Okta, Inc. (NASDAQ:OKTA) Q2 2026 Earnings Conference Call August 26, 2025 5:00 PM ET
Company Participants
Brett Tighe - Chief Financial Officer
Dave Gennarelli - Senior Vice President of Investor Relations
Eric Kelleher - President & COO
Todd McKinnon - Co-Founder, Chairman & CEO
Conference Call Participants
Adam Charles Borg - Stifel, Nicolaus & Company, Incorporated, Research Division
Andrew James Nowinski - Wells Fargo Securities, LLC, Research Division
Annick Jana Baumann - Jefferies LLC, Research Division
Brad Alan Zelnick - Deutsche Bank AG, Research Division
Brian Lee Essex - JPMorgan Chase & Co, Research Division
Eric Michael Heath - KeyBanc Capital Markets Inc., Research Division
Gabriela Borges - Goldman Sachs Group, Inc., Research Division
Gregg Steven Moskowitz - Mizuho Securities USA LLC, Research Division
John Stephen DiFucci - Guggenheim Securities, LLC, Research Division
Jonathan Blake Ruykhaver - Cantor Fitzgerald & Co., Research Division
Joshua Alexander Tilton - Wolfe Research, LLC
Matthew George Hedberg - RBC Capital Markets, Research Division
Michael Joseph Cikos - Needham & Company, LLC, Research Division
Robbie David Owens - Piper Sandler & Co., Research Division
Shrenik Kothari - Robert W. Baird & Co. Incorporated, Research Division
Dave Gennarelli
Hi, everyone. Welcome to Okta Second Quarter Fiscal 2026 Earnings Webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. Presenting in today's meeting will be Todd McKinnon, our Chief Executive Officer and Co-Founder; and Brett Tighe, our Chief Financial Officer. Eric Kelleher, our President and Chief Operating Officer, will join the Q&A portion of the meeting.
At around the same time that the earnings press release hit the wire, we posted supplemental commentary to the IR website. Today's meeting will include forward-looking statements pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995, including, but not limited to, statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time to time, including the section titled Risk Factors in our previously filed Form 10-Q.
In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to, and not a substitute for or superior to, measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non- GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents are available in our earnings release. You can also find more detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our Investor Relations website.
In today's meeting, we will quote a number of numeric or growth changes as we discuss our financial performance. And unless otherwise noted, each such reference represents year-over-year comparison.
And now I'd like to turn the meeting over to Todd McKinnon. Todd?
Todd McKinnon
Thanks, Dave, and thank you, everyone, for joining us this afternoon. We are pleased to report solid Q2 results with continued strength with large customers, Auth0, new products, the public sector and cash flow. We are seeing encouraging signals from our newly specialized go-to-market teams, and we're excited to build on this progress as we enter the second half of the year. Brett will cover more of the Q2 financial highlights, and I'll cover product innovation, securing agentic AI and preview some of the innovations we'll be highlighting at Oktane next month.
Now let's get into our Q2 results. Consistent with the past 4 quarters, new products from Okta Identity Governance, Okta Privileged Access and Okta Device Access to Identity Security Posture Management, Identity Threat Protection with Okta AI and Fine Grained Authorization had another strong quarter of contribution.
Okta's Unified Identity Platform is delivering differentiated value to our customers. For example, a leading health care billing company chose Okta to rebuild and modernize its identity security practice from the ground up. They needed a single identity platform to unify workforce identity and scale with growth. Okta delivered OIG, OPA, ISPM, and ITP, supporting thousands of apps and integrations. By consolidating identity with Okta, this first-time buyer replaced a fragmented multi-vendor approach to implement a modern, scalable identity security practice in one decisive move.
In a move that we believe will further accelerate Okta Privileged Access growth, I'm delighted to announce that we've signed a definitive agreement to acquire Axiom Security, a modern PAM vendor. The team at Axiom built complementary technology that helps organizations eliminate standing privileges and secure critical infrastructure, including key features for securing both human and nonhuman identities. Once we close the acquisition, which we anticipate will be later this quarter, we will support Axiom's customer base while we work to integrate their technology into Okta Privileged Access. Combined, we'll be able to deliver superior security and compliance outcomes like unified control and just-in-time access to a wider set of resources for our customers.
