, I can take the mixed shift, Todd, if you want to take the first one.

Yeah, for sure. You want me to talk about short-term bookings?

Yeah, absolutely. I can get into it too as well.

Yeah, I mean, I think that the performance in the business we think is very, very durable. We don't, you know, like if you look at the, particularly the AI landscape, I was having dinner with a bunch of CEOs of companies, different sizes, and everyone's super worried about their spend in their products and their revenue in their products being not durable because it's token spend and they worry about the products being used and then And maybe someone's going to look at the spend and stop spending the token spend. And we don't have that. This is critical infrastructure. This is these are whether it's just core identity infrastructure for people or for customers. You know, the it's like good news and bad news. The bad news about identity is it's pretty hard to put in place and it's pretty hard to change. So it takes longer than some of these other categories. The good news is that once it gets in, it's sticky and you're not going to take it. As long as you kind of keep innovating at a reasonable level, you keep good customer relationships, you're going to have a very profitable long-term relationship. So yeah, we're very confident in these trends of the business that are durable and sustainable and in a lot of ways with what's going to happen in this AI wave just getting started.

One of the things I'll add to the durability comment as well is in our results for the quarter one, we reported that our new product inventory overall accounted for 25% of our bookings. So while we're not yet seeing a material uplift specifically from our AI products, given that they're newer to market, That's continued growth and trend in the diversification of our product portfolio. And Todd talked about that today in his opening comments. Customers are continuing to look for us to solve the breadth of use cases they have across all their technologies and all their stack. And knowing that Okta is going to continue to be the neutral identity provider growing from access management through governance. And we continue to have a great quarter for our governance portfolio and into privileged access. And we had some great wins in the quarter for privileged access as well. All of that is continuing from a durable momentum basis. And then as Todd indicated, the additional products now entering the mix with Okta for AI agents and Austero for AI agents provide further upside to that. So we're very optimistic on the durability of the results we saw for Q1.

Yeah. Okay. So I'll answer a little bit of the first and the second question, actually. So Josh, I would say in general, if you looked at Q1, the strength across the quarter was fairly broad-based. as for Q1, you know, usually Q1, as you guys all know, is seasonally our lowest quarter of the year, right? But if you look at a lot of the metrics in Q1, they were quite healthy, whether it's the pipe gin, whether it's the bookings number, whether it's the AE attrition, the AE productivity, you know, across the board, it looked pretty good for Q1, which we're really pleased with, which is why you hear all the optimism in our conversation today and the prepared remarks, and you see it in the numbers, frankly. So I think it's very exciting from that perspective. In in terms of the 80 to 85%, it's something simply we've been working on very hard over the last few years. We've talked to you a lot about large customers, right? We've talked about the investments we've made into those large customers and getting more large customers. And so it's really the result of the hard work that we've been doing over the last few years. You can see it in the 100K, which is what you're taught greater than 100K. You can also see it in the greater than $1 million customers. So obviously that was growing quite nicely in the quarter as well. So I think it's just the result of our hard work. If you look at our strategic initiatives this year in FY27, large customers is on the top of the board as well, right? AI and large customers are really the two of the main four on the board that we've talked with you guys about in the past. So I mean, it's not hugely surprising numbers are what they are because of all the hard work we've been doing over the last couple of years. So hopefully that helps, Josh.

You're helpful, guys. Congrats again.

I'll just, you know, hearing that commentary, one thing I want to throw out there is that the large enterprise opportunity is still, we're still relatively early. We've done really well in the mid-enterprise and, you know, we have a lot of opportunity still in the global 2000. So it's paying off, but we still have a lot of upside there as well.

In addition to all that, we also haven't talked yet about the fact that we had a great quarter in PubSec in our federal and state public sector business as well. So across the board, we're very bullish.

Okay, we'll take the next question from Roger Boyd at UBS.

Great. Thanks, Dave. Todd, in your prepared remarks, you talked about Okta's ability to sit above the agentic ecosystem and that Okta for AI agents is not necessarily limited to your existing workforce customers. I guess, are you seeing your thought leadership and the conversations you're having with customers around agentic identity starting to influence broader identity deals or create bigger competitive wins down the road?

