Okta Q3 2024 Earnings Call Transcript

Quartr
Provided by Quartr
November 29, 2023

There are 20 speakers on the call.

Operator

Hi, everybody. Welcome to Okta's Third Quarter Fiscal Year 20 24 Earnings Webcast. I'm Dave Gianarelli, Senior Vice President of Investor Relations at Okta. With me in today's meeting, we have Todd McKinnon, our Chief Executive Officer and Co Founder and Brett Teich, our Chief Financial Officer. Today's meeting will include forward looking statements pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to statements regarding our financial outlook and market positioning.

Operator

Forward looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance or achievements to be materially different from those expressed or implied by the forward looking statements. Forward looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors and our previously filed Form 10 Q. In addition, during today's meeting, we will discuss non GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non GAAP.

Operator

These non GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non GAAP financial measures and the discussion of the limitations of using non GAAP measures versus their closest GAAP equivalents is available in our earnings release. You can also find more detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website. In today's meeting, we will quote a number of numeric or growth changes as well as discuss our financial performance. And unless otherwise noted, Each such reference represents a year over year comparison.

Operator

Now, I'll turn the meeting over to Todd McKinnon. Todd?

Speaker 1

Thanks, Dave, And thank you everyone for joining us this afternoon. We want to kick off this call by addressing what's top of mind for everyone, so we're trying a new format this quarter. In light of the new security blog we posted this morning, we felt it was important to get the earnings release and guidance out before the market opened as well. At around the same time that the earnings press release at The Wire, we posted prepared remarks to the IR website, which contains some of my typical commentary around customer wins and other notable news from the quarter. This new format allows me to spend more time discussing the new information while also leaving more time for Q and A.

Speaker 1

I want to start by summarizing the update we shared in a blog post this morning related to the October security incident involving our support case management system. Upon deeper analysis of the event, we determined that the threat actor obtained the contact information of our support portal users across a significant portion of our customers, including the names and email addresses of all Okta admins Except customers in our FedRAMP High and DoD IL4 environments. While this information cannot be used to directly access an Okta environment and With this more detailed information, we felt strongly that sharing this information will help our customers better protect themselves Against an increased risk of phishing and social engineering attacks. We have engaged a digital forensics firm to validate our findings and currently that they will complete their analysis in mid December. Once finalized, we will share the report with customers And publicly.

Speaker 1

Now let me address what Okta is doing to better protect ourselves from security threats. Over the years, we have dedicated significant resources securing our product environment. Given recent events, we recognize that we need to do more to improve the security architecture of our broader operations. That includes the applications we use, the hardware we deploy, and the vendors we work with. Over the past few weeks, we have taken several steps to further strengthen our security posture.

Speaker 1

We've initiated a hyper focused Security action plan by rallying the entire organization as well as engaging with 3rd party security firms to fortify our team's efforts. The stakes are high and we will do whatever it takes to protect our current and future customers. Bolstering our security environment is By far, the highest priority for Okta. The job of securing the Okta ecosystem will never be done. But during this hyper focused phase, no other project or even product development area is more important.

Speaker 1

In fact, The launch dates for the new products and features that we highlighted at Oktane last month will be pushed out approximately 90 days. The exception being Okta Privileged Access, which becomes generally available this week. Now turning to our Q3 results. Top line metrics were strong. We continue to experience particular strength with large customers.

Speaker 1

Similar to the past few quarters, our fastest growing cohort was customers with $1,000,000 plus ACV With growth of over 40%. It was also a strong quarter for new and upsells across our public sector vertical. We also produced record non GAAP operating profit and record free cash flow in the quarter as we continue to demonstrate the leverage in our model. In other news, we're thrilled that John Addison, who has been our interim CRO since the start of this fiscal year, has been appointed to the permanent position. With John's appointment as CRO and our continued confidence in the go to market leadership team, we have closed the search For President of Worldwide Field Operations.

Speaker 1

Okta is driven by our vision to free everyone to safely use any technology. The measures we're taking to increase the security of Okta and our ecosystem gives us confidence in our ability to move forward. We will come out of this even stronger because Okta is the only modern platform for neutral and independent identity access management, governance, And now Privileged Access. Before turning it over to Brett, I want to thank our employees for their tireless efforts. I want to thank our customers and partners Who put their trust in Okta every day.

Speaker 1

I also thank everyone who supported us at Oktane last month, where we had over 4,000 people at the live event in San Francisco and over 19,000 viewing online. Now I'll turn it to Brett to walk you through more details of our financial results and forward outlook.

Speaker 2

Thanks Todd, and thank you everyone for joining us today. The actions we've taken over the past few quarters to drive efficiencies in our cost structure Continue to yield impressive results. I'll review our Q3 results and our outlook, but first I'll start with some commentary on the macro environment. Macro headwinds, while stabilized, continue to impact our business. Metrics that we use to gauge the macro environment such as contract duration, average deal size And pipeline mix were largely consistent with what we experienced in the first half of the year.

Speaker 2

Separately, we published the advisory regarding the recent incident on October 20, which was 11 days ago in the quarter. While business at the close of the quarter slowed somewhat, our overall financial performance in Q3 was strong. Turning to Q3 results. Total revenue growth for the Q3 was 21%, driven by a 22% increase in subscription revenue. Subscription revenue represented 97% of our total revenue.

Speaker 2

International revenue grew 20% and represented 21% of our total revenue. FX had a minor impact on total revenue growth, but was a 2 point headwind to international revenue growth. RPO or subscription backlog grew 8%. The general shortening of contract term lengths signed over the past several quarters has impacted total RPO growth. Our overall average term length remains just over two and a half years.

Speaker 2

Current RPO, which represents subscription backlog we to recognize as revenue over the next 12 months grew 16% to $1,830,000,000 Turning to retention, consistent with prior quarters, Gross retention rates remained strong in the mid-ninety percent range. Our dollar based net retention rate for the trailing 12 month period remained strong at 115% and was driven by both upsell and cross sell activities. Similar to the past Few quarters macro related pressure resulted in smaller seat expansions than in previous years. We believe this trend will persist in the current environment. The net retention rate may fluctuate from quarter to quarter as the mix of new business, renewals and upsells fluctuates.

Speaker 2

As I've noted previously, we've experienced A macro related shift in our business mix to more upsell and cross sell versus new business. Before turning to expense items and profitability, I'll point I'll be discussing non GAAP results unless otherwise noted. Looking at operating expenses. Total operating expenses for the quarter We're lower than expected. The better than expected profitability is due to the combination of revenue over performance and our continued focus on spend efficiency measures.