Going forward, we believe every organization will need an identity security fabric, an architecture that enables them to fully secure every identity, including AI agents, every identity use case and every resource across their business. The Okta platform helps
organizations bring this identity security fabric to life. Take our approach to securing nonhuman identities, or NHIs. Okta's unified platform helps ensure they receive the same level of visibility, access control, governance and remediation as human identities. This includes the ability to detect and discover NHIs wherever they exist, provision and register them properly, authorize and protect them with appropriate policies and govern and monitor their behavior continuously. That's the power of an identity security fabric enabled with Okta's unparalleled breadth of modern identity security products. No other company can deliver that level of sophistication.
With our Auth0 platform, we're enabling developers to build agents that are secure by design and identity security fabric-ready from day 1. Auth0 for AI Agents, formerly known as Auth for GenAI, delivers user authentication that works seamlessly with AI workflows, token vaults that securely manage credentials, async authorization that lets agents work autonomously while maintaining user control and fine grained authorization that permits AI agents to only access authorized data.
We're in the middle of this exciting and rapidly changing environment. And with these 2 platforms, Okta is driving the industry to an architecture where identity is both more valuable and more secure. Securing AI is the next frontier, and our introduction of a new open standard called Cross App Access is a key part of the solution. This is an important innovation that helps control what AI agents can access, allowing us to help make our customers and ISVs more secure and providing better end-user experience. In short, Cross App Access allows for support of AI agents within the identity security fabric and the flexibility to safely connect to other technologies. Already, there is strong interest in Cross App Access from partners and ISVs, including AWS, Boomi, Box, Ryder and Zoom, and we had over 1,100 attendees at our Identity Summit on the topic earlier this month.
At our Oktane conference next month, we will share how we are enabling every organization to build, deploy and manage AI agents safely, securely and at scale. In addition to the keynotes and product demos, we will be hosting a Q&A session for analysts and investors at the event, featuring myself, Brett, Eric Kelleher, our COO; and Jon Addison, our COO. Come join us in Las Vegas or join us online for the AI security event of the year.
And finally, I know you're all interested in our views on the Palo Alto CyberArk announcement. Okta has pioneered the modern identity market. As platform companies enter the market, it underscores 2 very important things: identity's central role in security and the importance of Okta's independence and neutrality. To this day, we remain the only modern, comprehensive cloud-native solution built to secure every identity, from employees to customers, to nonhuman machine identities, to AI agents without locking customers in. So on the whole, we think the transaction further validates the importance of identity but won't meaningfully change the competitive landscape. That flexibility is why the world's largest organizations across the public and private sector trust Okta and why we're confident we're on the winning path.
To wrap things up, we're pleased with our Q2 results, and we're excited about the future with our growing portfolio of modern identity solutions and how Okta secures AI. As more and more customers turn to an identity security fabric to simplify, control and strengthen protection across their organizations, Okta is here to meet them with the most modern and comprehensive identity security platform in the market today.
As always, I want to thank the entire Okta team for their tireless effort and also thank our loyal customers and partners who put their trust in us every day. I look forward to seeing all of you at Oktane.
And now here's Brett to cover the financial commentary and talk about how we're positioned for long-term profitable growth.
Brett Tighe
Thanks, Todd, and thank you, everyone, for joining us today. My commentary will provide insights into our Q2 performance and then move into our outlook for Q3 and FY '26.
Last quarter, we introduced some conservatism in our business outlook with regard to uncertainty in the macro and our federal vertical. I'm pleased to say that neither materialized, and we're removing them from our outlook for the remainder of the fiscal year. While we're only 2 quarters into our go-to-market realignment, we're encouraged by the signals we're seeing, including improved sales productivity and record pipeline generation. This success echoes the long-term performance of our already specialized teams in areas like the U.S. SMB market and public sector. The positive signals from Q2 give us great confidence that our increased specialization will drive long-term growth for both Okta and our customers.
That's a nice segue into the strong Q2 performance we saw in our public sector business. While we did experience some contract restructuring with civilian agencies and delays in procurement processes, renewals across all of federal were strong, reflecting the mission-critical nature of our solutions. Okta continues to perform well with government organizations at all levels, highlighted this quarter by multiple new business and upsell deals with DoD and state agencies.
Overall, 5 of our top 10 deals in Q2 were with the U.S. public sector, including our biggest deal of the quarter, which was secured with a DoD agency. In that particular deal, the agency needed to replace its aging legacy log-on system while ensuring compliance with federal mandates on cybersecurity and Zero Trust. Working closely with our partners, the agency will be modernizing with Okta Customer Identity as a central component of their new access system. It's worth noting that about a year ago, we made the strategic decision to reinvest in Okta Customer Identity, and those efforts have led to substantial growth in the product. In the first half of FY '26, OCI bookings has really accelerated and was a strong contributor to pipeline generation driven by deals in both the public and private sectors.