Yeah, I think we're definitely seeing that. We're seeing that the products we've offered for AI agents and this blueprint, this vision we have for the industry and AI agents is raising the strategic level of conversations, which is pulling in other products and helping us displace legacy faster and sell more of our existing products and our newer products into new customers and the base than we would be otherwise. I say that because to make it clear that the AI agent products are still immaterial, the contribution with Octafer AI agents going GA in April. They had a good quarter, but it's still small base. So the pull through is real already though.

Great.

Thank you.

Yeah, we'll go to Peter Levine at Evercore.

Great. Thank you guys. Maybe for you, Eric, just to kind of piggyback off the prior question, you were talking about, you know, I think Todd, your parent Mark's, 25% of bookings. So maybe just talk about IGA, Pam. Are these competitive displacements versus greenfield opportunities? Just curious to see how much of your IGA product today are you seeing customers attach as a standalone, similar to the privileged access product. I know that's not as mature, but you're really seeing a lot of traction with IGA. So just curious what you're seeing from a competitive displacement versus Greenfield. And are you getting net new customers coming in, you know, buying these products?

We are, thanks for the question. The reason that I made that comment to the prior is I'd I didn't want the breadth and success and continued momentum with governance and privileged access and the rest of our portfolio to get drowned out with all the conversation we have about our AI products. We're very excited about our AI products. But governance continues to be a strength for us. We talked over the past couple of quarters about how governance has evolved from being primarily a cross-sell add-on product to also now being a land product. And we are seeing sizable land opportunities, starting with governance at some companies that are displacing systems that they've had in place. So we're very excited about the enterprise readiness and robustness of our governance product in the real world deployments. We have some very large customers, including Fortune 100 customers who are consolidating all of their identity use cases onto Okta, including governance and including privileged access. And we're very excited for where we get to. As you mentioned in your comment, privileged access is further behind governance on that maturity curve. It came to market a little bit later. We're continuing to invest heavily in it. We did an acquisition back Q3 of Axios to add capabilities to that. And we're continuing to invest in that breadth of portfolio, kind of rounding out the identity security fabric in addition to all the momentum that we're seeing with our great success in the AI product. So we expect that new product portfolio contribution to continue in future quarters and not be limited to the conversation we're having about AI.

Great. Next up, we'll go to Srinath Kothari at Barrick.

Yeah, thanks for taking my question. So among the enterprise partnerships that you announced and given your strength, the ServiceNow AI Control Tower sounds really interesting, especially because we have heard ServiceNow is definitely becoming a workflow governance layer for enterprise AI already beginning to monetize it. So can you walk through the partnership dynamic? How is that progressing or how do you envision of Okta reaching band customers and budgets earlier in this AI governance process. As you said, there's a lot of players out there. And just as a quick follow up, also tying to earlier comments, are these strategic partnerships also way, because you mentioned identity is being pulled into broader identity of workflow transformation programs instead of now standalone. Is it something which is showing up in these kind of partnerships? Yeah.

ServiceNow is, as you mentioned, super interesting. Their product strategy is they want to be the control tower for all AI agents. And what they were really interested with Okta was this kill switch capability. When agents go awry and agents aren't following the policy, how do you shut them down? And that can mean a lot of different things. That can mean actually stopping the running of the agent. That can mean quarantining the agent at a network level. There's many different strategies. The one thing we do really well and that they wanted from us is the ability to sever the connections, the access tokens, the actual logical connection at the authorization layer to the backend resources. And we're really good at that. That's kind of the core of our product. What can these things connect to? What can they do? And in people, you know, everyone's trying to figure out who's going to be the winner, who's going to be the losers and how is the competitive dynamic going to play out? I think there's going to be way more working together than people think. We're really excited about our conversations with Amazon and their agent core ServiceNow, agent force from Salesforce. And the message from customers is clear. They want this identity layer and this connectivity layer to be independent, to give them more flexibility. And I think the industry is coalescing around that and we're leading the way there.