Speaker 2

Total headcount at the end of Q3 slightly increased sequentially to approximately 5,900. Q3 free cash flow was a record $150,000,000 yielding a free cash flow margin of 26%. Free cash flow was significantly better than expected, driven by billings and strong collections. During the Q3, we opportunistically repurchased $150,000,000 of our 2026 Convertible debt notes. This resulted in an $18,000,000 GAAP only gain.

Speaker 2

Over the past three quarters, we've repurchased $900,000,000 of debt resulting in a $91,000,000 GAAP only gain. We will continue to regularly our capital structure and capital allocation priorities. Our balance sheet remains strong anchored by $2,130,000,000 in cash, Cash equivalents and short term investments. Our cash, cash equivalents and short term investments position net of remaining convertible debt is $820,000,000 Now let's turn to our business outlook for Q4 FY24 and a preliminary look at FY 2025. As always, we take a prudent approach to forward guidance.

Speaker 2

We are factoring in a stable but still challenging macro environment. We're also factoring in the recent security incident. For the Q4 of FY24, we expect total revenue of $585,000,000 to $587,000,000 representing growth of 15%. Current RPO of $1,875,000,000 to $1,880,000,000 representing growth of 11% to 12%. Non GAAP operating income of $102,000,000 to $104,000,000 which yields a non GAAP operating margin of 17% to 18% And non GAAP diluted net income per share of $0.50 to $0.51 assuming diluted weighted average shares outstanding of 180,000,000.

Speaker 2

For FY 'twenty four, we are raising our revenue outlook by $30,000,000 at the high end of the range. We now expect revenue of $2,243,000,000 to $2,245,000,000 representing growth of 21%. We are raising our outlook for non GAAP Operating income by $65,000,000 at the high end to $283,000,000 to $285,000,000 which yields a non GAAP operating margin of 13%. Non GAAP diluted net income per share is raised to $1.47 to 1 $0.48 Assuming diluted weighted average shares outstanding of 179,000,000. And we are raising our free cash flow margin outlook for FY 'twenty 4 to 19% From 15% previously.

Speaker 2

On a dollar basis, that's a raise of over $90,000,000 and sets us up to close the year achieving the rule of 40. While we are still in the early phases of financial planning, we would like to provide a preliminary view of FY 'twenty five. I'll reiterate We are prudently factoring in a stable but challenging macro environment as well as potential impacts from the recent security incident. We continue to focus on expense control and estimated non GAAP operating margin of approximately 17%. We're also targeting free cash flow margin to be at least 19%.

Speaker 2

From a revenue perspective, We estimate total revenue to be in the range of $2,460,000,000 to $2,470,000,000 OR growth of approximately 10%. We are applying a static 26% non GAAP effective tax rate for FY 'twenty four and FY 'twenty five. To wrap things up, we are confident that we've set the path of profitable growth for years to come. We continue to focus on initiatives to drive the top line while making significant progress to drive improvements to our operating and cash flow margins. With that, I'll turn it back over to Dave for Q and A.

Speaker 2

Dave?

Operator

Thanks, Brett. I see that there are quite a few hands raised already, so I'll take them in order. And in the interest of time, please limit yourself to one question so that we can get to everyone And then we'll you're welcome to queue back up for additional questions. And with that, we'll go to Brian Essex at JPMorgan.

Speaker 3

Great. Thank you. And thanks for taking my question. I guess I'll start off with the easy one and that's the preliminary fiscal 'twenty five outlook. And I just want to ask in the context of, I guess, taking into consideration 2 issues in particular.

Speaker 3

One would be the impact, as you guys Alluded to of the most recent breach on your pipeline, close rates, customer relationships. And the other would be, I guess the need for you to improve your relationship with Channel partners in order to drive better growth. So with regard to that preliminary outlook, how should we think about assumptions baked into that outlook, Particularly as it relates to traction or churn with customers and contribution from partners considering these issues and we're in the spectrum of guidance being

Speaker 1

Hey, Brian, thanks for the question and thanks for jumping on the release This morning early before the market, that's a little bit atypical, given the situations of the customer advisory, but we appreciate you covering it and everyone else that covered it as well. We know it's extra something you weren't planning for us. We appreciate it. I'll comment just on the business strategy behind the guidance. First of all, I think that might be helpful.

Speaker 1

The we have, it's very important and it's very clear to everyone at Okta that security is the top priority. We've prioritized security at some level over the years and, it's been balanced with other priorities, growth, new product development and Various things to run the business and those efforts, I'm simplifying a little bit, but often have gone into product security, infrastructure, Making sure that was very, very solid. And we know now that we that's not good enough. We have to do more. We know that Okta is, you know, one of the most targeted companies in the world because of the leadership position we have in this important market of identity Management and that makes us, you know, along with other cybersecurity companies, extremely targeted and relentlessly attacked.

Speaker 1

And we have to raise our game to be able to defend ourselves and our customers against those attack. So we're really upping the level of Priority and it's very clear to everyone at Okta that for the end of this year and going into next year that the number one priority is

Speaker 4

[SPEAKER UNIDENTIFIED COMPANY REPRESENTATIVE:] Securing Okta and securing our

Speaker 1

customers full stop. And everything else is prioritized after that. And the second most, you know, the number 2 priority is After security is growth and profitable growth, profitably growing the business. And I think you see that reflected in the business strategy in terms of The direction we're giving teams that we have a 90 day all hands on deck in terms of focusing on bottoms up ideas and security efforts across the company, getting help from outside industry experts, tops down to bolster our own experts. We've done this in various degrees over the years, but we're Really aggressively doing more of this to get all the best minds and best input on these opportunities and problems for us.

Speaker 1

We're making sure that it's not just A 1 year or 1 quarter change, it's really a continued accelerated evolution of our cultural change to really being Having the culture of 1 of the most secure companies in the world. Remember, Okta started as a it was our focus was enabling technology And making it easy to adopt the cloud. It wasn't necessarily started 15 years ago as a cyber company. Now that changed a few years into the company. And it's very clear to us Now that and has been for the last few years that the bar is the most secure company in the world, full stop.

Speaker 1

And so that's the number one priority and that's what we're focused on. And then part of that, of course, is kind of the last pillar that we're really focused on now, which is making sure the products themselves, as customers use them, The actual security use cases on those products are prioritized incredibly highly. A great example of that is making sure that When we think about managing access to privileged resources, we with our new Privileged Access Management product, making sure we Prioritize and make it work great with our own Okta administration console because attackers are going after that because that's such a valuable target. So It's a wholesale clear communication to customers and to employees and to partners and investors that security is the top priority And we will stop at nothing to make sure we become one of the most secure companies in the world because it's kind of clear to everyone that we're short of where we need to be now and we will fix that.