Turning to capital allocation. We ended the quarter with a strong balance sheet consisting of approximately $2.9 billion in cash, cash equivalents and short-term investments. Next week, the 2025 convertible notes reach maturity, and we will settle the remaining principal amount of $510 million in cash. We regularly evaluate our capital structure and capital allocation priorities, which includes investing in the business, tuck-in M&A and opportunistic repurchasing of the 2026 notes, of which $350 million remains outstanding.
Now let's turn to our business outlook. For Q3 and FY '26, we continue to take a prudent approach to forward guidance that factors in our go-to-market specialization that was rolled out at the beginning of this fiscal year. For the third quarter of FY '26, we expect total revenue growth of 9% to 10%, current RPO growth of 10%, non-GAAP operating margin of 22% and free cash flow margin of approximately 21%. For the full year FY '26, we are raising our outlook and now expect total revenue growth of 10% to 11%, non- GAAP operating margin of 25% to 26% and a free cash flow margin of approximately 28%.
To wrap things up, we're pleased with the solid Q2 results. We've significantly increased our profitability and cash flow over the past couple of years and remain focused on accelerating growth. We're excited about the adoption of new products and the rapid pace of innovation, and we remain confident that Okta's independence and neutrality positions us best to lead the identity industry. With that, I'll turn it back to Dave for Q&A. Dave?
Question-and-Answer Session
Dave Gennarelli
Thanks, Brett. I see that there's already quite a few hands raised, and I'll take them in order until the top of the hour. [Operator Instructions]
So with that, we'll get started with Brad Zelnick. Brad?
Brad Alan Zelnick
Great. Congrats guys on a strong Q2. My question for you, Brett, great to see the NRR stabilize. I know in the past, you talked about downsell pressures subsiding into the back half of this year. And I just wanted to understand what other indicators might you look at as inputs into your guidance and the macro caveat that you've now removed this quarter. And does that still hold that, as we proceed from here, we feel good that NRR should effectively have bottomed?
Todd McKinnon
Brad, before Brett jumps in, maybe I could just make a high-level comment. I think on the quarter, we're very pleased with the execution. I think it was solid execution. And then looking forward, I think we're very excited about the strategy. Our strategy is to be the one-stop shop for identity. That's what customers want. They want fewer identity vendors. Some of these -- I work with one of the largest high-tech companies in the world, and they're replacing 50 identity vendors with Okta. So customers want to consolidate, they want a single identity partner, and then they want to do it in a way that covers all of these different use cases. And you'll hear different variants of this across the call. But I think that's really what makes us so excited about the future and that our strategy is really working along with solid execution.
Brett Tighe
And Brad, you broke up for a second in the middle of your question. So you were asking around NRR and how it's trending, but you also said something around macro. Can you just clarify what you're saying?
Brad Alan Zelnick
Well, maybe incorrectly, but I think of those concepts going hand in hand. And in the past, you've talked about downsell pressure alleviating come the back half of this year. We now see NRR having stabilized. I wanted to appreciate what other inputs you look to when you remove the macro caveat in your guidance going forward and if we can have confidence that, in fact, 106% is a level from which we can now re-expand.
Brett Tighe
Yes, absolutely. So I've said for a couple of quarters now, actually a few quarters now, around the NRR effects of the macro impacting that NRR. And I was saying the last few years, kind of the COVID cohort, I would say, not having as much of effect after the first half of FY '26, and we still believe that to be the case. In terms of what we expect it to be for the balance of the fiscal year, we still think similar to what I said before, which was plus or minus a little bit from here, just depending on mix of business, whether there's more new business or more upsell in the quarter. So that's how we think about the NRR side. In terms of macro effect on the rest of the guidance in the earnings remarks today, we've removed that because we clearly didn't see anything that was that differentiating in Q2. It seemed a lot more of the same from what we've seen over the last several quarters. And so that's what we think it's going to be for the balance of the fiscal year.
Dave Gennarelli
Next up is Matt Hedberg.
Matthew George Hedberg
I'll offer my congrats as well. Really solid execution, including the new product success. It's great to see. Todd, I had a question for you. When we look at the AI native cohort, are there any interesting adoption trends that you're seeing there in terms of what products they're taking, how they're using the platform? Any consolidation trends? And is there any thought of some of the early AI natives from a DIY perspective? Just sort of curious on how those folks are approaching your platform.