What I would add to that, Srinik, is this is something Okta does really well. We talk a lot about the importance of neutrality and our philosophy that we want to meet our customers where they are with the technologies that they're deploying within their companies, and we want to make sure that we provide the identity control plane across companies. all of their use cases and all their vendors and all of their stacks. And so you'll see, just with our highlights from this quarter, we're really engaging with and partnering with all the major platform players that are active in this space right now. And that's one, because our customers require it and it's important for neutrality. And it's two, it's something Okta has been really good at throughout our history. We are an integration company. We have over 8,000 thousands of integrations for our core products through the Okta integration network available today. And so for us, expanding those integrations with the active providers who are gaining traction right now in this time is something that's very natural to us and something we expect to continue as these tools are evolving. And as you all know, the landscape has been very dynamic with different vendors leapfrogging each other. We expect to be partnering with all of them going forward as well.

Awesome. Super helpful. Thanks.

Okay, we'll go to Yoon Kim at Loop Capital.

All right, great. Thank you. On Brett's earlier commentary that average deal size when AI products are included is much larger than regular non-AI deals. I am assuming that the actual AI deal itself is small and it's still very early. So is the larger deal size mainly driven by customers adopting other platform as they adopt AI security solution? So in that way, is your AI agent in a way driving the customers to adopt Okta more broadly and is there like a specific go to market or a push to do this when a prospect is showing interest in your AI agent product?

To be very clear, and I'll let Todd or Eric comment on the second part of it, but the AI product itself, what I'm talking about when I say the average deal size, I'm only talking about the AI line on the deal. I'm not talking about the broader deal. And so it's a very sizable deal just for the AI products themselves. And so then you heard Todd talk about earlier about how we're getting this concept of pull through, which is exactly what you're mentioning, which is AI as part of it in some of these deals, but also it's forcing customers to modernize their tech stack to be able to look at identity and really examine it and make sure it's working for them. So then that helps the other side of the platform as well. So just want to make sure that was clear. And Todd, you can add anything I might've missed, but that's the general idea of it is that just the line item itself is a pretty large line item at this point. Granted, we're still early on potential for it to change, but right now it looks pretty good.

Yeah, in the early days of, you know, it's early days for Okta for AI agents and Auth0 for AI agents. But as we scale it up, as we kind of convert this record pipeline, it's about doing more deals. It's not actually about doing bigger deals. The deals are big, which is a little bit different, actually, than other new product. Even governance four or five years ago was the initial deals were small. Then they got big. Then we did more of them. So this one is they're already big. We can do more of them.

Great. Looking forward to the progress.

Thanks. Just one additional comment on this. It ties back to a couple of the questions we had from earlier in the session, questions around budget durability for customers. This is one of the reasons that the deals are big. And one of the reasons we've had great momentum and success with the hundreds of enterprises we're engaging with. And one of the reasons our pipeline, we feel very, very strong about our pipeline. As Todd mentioned, we haven't seen a pipeline like this for a new product ever. All of that is because of some of the statistics we shared in the opening video, which is customers have a problem today. They have a problem today where over 90% of them have agents in production and only 22% of them are confident that they have them governed. That is a real problem. It's a measurable, quantifiable exposure customers have right now within their companies, and they need to invest to fix it. And we are working very hard at Okta to meet them at that need and make sure that we've got the products that are going to help them address that exposure. And we're very bullish about being able to continue that as we help more and more of our customers become what we call the secure agentic enterprise.

Great. Next up, we're going to go to Junaid Siddiqui at Truist.

Great. Thanks, Dave. Todd, the role of the model providers is hotly debated within cybersecurity, even though it's early days. But to what extent is your participation in initiatives like Project Glasswing and Trusted Access for Cyber translating into measurable improvements in win rates or competitive positioning? And more broadly, how do you see their role evolving in the broader cybersecurity landscape?