Speaker 2

And I'll just add a couple of comments there, Brian. Thanks for one, nice to see you. Thanks for the question. But in terms of the guidance philosophy, Really no difference from what we've done before. I think we all know for years now we give this early look.

Speaker 2

It's a prudent look. We've got 5 quarters ago, we've got a big Q4 ahead of us. And so, we're factoring in 2 major factors, like I said a few minutes ago, which is Around the macro and then also around the security incident and making sure we're being prudent about the guidance at this point given how far out we are from the end of FY 'twenty five.

Speaker 1

On the question to Brian about the channel partners. I think that's I would say that's Continued thread and a continuation of what we've been doing this year with our enhanced partner program and clarifying The partners we're working with and investing on the ones that are really moving the needles, the things you've heard us talk about in previous calls, that's ongoing thing and we're continuing to execute on that and seeing benefits from that in the business.

Speaker 3

Do you have the pipeline internally to hit that number without incremental improvement in partner contribution How confident you are that we're very

Speaker 1

happy with where the pipeline is.

Speaker 2

Yes, we're confident in what we've given you guys today. Like I said, no change in the guidance philosophy.

Speaker 3

Thank you.

Operator

No problem. Let's go to Rob Owens at Piper.

Speaker 5

Great. Thanks for taking my question. I appreciate the transparency and disclosure around the breach and realizing these things can take on a life of their own as time passes. But I was curious more so what you're doing for customers to assuage concerns around the breach itself aside from pushing out some launch dates here and any proactive steps that you're taking to help future retention? Thanks.

Speaker 4

Yeah.

Speaker 1

I've been, I've had many, many conversations with customers over the last few weeks, as you can imagine. And The reactions vary. Some are from thanks for the update. We appreciate the communication. To the other extreme, which is a lot of frustration and concern, The common thread or the common theme is that we're incredibly important to our customers and they're relying on us for their Critical infrastructure of their customer identity or their workforce identity, so it really matters.

Speaker 1

And the first thing they want to know is that, Do we know how important this is? And are we taking these things seriously? Do we have the right plan in place to react to these things and get better going forward? And when I talk to them, the themes that resonate are really, you know, clear priority, Comprehensive look at all the threats and all the opportunities across product and infrastructure, making sure the Cultural tone from the top is set appropriately, and I can do that in a way no one else in the company can do. So I'm very clear about that.

Speaker 1

And then the last thing I talked about before is how the Products can help them be more secure because this all is about the foundation for their security. And once that foundation is solid, then they can use our products to be, you know, to further enhance their own security. So I think to your specific question about what we're doing specifically, I think it's Part of it is being open and transparent. One of the reasons why we thought this most recent disclosure, the one we did yesterday and then publicly this morning, Is that when we talk to customers, the number one thing they want is transparency. And they want to know as soon as possible What is the risk increase?

Speaker 1

What are the threats? And our commitment as on our journey to be one of the most secure companies in the world is to make sure we fulfill that commitment and make sure we're Open and transparent and disclose all the information we have. So, I know it seems a little strange right now, but In some ways, what we did yesterday and today are executing on this plan and this commitment we've made to them. And then I think there's many more things we can do in terms of just making sure customers understand what happened and what we're doing about it. And you'll see us do more about these things toward these communication efforts going forward.

Speaker 1

But at the end of the day, I was talking to I have a I was talking one of my conversations was with a CECL of a large manufacturing company that's been heavily adopted on Okta. And he and this is common to how these things go. He said, you know, Todd, this you are the position you are in the ecosystem industry, you are One of the most attacked and focused on from an adversarial perspective companies in the world. And we know that if you take this As you're saying you do, and you have these plans and these priorities in place to improve your make sure you're one of the most secure companies in the world. That's going to be more than enough for what we need because you're going to be attacked way more than we ever will.

Speaker 1

And so I think they see it as Once we communicate the details and once they can understand our plans and our priority and our focus, they come away with more comfort. But again, at the end of the day, what they really want is no issues like this and that's ultimately our goal to try to prevent these whenever possible.

Speaker 5

Thanks for the color, Todd.

Operator

Let's go to Adam Tindle at Raymond James.

Speaker 6

Thanks, Dave. Hey, Todd. I wanted to ask a little bit more about the renewal process in light of the security incident. Brett mentioned that contract duration continues to shorten. So The thought would be the renewal process is likely happening more frequently moving forward.

Speaker 6

I wonder what kind of processes you have in place to retain customers And any ideas that John brings to the CRO role to this process. And Brett, if you could just touch on the assumptions on gross retention and NRR Embedded, I know you're factoring in the security incident, but I would imagine that's where it's going to hit most. So that would be really helpful to understand what the assumptions embedded are. Thanks.

Speaker 1

The renewals process and the execution of that is something where it's a very mature part of our company And we're very good at it. I think it leads to our as we've talked about several times, the gross retention in the mid-90s, a healthy level. And it's so it's a strong muscle we have. Contract durations, as Brett mentioned, have been shortening. I think it's you know, they're still on average two and a half years.

Speaker 1

And The reason they're shortening is, you know, this started happening during some of the more economic slowdowns last year. You know, it's just I think across the board, people are not signing up for as much as they in terms of length of subscription as they wanted to. So I think that the renewals conversation will continue to be addressed effectively by our existing motion. We don't need Some kind of new motion or some new conversation. I think it comes down to making sure that the adoption of the product is high, which we're very good at getting our products adopted and making sure that The value is being delivered and that the price they're being charged for is fair.

Speaker 1

So there'll definitely be some as we just communicate to customers about Our prioritization of security and our focus on it and our execution across that plan, that will be funneled down to the renewals team as well. But I don't see any big changes to the Overall renewal motion because of this.

Speaker 2

Yes, I can also add on to that, Adam. Thank you for the question. So First on the contract duration, just to be clear, there's been a general shortening of contracts to what Todd was talking about, but part of the reason is actually the success we've had in public sector, which typically is only a 1 year So that business doing well is going to put a headwind on our contract duration. So I guess that's a good issue to have in terms of contract duration. So in terms of What we baked into the guidance for specifically NRR or net retention rate or gross retention rate in FY 'twenty five, We haven't gotten to that level of detail because given we're so early in the planning process, but what I would say is we do believe You know, both the macro puts a headwind on growth and also the security incident.

Speaker 2

And so where each of them comes through, I mean, macro, you know, we've talked about new business Seed expansions being impacted there. From the security incident perspective, we think growth is impacted. I can't give you exactly Is it more upsell or is it more gross retention in terms of FY 'twenty five? But what I can tell you is In terms of FY 'twenty four, like we've talked about in the past, we did expect that number to tick down. Net retention is going to tick down throughout the balance of this fiscal year.

Speaker 2

And, you know, we had a nice quarter in Q3, 115%, flat with Q2. 2. So we do still expect it to drop in Q4 based on those macro headwinds we've talked about with seed expansions. But that hopefully helps you with a little bit more detail on how we're thinking about FY 2025 as well as that net retention rate in the very near term next quarter.

Operator

And next go to Rudy Kessinger at D. A. Davidson.

Speaker 7

Great. Thanks for taking Question and appreciate the candor as it relates to the breach. Todd, at Oktane, it seemed pretty clear that you were hinting That you guys were close to hiring a new President of Worldwide Field Operations or Head of Sales. And today, I know you're closing that search. You're moving John into the permanent role.

Speaker 7

So I guess just a couple of clarifications. Did the breach impact your ability to land a new Head of Sales at all? And secondly, just understanding the current structure, is John going to be taking on both the Head of Sales and Revenue Officer roles or will you be remaining, I guess the Head of Sales for the time being.

Speaker 1

Yes. Thanks for asking for clarification on the previous question. I forgot to answer the part about John. The decision for the go to market structure was finalized before October 20th. So it was finalized in early October.

Speaker 1

So it had no nothing to do with the security incident. The I think there were Since the search started in January of this year, late January, the Timeline on it was we were going to make a decision to finalize things by October, and we hit our timeline. So We didn't want to have an interim structure going into planning for FY 2025. So the goal is to finish it by the end of October. We I can't remember exactly the order of operations in terms of when the final decision was made versus when I made those comments.

Speaker 1

But what I knew at the time for sure is that we were going to finalize one of our finalist candidates and John being one of those finalist candidates, we were going to finalize Soon, we'll be ready to roll on our original schedule, which was, like I said, to wrap it up in October. The decision came down to A few things. One is that the I think that John is I talked to dozens and dozens of candidates and interviewed and Looked everywhere and different levels of experience and backgrounds and every person I talked to, the person doing the job was outperforming them. John was doing a great job. I was with him in customer meetings around the world.

Speaker 1

I was more importantly talking about strategy going forward and Understanding his strategic vision and his familiarity with the market and areas around the world and with the product segments and the identity industry, and He would just really shine brightly. It's like the 9 month job interview. And it really they kind of made it hard for other candidates to compare. And I think so once I made the decision that he was the right guy to be the Chief Revenue Officer, I also made the decision that I really liked the current structure of business operations under Eugenio as the President of Business Operations Global Business Operations. The marketing function under one of our strongest operational executives, Eric Kelleher, And then John running sales and pre sales and partners reporting directly to me.

Speaker 1

So basically, the flatter organizational structure where I have direct the business operations, customer success or customer Chief Customer Officer, marketing and then Chief Revenue reporting directly to me was the best thing for us going forward. So there's only 2 decisions. It was who's the best Chief Revenue Officer in the world And then do we need that extra layer of a President? And the best thing for Okta for the future is to finish out the search for President and I have these talented, capable people in place to drive us forward.

Operator

Great. Let's go to Hamzah at Morgan Stanley.

Speaker 8

Hi. Thanks for taking my question. Todd, on a high level, could you speak to the switching costs of your products? And Based on your very early conversations, would you anticipate some customer churn as a result of this incident?

Speaker 1

I think the switching costs vary and it's one of the great things about both the customer identity products and The workforce identity products are that you can, they're very flexible. You can implement them very quickly and easily. And then you can also implement them in a way that's quite comprehensive and connected to everything and very complete and Cover every technology and every resource in the customer's environment. So the switching costs vary. I mean, there are companies that have a relatively light implementation and the switching costs are pretty low and then there are Costs are pretty low and then there are custom there are implementations that are very deep and broad and lots of, you know, custom integrations and so forth And the switching costs are higher.

Speaker 1

So I think it varies. I don't I think there's various reasons why people switch off. And I think It's pretty hard and it's always in the customers that are less likely adopted and have lower switching costs, which seems pretty obvious, but that's true. And I think that I think we're we've seen some people switching off for various reasons. Sometimes it's like we've said, our gross retention is mid-90s, but so that means by definition, there's some percentage that are switching off various reasons for doing that.

Speaker 1

And I think at the end of the day, it's going to be hard to directly ascribe it to one thing. So I think we're just trying to make customers successful and provide huge value in the products and our strategy of a converged platform on the workforce side and covering every identity use case with customer and workforce. And we have, I think, prudent assumptions in the forward Guide about what is baking in security incident or baking in macro. We're comfortable with that guidance and We're going to go out there and execute our plan and I think it's going to be in the long term, we're going to show a lot of success and deliver a lot of value to customers and that's drive success across the board.

Speaker 8

Thank you.

Operator

Go to Joe Gallo at Jefferies.

Speaker 9

Hey, guys. Thanks for the question. Impressive margin performance this quarter and guidance next year. Can you just further unpack the drivers of leverage there? And then just talk through whether that inhibits the growth algo at all?

Speaker 9

And then just maybe whether how you think about longer term growth? Do these margins kind of reflect a new reality of potentially lower long term sustainable growth? Thanks.

Speaker 2

Thanks, Joe. Nice to see you. So, in terms of the how we're achieving this, this is really something we've been working on For probably about 18 months at this point, if you remember last year we started this cost structure efficiency, whether it be from Moving headcount to lower cost regions or rationalizing software or rationalizing real estate, it's been a long time effort for us To be able to really set up this structure, to be able to deliver these types of margins, I'm really excited, that actually we can talk about Rule of 40 This year because that's how we look at the business and manage the business and, you know, kind of think about it from a, you know, the lens of growth versus profitability. But ultimately, all this hard work is allowing us to offer up and guide with confidence These margins that you see in the FY 'twenty five guidance, you know, 17% non GAAP operating margin, at least 19% free cash flow margin. And so that's a really good shift for us.

Speaker 2

We've set up that structure to be able to drive that efficiency, drive the leverage in the business. And as far as growth versus margin, we're always going to balance the 2 and ultimately look to balance the 2. So I can't give you anything beyond FY 'twenty five, but we're always going to manage the business through that lens of the rule of 40, something we're very proud of that we Feel we can achieve this year and we'll always target as we move forward into FY 'twenty five and beyond. It's something we really Pride ourselves on doing, overall.

Speaker 10

Thank you.

Operator

And next up, we're actually going to go to Madelyn Brooks at BofA. She got knocked out of the queue and putting her back in the spot here.