That's a really good question. I don't think these partnerships have moved the needle yet in real customer conversations. I think we have such an interesting vision and our blueprint is so helpful for customers. That's what's driving it. I do think we need to partner with everyone, including the model providers, because they're going to be providing platforms and agentic scaffolding and infrastructure. And we're going to fit well with that. And we're going to make sure that we can take that from a model provider or from an app company or from a infrastructure cloud and make sure it can help the customer answer these questions. Where are my agents? What can they connect to? And what can they, what can they do when they do connect? And I think in terms of the model providers, how they're going to play in the broader cyber ecosystem is, It's going to take a village. I think we've seen that in cyber forever. I think consolidation in cyber never seems to work. It all seems to be gets to a certain point and then new threats emerge and the companies that are trying to consolidate cyber have such a hard time integrating amongst themselves. It kind of fractures apart. I think that'll continue. I think cyber and the agentic world is going to take a village and we're going to have to make sure it's integrated together and make sure we have layered defenses and That's why I think it's really healthy to be coming into this conversation with this open mindset of, hey, we have our lane. We're going to try to provide the best identity foundation in the world and then connect around that in a standard way that helps customers get great outcomes.

Great. Thank you.

All right. Let's go to Fatima Balani at Citi. Fatima, you're on. If not, we're going to go to Gray Powell at BTIG.

All right, great. Thanks for taking the questions. And yeah, congratulations on the results. It's good to see. So maybe just sticking with the AI topic. In RSA this year, the messaging from just different identity vendors on agentic security, I mean, I have to admit, it all sounds pretty similar. Everyone's talking about some form of agent discovery, guardrails, identity governance. And a lot of the CISOs that we speak to are just, well, they're confused. So I understand you have strong relationships. I guess my question is, like, how does Okta cut through the noise in the market, differentiate yourself and, you know, get to the people that are actually in charge of making decisions?

The first reason, that's why we wrote this blueprint, Gray. Yeah. We're trying to, people want a blueprint. In fact, it was based on a customer conversation I had. He, this guy, he was a great customer of Okta and he'd been in the Valley visiting a bunch of companies and he said the same thing you said. He's like, Todd, you're all, I don't know what you're saying. You're all saying the same thing. It's like, you should really, you should come up with like a blueprint for us. I said, that's a great idea. So that's why we made this blueprint. And it kind of tries to make clear, tries to define the swim lanes. And it's been really well received and it kind of makes it very clear that there's a bunch of stuff we need to do. Here's the different roles and here's the different ways to do it. And here's what Okta is doing. And here's, so yeah, that's one way. And the second way is just customer traction. As we get customers live and, you know, we keep saying that the agent products have, they're just getting started, but there's still many, many customers on them going live. And so once that happens, that's going to be very valuable that we're going to tout those stories and make sure everyone else in the world knows about them. And that, you know, that's how you set standards and that's how you, you know, take go from like a blueprint and a concept into actionable implementations that people can pivot off of and have their own success. So that's the plan. And, you know, like I said, a lot of it is, It comes down to the reason I believe strongly that the reason why we're seeing so much pipeline and early momentum is it's partly because, like I said, we have a good product and a good vision. But it's also it's, you know, because we're in the right position and people give us the credibility to do this thing. We've been connecting people to all these resources in a way that's scalable and neutral. And the GenTech problem is pretty similar. I mean, it's different protocols and how they speak and some of the development tools are different, but conceptually they think of it in the same bucket, which puts us in a good position, I think.

Yeah, that's one thing I was going to highlight as well to your point, Gray, about how we cut through the noise is the first point that Todd talked about in our differentiation is our distribution and our footprint right now with over 20,000 enterprises that already trust us as their provider to secure identity for their humans and their service accounts. And for those conversations, these customers are going to look to us first as the natural partner for them as they think about how they secure agents in their model as well. And so We've really had very engaging conversations across the board on this. And because we were responding so directly to what we're hearing these customers need, we've had great success in turning that into pipeline. And so that's why you hear some of the commentary we're sharing today.

All right. Thank you very much. That was really helpful.