Speaker 11

Thanks so much, Dave. Appreciate it. And just appreciate the transparency of your remarks. I know people have said that, but just really want to emphasize that. So the question is, if I look at what happened this quarter, my quick math implies that roughly 99% of net new CRPO came from the existing It's a 2 parter across peers as numbers begin to kind of turn positive again with contributions from net new customers increasing post macro.

Speaker 11

So the first part is, why do you think the trend in your numbers is different than other cyber peers? And the second part is, is there any concern that heading into next year, The existing customer base will already be saturated, leaving less room for upside, especially with this 90 day push out of new products and the potential headwind from the new bids, Given the recent security event.

Speaker 2

Sorry, Madeline, you broke up a little bit on me, but I think you were saying the mix on CRPO was related more to Upsell versus new business, is that correct?

Speaker 1

She said she calculated 90% of the CRPO came from existing. Yeah.

Speaker 2

Okay. Yeah. I Can't say that I have that number to hand, Madelyn, but what I will say is, as we've talked about in the past, You know, our mix of business has shifted more toward upsells. We believe that's related directly to the macro side of the house, you know, really putting pressure on new business. And so I think that's why you're seeing those numbers.

Speaker 2

I think we had a nice quarter from a new customer ads. Net Ads was up 400. You heard Todd talk about the $1,000,000 customers, greater 100 ks customers had a nice addition as well, an increase sequentially versus Q2. So we do see new business helping us out, but we do see a headwind there due to the Macro headwinds that although have stabilized still are a headwind to our growth in the business.

Speaker 1

Yes. And one thing I can add there, hopefully it's helpful, is the new products. We have with we have 3 Amazing products to sell our existing customers. I mean, some customers have customer identity, but we still have a lot of customers to sell customer identity to. And then we have many, many customers to sell Okta into governance too.

Speaker 1

That thing is just starting to roll. It's had some early success, but it's been GA a little over a year now, Starting to get a ton of traction. We had a couple of really important deals with the one I mentioned in my comments that we posted at the site was A global pharmaceutical company had a big OIG upsell and then the new GA of PAM. So I don't I think we have A ton of new products from the pipeline to sell our customers and that's what we're making sure we operationalize those newer products and And I think the 90 day delay on some of the new products Could potentially be impactful at some point, but we're not short of products for FY 2024 for sure sorry, FY 2025 for sure.

Speaker 11

Got it. Thanks so much.

Operator

Let's go to Eric Heath at KeyBanc.

Speaker 12

Hey, Dave. Thank you. So Todd, it's great to see PAM is getting rolled out this week. I guess kind of 2 parts to the PAM opportunity. So One, just what learnings can you draw from OIG to relay that into some similar early success into PAM, number 1?

Speaker 12

And then number 2, just Given PAM can be used to protect the customers' own Okta environment, is this something that you could potentially make available to customers at no extra Charge just as it relates to protecting their own Okta environment.

Speaker 1

I think there's, we're really excited about, Privilege Access. And I think The biggest, I think there's a couple lessons from OIG that are just, I would call them Independent of any product area. So just new product introductions across the board, things like best practices to when to enable broadly, when to enable different Segments of the market, like one of the learnings from OIG was that, you know, it's having much more success in larger enterprises than we expected. And so I think we'll roll that learning to Pam and we'll enable the larger enterprise sellers sooner than we did with OIG Because we anticipate that it could have the same phenomenon and exceed our expectations in larger enterprise. Another interesting phenomenon from OIG was that OIG has exceeded our expectations in, kind of call them brownfield environments where they already have an existing governance solution.

Speaker 1

So we'll bring those learnings to the PAM product as well. On the product direction, one area that is You know, through the early access phase and now that we move into GA, one of the learnings on the product directions is that Customers the product's main focus has been through the LEA limited or sorry, through the early access has been on Servers, so Linux and Windows servers, Kubernetes clusters, managing access to these things, these kind of infrastructure type resources. Customers find a lot of value in having us manage the privileged accounts in SaaS apps. So we're connected to Salesforce, we're connected to Workday, we're Connected to GitHub, manage the privileged accounts in there. So that's an exciting direction.

Speaker 1

As you mentioned, what is the one of the most critical privileged Account systems in the world, it's Okta Admin Console. So we're exploring ideas to better integrate that And that's going to be a big focus. And your idea about offering it for free to every Okta customer is a very interesting one. And This might be the first time ever I've taken product input on an earnings call, but I do take it.

Operator

Great. Next, let's go to Gray Powell at BTIG.

Speaker 13

Okay, great. Thanks for taking the questions. So, yes, I guess, kind of a modeling question here. Normally, I would expect sequential growth in CRPO In Q3, to be at a similar level to that of what you've seen in Q2, at least that's what you've seen the last couple of years. This year, you added $54,000,000 in net new CRPO.

Speaker 13

Last quarter, you added $71,000,000 So I know this is kind of rough, but like Is it safe to say that the main difference there was the breach happening with like 10 or 11 days left in the quarter and then customers just taking a pause? Or is there something else that I should be thinking of? And then the other part of the question would be, as we think of Q4 trends, like How much of a hangover is there? How much should we expect the lingering impact of the reach to be on conversations with customers?

Speaker 2

Yes. Thanks, Greg. So from a sequential perspective, I think I wouldn't do that math in terms of backing into the impact Associated with the incident, I would more think about renewals timing that can have a heavy impact on CRPO quarter to quarter. We feel we had a really nice quarter in terms of Q3 growing 16%, dollars 1,830,000,000 in current RPO. So I wouldn't read too much detail into that.

Speaker 2

In terms of Q4, all of it's baked in, all of what we think the potential impact is associated With the security incident that is in the guidance that we've given you here today, 11% to 12% and $1,880,000,000 at the top end of the range. So That's kind of how we think about things.

Operator

All right. Fair enough. Thank you. We'll go to Peter Weed at Bernstein.

Speaker 2

Thank you.

Speaker 14

It looks like the Change in your anticipated growth in quarter 4 came down relative to what you implied last quarter by almost 3 percentage points. And I think you've said that this is the impact of the outage. Is that experiential? In other words, like there are some things that you've already seen occur that are leading you to believe that you will Definitely see that. And is that turning up in customers that are kind of Showing that they're going to leave is that, you know, people are, you know, failing to upgrade, you know, at the pace that they have been Before is that it's harder to win new customers, so you anticipate you had a really nice quarter actually, getting new customers sequentially up.

Speaker 14

Do you anticipate that to take a dive? I'm trying to figure out like where that shows up kind of in the stack of where you would have Normally thought that kind of sequential growth quarter over quarter that seems to have been kind of eliminated as a result of the outage.

Speaker 10

You're not the audience.

Speaker 2

Yeah, the incident. So, you know, if you look at every quarter, Peter, there's always deals that push Quarter to quarter, it's just a natural part of our business. We saw an elevated level of that and we ascribe that That potentially could be related to the security incident. So we're taking that into our guidance when we think about Q4 and thinking about it from a prudent perspective, especially given how big the number can be in Q4 and setting the trajectory for fiscal year 'twenty five. So that's how we're thinking about things.

Speaker 14

So it's actually more just there are deals that stayed in the pipeline, but you just anticipate they may push out of this Quarter into the next quarter.

Speaker 2

Yeah. But we did see

Speaker 14

Already from Q3 into Q4, wouldn't that like give you deals that would be closing in this quarter that should plug some of that gap. So you'd have to really push out a lot of deals out of Q4 and to Q1 at that point.

Speaker 2

Yeah. And you're right. We actually have already seen some Those deals closed in Q4, which is a good sign, but we're being prudent given the environment out there today, given both the macro and the impact associated with the security incident. So we're just being thoughtful.

Speaker 4

Yes. I mean, if you think

Speaker 1

about the chronology of it, it's 11 days left in the quarter and then we're only Just a month into the Q4, so we in terms of the window to see the impact, we're a little bit limited on a window to see the impact. So I think that drives some of the Pragmatism in

Speaker 10

the guide. Yep. All right.

Operator

Let's go to Adam Borg at Stifel.

Speaker 15

Awesome. Thanks so much for the question. Maybe a bigger picture question here. So international is still about 20%, 21% of the mix. Just given the size of the company, just seems like there's a lot of international opportunity ahead.

Speaker 15

So just as you think about the channel investments When you think about the new CRO and CMO in place, what are the thoughts about kind of accelerating opportunity in the international theater to potentially help accelerate growth? Thanks.

Speaker 1

I think it's a big opportunity. I do think from a macro perspective in terms of the stabilized macro, but still a challenging macro, I think the Macro impact internationally has probably been more pronounced from my observation than in North America over the last year or so. We also have, in terms of the interim to permanent CRO with John, that also gives us the opportunity to backfill John as the and we have some candidates in the late stage pipeline for that. So that's more leadership stability internationally. Couple that with a great leadership team in Asia Pacific, which is performing well, you have a really good opportunity for Solid performance internationally, which is has to be an important part of our future.

Speaker 1

If you just look at the numbers, the market is Half the market is probably outside the U. S. Over time in terms of identity management, we're using rough numbers. And over the next 5 to 10 years, we're going to make sure we get that Higher than it is now in terms of a percentage of revenue.

Speaker 2

I'd also add just John being an international person himself like He brings that lens, right? And so we're really excited about that and the opportunity out in front of us. I agree with Todd, we've got a lot of opportunity internationally.

Speaker 15

Awesome. Thanks so much.

Operator

Next up is Matt Hedberg at RBC.

Speaker 6

Great. Todd, a product question. In your prepared remarks, you noted you're pleasantly surprised, I think, by the size of organizations Your identity governance product. I think a year ago, it probably would have surprised a lot of us. I think we would have thought maybe some of Traction would have been from smaller organizations or midsized organizations.

Speaker 6

So I guess maybe why the success of market do you think at this point? And then, Brad, when you think about The impact from governance in your 'twenty five outlook, I assume you're taking a very modest approach, but just thoughts on how you're thinking about that product next year?

Speaker 1

The, I just think that large organizations have it's, there's a lot of complexity and I think maybe we Underestimated the ability I think we looked at some of these larger organizations and what they were doing with the existing governance solutions, and we assume that they were These solutions are covering the SAPs, the Oracle apps, the legacy apps and assuming that they would also be covering all the cloud stuff and all the new stuff. I think that assumption is just proving to be maybe not as accurate as we thought. I think a lot of these legacy products aren't covering where the center of gravity is moving, which is Cloud centric application workloads and cloud infrastructure. And so the product is a better fit for these large companies than we thought. I think also just our overall the last, call it 5 or 6 quarters with when the macro environment changed, You're just seeing a more success for Okta in the bigger companies.

Speaker 1

So I think it's I think OIG has a Big future in mid enterprise and SMB. But I think that segment is just the slower segment right now. So we're not seeing the attaches with OIG There that we could over time. So I think it looks better because more people have the problem and are finding value from it in the large enterprise. And also Large enterprise is just doing so well with 40% growth in that cohort, both in ACV of those deals and in customer count of those deals in Q3.

Speaker 1

So I think attaching OIG to there's more opportunities to attach there relative to the entire business. So I think that's influencing the perception as well. [SPEAKER DANIEL MARTINEZ VALLE:] Yeah.

Speaker 2

And I would add, although we're very excited about the progress so far, Matt, I mean, yes, we are being modest with our expectations And the guidance we've given you here today, one thing that I know you guys have asked in the past is how much and we've told you, We keep telling you we're going to update you every time we get a new number, but that third of workforce spend being IGA continues to hold steady through the end of Q3. So that's the number we've given you in the past and it continues to be that. So the upsell associated with it is significant and we're very pleased with how things are going just like Todd said.

Operator

Great. Next up, Jonathan Ho, William Blair.

Speaker 4

Hi, good afternoon. With regards to the breach, can you give us a little bit more detail on maybe what's still left In the 3rd party validation and investigation, and how confident are you that this is going to be the last finding that comes out of this investigation? Thank you.

Speaker 1

Yeah, it's a great question, Jonathan. When I when my many, many conversations with customers, the this comes up like speed of disclosure and They want to know all the information as fast as possible and why does disclosure take time and what else is left to disclose, etcetera. So it is on everyone's mind, obviously. I think the general philosophy we're taking is that we're trying to disclose as much as we know as quickly as possible. I think a couple of weeks after the incident when we had our first We disclosed everything we knew at the time and we just kept looking like, you know, you're talking about the log files from our Support system were quite voluminous and the team went over them click by click, row by row, line by line, kind of took a first pass and looked at all the things they thought were incredibly sensitive and took a quick run of some of these reports and found that it wasn't much interesting data and then published the first RCA and remediation steps.

Speaker 1

And then, like a good Security company Wood kept looking and kept digging and made sure we had everything covered and found more. And we were more thorough about these reports and ran them completely and saw The data was there, made the decision to do a further disclosure based on risk of phishing like we've outlined. And so I think the way I characterize it is now Our internal team has gone over it many, many times and our internal investigation is done. Like, we don't think there's anything else productively we can look at. We've worked with the vendor and got supplemental logs.

Speaker 1

We've combed through it. We've done everything, you know, 3, 4, 5 times to check it. But we still want to make sure we cover all the bases. So we brought in this firm that started a couple of weeks ago and they're looking at I think we're doing it, obviously, to be very thorough and clear. I think it's a relatively low priority that they'll find anything additionally, but we'll have to wait and see in mid December when they're done with their analysis.