Okay. I see Fatima back. Go ahead, Fatima.

Thank you so much. I apologize for the kerfuffle earlier. Todd, this question is for you. It's a strategic question. I know you've made the choice to offload professional services to some of your GSI partners, but it's an interesting dynamic we're seeing in the broader cyberspace and even with larger tech companies that are actually leaning into services on a more direct basis. I'm wondering if there's still an opportunity for you to maybe take a more strategic and architectural stance as it relates to building and defining strategies around a genetic identity. cybersecurity architecture. So just curious about that sort of dichotomy because you've decided to step away from it, but all your peers are kind of leaning more into it.

It's the great irony of our industry right now. We're going to automate all the jobs except for the forward deployed engineer. We need people to do that, right? And so we're doing our services team is evolving into that architectural over over the giving the overall high level consulting and helping the GSIs get enabled to do that and then do that on their own. That's exactly where we're going. Think about it as we're not getting rid of our services. We're repurposing them so they can be in this architectural consultative type role. And then the GSIs can help us just get the scale. Because overall, there needs to be way more capacity to do Okta work in the world. And, you know, then we need to improve that and increase that. And that's what this move is trying to facilitate that while at the same time, making sure the thought leadership and the architecture and the strategic stuff can still be done by the core of our team here.

Also keep in mind, it was a decision to try to get the partners sourcing more business for us. And if you remember some of the comments we had earlier, we talked about partner source AR and Q1 did really well and partner pipe gen in the quarter also did really well. And so, yes, it's only one quarter. Let's not get overly excited one way or the other. But it's a nice first data point for us to suggest that the strategy is the right strategy to go down the path of. And obviously, we'll update you guys as we go through the balance of the fiscal year. But that was also another reason to do this. And we see these early data points that are suggesting that it was the right decision.

And just one clarification for the way you framed that question is we wouldn't describe it as we're stepping away from services. As Todd mentioned, we are focusing on exactly that high caliber work that you described with our customers and partnering with the GSIs to give us the scale, as Todd mentioned. So we're very aligned with the scenario that you identified.

I appreciate that. Thank you.

Okay. Next, we're going to go to Gabriela Borges at Goldman Sachs.

Hey, good afternoon. Thank you. I have a different glass wing question. Todd, when you and your R&D team, when you get a hold of some of these next generation models, what are you doing internally, either from a vulnerability management standpoint or from an R&D roadmap standpoint? And Brett, the follow up here is how do you put the right guardrails on your inference costs such that you don't find yourself spending on tokens inefficiently? Thank you.

Yeah, so we're like everyone else. We're using these models. We're testing our own stuff. We're finding some interesting things. But I think what people miss is that there's a lot of zero days out there and, you know, we may debate how many more we find with these new models, but it's not taking the number from zero to 10. You know, it's some, it's, it's not zero to one. It's there's many out there. And so everyone has to have guardrails in place and everyone has to have capabilities in place to defense fast patching, multi-layered defense. So we're, we're no different. We're putting those, guardrails in place in our products and our processes, et cetera, et cetera. The cost thing you're talking about is real. The inference costs and the AI tooling and what it's driving in terms of expenses. And I think you're going to see at Okta and then over the whole industry over the next six to 12 months, you're going to see a little bit more scrutiny in terms of ROI. What are you getting from all this, the inference cost you're spending? How is it translating? Which is not surprising given the amount it's rising across the industry. And we're going to come out the other side with a more balanced ROI-driven investment portfolio of how we spend these things. And we're optimistic about how it's going to work out very well for us.

Yeah, I would just add that I remember one of the number one thing we've talked about for years has become one of the most secure companies in the world. So it's still priority number one. And this is just another tool for our security teams to try to achieve that goal. So just like Todd was saying, we're going to prioritize it and develop an ROI and all that good stuff like any other investment. But it is still in service of that goal of becoming one of the world's most secure companies out there.

Yeah, and in that example, it's not limited to the Glasswing, but also a ChatGPT 5.5 Cyber, and we continue to make those investments.