Operator

Okay. I'd like to welcome back Fatima Boolani from Citi.

Speaker 16

Thank you. I appreciate the question. Todd, you are very categorical about securing Okta. So your customers are secure as being the number one priority. So the question for you is, is that a people, process or technology or maybe all of the above conversation?

Speaker 16

And then maybe to Brett, it's not immediately apparent in your margin guidance that you're going to be taking and making these investments. So can you just sort of help us And kind of what envelope a lot of this up leveling and reinforcing of your internal security architecture, what shape or form is

Speaker 1

Yeah, it's a super insightful question, Fatima. And as you guessed, it's all of the above. And I think we The program internally is called Program Bedrock, Building the Bedrock Foundation. And it has 4 Pillars. I'll call them pillars.

Speaker 1

The first one is there's just bottoms up, Get all the ideas on the table of everything we know that the team thinks would be great ideas to make us the most secure company in the world. And like a good example of something from this pillar is, like this thing that we're advising customers to do with the latest notification around having MFA for all administrator accounts. That really should be required. There shouldn't be an option to not. Again, over the years, we, In some cases, made the choice for convenience and speed of implementation or frictionless adoption instead of security.

Speaker 1

But as we march toward being the most or one of the most secure companies in the world, that's going to change. So we have to make that required And got to work through that because there's a reason sometimes customers don't have MFA required. Maybe it's a service account. Maybe there's a specific workflow. But, you know, everyone, as we do this bottoms up effort, it's like a lot of good ideas on how we could make that better.

Speaker 1

And that whole bucket of bottoms up, we have a lot of Awesome, smart people on the team that have the time and space now to let those ideas come out. And they're going to, we're going to have time and space to implement them as well. So that's the bottoms up track. The second track is really call it tops down, which is, making sure from an internal security architecture perspective, Specifically in overall business operations and IT operations, as you know, inclusive of obviously product and infrastructure, but getting the top experts in the world and to give us their opinion on how we should be architecting this part of our security And there's people that do this for the most secure companies in the world. And we want to take those experts and combine them with our experts internally to make sure we have the best Security blueprint from an architectural perspective.

Speaker 1

So we have bottoms up, we have tops down. And then the 3rd pillar is really cultural. And that starts with me and the leadership team in setting this clear priority and setting the expectation that we are going to be the most, You know, our goal is to be one of the most secure companies in the world and we're going to prioritize that number 1. When you think about executing well, It can be pretty straightforward. You know, it's like you have to make sure you have a clear vision.

Speaker 1

We want to be one of the most secure companies in the world. We want it you got to set clear priority and get the right amount of resources on it. And that kind of sets up this cultural component to be successful. And then the last one is, I think I mentioned before is in the product, we have to make sure that The products themselves are beyond just being valuable and powerful for our customers. They have to be built in a way that ensures the security of our customers as well.

Speaker 1

And the best example for this is After the notification of this incident in October, we quickly implemented this feature which actually cryptographically binds an Administrator console session to a specific network. So this is the kind of thing that, you know, is very valuable for customers and keeps them secure. And as we think about it more and go through the entire product architecture and overview, there's many more of these things that can put us closer to being From a product perspective and products that protect our customers and their use of it and their deployments of it, the most security company in the world and that's the 4th pillar. So It's quite comprehensive. I think the 90 day focus gives everyone space and clarity to have no confusion about this being the priority.

Speaker 1

I think after 90 days, what you'll see is you'll obviously, these kind of efforts have they've been going on in some shape or form for many years, and they will continue after this 90 days. But right now, we just need this real clear alignment on, getting ourselves closer to that goal of being the most secure company in the world.

Speaker 16

I appreciate that. Thank you, Tom.

Speaker 2

And then for the second part of your question Fatima, it's really there's 2 things. 1, we're already investing a good amount in FY 'twenty four. So to step up in the margins, it's not like we're starting at 0. So we're investing a good amount right now. We're going to invest more in Q4.

Speaker 2

But this is one of the benefits of these structural efficiencies that we found and driven over the last 12 to 18 months. It allows us to Expand the non GAAP operating margin from 13% to 17% while also investing more into these critical areas like security. And so, We've invested a lot already, but we're going to invest even more in FY 'twenty five, but while also being able to balance it with the margin that you mentioned. So It's one of those benefits of us doing what we've been working so hard on for the last 12 to 18 months.

Speaker 16

Thank you, Brad.

Operator

No problem. Okay, we're going to try to get to a couple more. Let's go to Josh Tilton at Wolfe Research.

Speaker 17

Hey, guys. Can you hear me?

Speaker 1

Loud and clear, Josh.

Speaker 17

All right, great. I wanted to clarify a previous question. Does the guidance for Q4 Embed some conservatism around the recent incident because you are anticipating to see something or because you are already seeing an impact? And then just a follow-up is, Todd, you mentioned that you spoke to customers and they kind of understand why, as an identity provider, You guys are being targeted by hackers so much. Is that raising any questions from the customer base as to Whether or not it makes sense to go all in with all of your identity needs from one provider or given that you guys are the center of the security ecosystem and the number one target for hackers.

Speaker 17

Does it maybe make sense to diversify some of your identity risk across a different PAM vendor and a different governance provider?

Speaker 2

Hey, Josh. I'll take the first part. So anticipating is the answer, short answer since we're running out of time because we did see, Like I said earlier, an elevated amount of pushes or deal pushes from Q3 into Q4. And so we're just Anticipating that as we go through the quarter because as a reminder to everybody, we do not have a linear bookings quarter. It is very back end weighted.

Speaker 2

And so We're just taking into account what we saw at the end of Q3 and looking and making sure we Put that into our expectations for Q4.

Speaker 1

Yeah. And on the question on getting everything from 1 vendor versus Spreading out your risk with different vendors. I think it comes down to at the actual physical layer of how the products are implemented, how you mitigate that risk of Getting everything from 1 vendor. And then second thing is the product there has to be a lot of value in getting it from 1 vendor, like in terms of decreasing risk, You know, the operational simplicity, the power of how you can secure things because things are better integrated. So that's the equate.

Speaker 1

In fact, I was having this That conversation with a customer just a few days ago about the risks and reward of consolidated on 1 vendor versus the, you know, Spread things around, spread the risk perspective and I think that's the those are the variables in the equation that people think about.

Operator

Let's go to John DiFucci at Guggenheim.