Yeah, it's good stuff. Thank you.

Okay, next up, we're going to go to Rudy Kessinger at DA Davidson.

Great. Thanks guys. Congrats on the quarter. Um, I'm curious how you are approaching, uh, pricing some of these agent deals in terms of the number of agents we've, we've heard in some field conversations, you guys are doing deals where basically the contract is for an unlimited number of agents. Uh, the good thing is in those deals, I'm hearing that the spend is very, very high relative to your existing spend and other products. But, um, you know, the risk there is what if the customer doesn't, you know, get to unlimited agents and there's downside renewal or, you know, other things that could happen. So how are you approaching that dynamic with customers and factoring it into contracts?

I don't, there's no, I don't, there's no unlimited. If there is unlimited, it's time bound. So there are, there have been some deals where we've done like a year. And then it's like, we're going to figure out after a year, what the how the use case really unfolded and how to how to snap it back to the kind of normal pricing model. But there's no it's it's not unlimited in the sense of time and volume. But I think that's just because it is an early market and there is some uses and some environments where there is more experimentation that's needed and they wanna sign a deal, we wanna work with them. And so we'll do maybe not a multi-year deal, but a one-year deal in that fashion.

Okay, next up, we're gonna go to Ben Bowen at Cleveland.

Thanks, Dave. Good afternoon, everyone. I appreciate the question. Todd, you referenced a bit of a return to fundamentals in relation to, I think it was Mr. Essek's question on mythos. Could you talk about how this is influencing the core workforce in SIAM pipelines and the opportunity in particular around SIAM to maybe disintermediate some of the DIY Frankenstein solutions? Thanks.

Yeah, I think the SIAM impact of this is not as big right now as the governance and privilege and access management. I think that's called that core cyber, core cyber hygiene and identity infrastructure, identity security. I think that's getting more pull through at this point than the SIAM side. But I think the SIAM side is coming because I think A lot of agents and agentic workflows right now are internal automation opportunities, but you're going to see better customer experiences. You're going to see better support experiences. That one's actually further along than some of the others, customer support. But I think it's going to be a big pull through for SIAM as well. And it's like you said, it's the pace of change and the pace of innovation. Once four of your competitors have a better agentic customer experience, you got to get your experience upgraded quickly and you're not going to have enough time to, you know, roll your own there. You're gonna have to use a package solution. I think, I think that will happen eventually.

It's the top of the hour. We're going to take one more question from Jonathan Ho at William Blair. Thank you for squeezing me in.

You mentioned multiple times the stability that you've seen in sort of your sales workforce with some of the transitions that have happened there with the lower attrit, higher productivity and pipeline build. I'm just trying to understand how you feel relative to where your go-to-market is today versus historically. And can we see more benefit from this over time?

Thank you. Yeah, we feel very positive on the state of go-to-market right now. We spent a lot of time last year explaining our expectations of the impact of specializing on our buyers for IT security with the Okta platform and developers with the Auth0 platform. You also heard us talk about the importance of continuity and giving people time and territory and time with their accounts and time to ramp into productivity. And you've heard over the past few quarters, we've shared our positive view on the improving trends in sales productivity and an AE retention, the inverse of AE attrition. So we feel very strongly that that engine is where it needs to be right now. Because of that, we added some selling capacity in Q1. We spoke about that last quarter. And we're continuing to lean into the model that we believe is working. So we're optimistic we can continue to see increased retention and increased productivity as people get more and more time within their territories. and with the expanding portfolio of products they can bring to their customers as well.

I think we have the right team and the right organization to convert this huge pipeline. We're excited about doing that.

All right, that's all the time we have. Appreciate it. Before you go, just want to let you know that in addition to hosting on-site and virtual bus tours this quarter, we'll be attending the Evercore TMT Conference on June 3rd in San Francisco, the NASDAQ Conference on June 10th in London, and the FBN Virtual Technology Conference on June 10th. So we hope to see you at one of those events. Thanks. Thanks, everyone. Thanks, everyone.