Speaker 10

Thanks, Dave. So Todd, my question is a follow-up to Fatima's question. I got to remember to try to get ahead of her because she It's hard to follow her, but I thought that was a really good question. And thank you for all the detail you gave around that, the Program Bedrock. But in the end, still like how long is it going to take to get to, as you say, raise your game to get to a point of, I don't know.

Speaker 10

You're never going to be comfortable, but relative comfort when you can actually sit down with a customer and tell them that you're there. You're never quite there, But you're there. Don't, you know, listen, we worry about it every day. We don't want this to happen ever again. That's not to say it never will, but how long do you get to a point where you have that relative comfort

Speaker 6

through that?

Speaker 1

It's a super smart question. Super smart question. I, I think the, I would add color it this way. This has been something we've been very focused on for several years, particularly since lapses breach a couple of years ago. We've been very focused on it and actually made quite a bit of progress to make us feel comfortable about Our progress toward being one of the most secure companies in the world.

Speaker 1

I think the reason for the 90 day sprint and focus are, There is a calculation of I and the management team think that there are enough things that will Decrease the risk at a significant level. Not that the risk is incredibly high, but there's enough things that will decrease the risk At a significant level that we think it's worth a sprint here. But probably more importantly, John, it's kind of cultural. It's Execution requires clear priority and nothing makes the priority clear for everyone than a full focus in a 90 day sprint. So beyond the decrease in risk and getting us closer to this area, as you describe it, where we feel real comfortable As we progress toward being one of the most secure companies in the world, there is just a cultural tone setting thing, which I think is very important for customers and for investors and for Employees as

Speaker 10

well. So it's the 90 days and then just keep going. And by the way,

Speaker 1

I'm just going And it's not like we've never been focused on security Because we've absolutely had a huge focus on it. Like I said, very, very specific and mature in the areas of the product and the infrastructure. I think we're not as mature and we haven't had the comprehensive approach on the overall IT operations and overall company operations. But it's something we've been doing for a long time and we're going to have this sprint and then we'll keep doing it for a long time after because we have to be, you know, like I've said it many times, we have to be one of the And that's what they expect from us, and that's what we expect from ourselves as well.

Speaker 10

Thank you very much. And listen, I just have to add one last thing, something I never say. Actually, I think you guys did a good job. I mean, this quarter numbers look good and even given everything that's going on, I guess, nice job.

Speaker 1

Yeah, I appreciate it. A lot of hard work from the team.

Operator

Great. I know we're into overtime here. We're going to take Fred and then Srinik and we're going to have to cut it off at that point. But Fred Hefmeier from Macquarie, go ahead.

Speaker 18

Thank you. I think many good questions have been asked. So I think, Todd, what I'd like to ask is, As we from the outside are looking at what you were doing at Okta, what sort of concrete checkpoints might we expect To see to understand what progress you're making here towards improving your overall security posture, understanding also that no news is kind of good news with respect to data breaches. And secondly on that one, with the upcoming SEC disclosure timeframe requirements, do you feel that you have the reporting frameworks in place to comfortably meet all of those requirements?

Speaker 1

Yeah. And the second question, I feel really good about that. The disclosure frameworks and so forth, something we I think in some ways where The role we play in the industry and the tone and the transparency we're trying to set with customers, we have a lot of things in place That put us in good standing there in terms of our ability to execute on those disclosures. The first question you asked is, I think there's For we're we have a really good answer on the product visible things. We're going to be reporting those out, like as we would do product releases or Future capabilities, these, you know, like the two examples I mentioned are the network binding for session tokens and The required MFA, that's going to be published.

Speaker 1

And so you'll see the roadmap for those things and you'll see that thing published publicly into customers. I think the internal stuff, the, you know, the things that the team comes up with in terms of improving our operational security and Comprehensive look at the security and taking in outside experts. We have to think more about how to communicate that broadly to customers. I think it's just as important because not only is it just give customers confidence in how seriously and how aggressively we're taking this, but also it can help them learn because Every customer I talk to, they're thinking like, what can we learn from Okta? Because Okta is on this journey to be one of the most secure companies in the world.

Speaker 1

I can learn from that. So I think there's value in sharing that, not just from the trust perspective, but also from the learning and helping customers through that education.

Speaker 19

Thank you.

Operator

Okay. Last question to Srinik Kothari at Baird.

Speaker 19

Yeah. Thanks for taking my question and I appreciate the transparency, Todd and Brad. Just to follow-up on your point, Todd, on product security focus and customer security focus. In light of the recent, hack incident, I know the role of PAM is it seemed to be elevating and becoming Even more kind of broad based. So great to see that you guys are focused on PAM.

Speaker 19

As you said, the only product is GA is on track versus Other product features may be relatively deprioritized. Can you can you elaborate how are you positioning PAM in your customer conversations? More importantly, how are customers responding? And how's the customer feedback evolving given who's this hack incident? On one hand, of course, everybody knows spam is Going to be a key piece of puzzle in this threat landscape.

Speaker 19

While the the the incident perhaps leading to customer perception of of perhaps not adequate implementation of core PAM solution within your internal environments on the other hand. So if you can provide your thoughts there,

Speaker 1

Yeah. No, it's a good I think every specific incident is different. And Pam and the definition of Pam So I won't comment specifically on this recent incident and what our PAM product does or doesn't do. But Broadly speaking, what you're saying is right. All of these attacks, whether it's or highlighting the need for very strong phishing resistant access management, Identity Governance and then Privileged Access Management and Control.

Speaker 1

And I think the reception that we've seen with Basically, it's very simple. Our position is very simple. It's like, you're using Okta to manage the user lifecycle and the access For many business applications, you should use the same engine and the same access control for your privileged servers and containers. And As I mentioned earlier, in a future release coming relatively quickly for your SaaS applications and for the Okta admin console itself. So that's the pitch.

Speaker 1

And what customers like is that they get this, you know, comprehensive integrated workflow across all of the access points they're trying to secure, whether that's Servers, apps, business applications, different kinds of applications. And that's what resonates. And then they can report that back to their auditor and they get Complete visibility from a governance risk and compliance assessment, and that's the value prop for them. So It is the market we serve and the opportunity for our products is only getting bigger and bigger and the threat landscape Part of that, there's many other drivers of the market size we're going after. And it's one of the reasons why we're so optimistic and bullish about the long term future, Given all the work and focus we're putting into the products and the company and the team, it's a there's some bright and sunny future ahead of us and we're excited about it.

Speaker 10

Got it.

Speaker 19

Thanks a lot, Tom.

Operator

Okay. Thanks, everybody. That's it for today's meeting. You have any follow-up questions, you can email us at investorokta.com. Thanks.

Remove Ads
Powered by Quartr
Earnings Conference Call
Okta Q3 2024
00:00 / 00:00
Remove Ads