Todd McKinnon
It doesn't seem dramatically different than other cohorts in terms of the adopting workforce solutions or Auth0. It looks pretty much the same, except they're growing very fast. I guess that's a difference, especially, actually, the revenue metrics. It's growing very fast, and we think we're well positioned in that cohort. And I think similar to every company, they're trying to figure out how they can be secure internally as they're growing very fast. They know from a workforce identity and identity security perspective for their internal operations, they're sitting on a lot of very valuable data and definitely hackers want to attack them like they want to attack every important company. So they're really investing in identity security, and Okta helps them with that.
And then in terms of building their products and how they're connecting with their customers, they want to obviously connect on the web and mobile channels, but also they want to -- they're all building AI agents themselves. So that's one of the customer -- every enterprise is being really they have to make these choices about how many AI agents they buy, who they buy them from, and all of these AI native companies are working hard to fill that void along with Salesforce and Workday and more of the established companies. And what it means for customers that are on the enterprises that are trying to adopt these great new coding tools or these great new business automation processes or even the agent building platforms is they have to figure it all out in a way that has really high security implications. Like, everyone's heard this story of how big companies that are doing simple AI chatbots and then all of a sudden, confidential information is leaked because the AI chatbot leaked the wrong thing.
So big security implications, but at the same time, they see big business value, and they're not really sure which platform to invest in. So one of the things we're really focused on is trying to provide the right security for this agentic future but also, at the same time, give them choice and flexibility as every new AI company is trying to give them an agent platform and a capability to build these things and the established vendors, it's pretty complex for these companies to figure out. So we're trying to help them through it all. But it's an interesting time out there. I think it's a good time to be an identity company, and we're really excited about where this is all going.
Dave Gennarelli
Next, we'll go to Eric Heath.
Eric Michael Heath
Congrats, Todd and Brett. If I could ask one for Todd and one for Brett. I mean, Todd, you've always been very clear that identity should be its own independent stand-alone platform. But can you just elaborate a little bit more on the comment of why you think that's critical for identity to be independent? And then, Brett, if I could, just on a modeling question. Great, very exciting deal with the DoD, the expansion deal. Just how should we think about that as it relates to RPO and cRPO and think about in the model going forward?
Todd McKinnon
Yes. I think on the category of identity, back when -- a long time ago when I started Okta, it was like would it be important enough, could you build a big company around identity. And at the time, it was like identity was a part of another platform and people didn't think it could be a big company. So over 1.5 decades since, it's very clear it's super important now. So now this new question is like, should it be its own independent platform or should it be part of another platform. And as you mentioned, we have a very strong world view that it should be independent-neutral. And it's really 2 reasons. The first reason is that it's too fragmented and there's too many niche players and there's too many legacy platforms, and it's too complicated for big companies. So in that sense, it has to consolidate. It's too complicated. It's holding companies back.
I mentioned this, one of the biggest technology companies in the world were helping upgrade all of their disparate identity platforms from SailPoint to CyberArk to HashiCorp to Ping to ForgeRock, they're consolidating them all on Okta. And the reason they're doing
this is because 2 reasons: it's cost, it's expensive and it's operationally challenging to keep all this stuff running, a lot of them are legacy platforms running in their own data centers or Amazon; the second reason is that it's preventing them from adopting the future, it's preventing them from rolling out more agentic workflows, et cetera. So there's just the simple argument of cost and fragmentation. So now the second answer is like which -- and that could be true of any category. People want, in theory, fewer vendors and less operational costs for many categories, collaboration applications, security tools, et cetera, et cetera.
So why should your point of consolidation be identity? And our answer is simple. It's because, like I mentioned before, you can save a lot of money, a lot of time, a lot of energy. And secondly, it's the one thing you can consolidate on and still preserve choice across everything else. So if you are adopting Microsoft Identity, you are making a decision that your first choice and your preferred vendor for everything else is going to be Microsoft, which could work for some companies, but it's not going to work for most companies, especially large companies.
So that's the independence argument, and that's why we think when companies are -- and you see in the results, right, 13% cRPO growth and the success we're having across the board, what we're seeing is that customers are showing this preference, too. They want to consolidate. They want to pick the right points of consolidation. In our case, we're having the most products, the most modern products, the breadth of capabilities, the reliability, the security, it's resonating with them.
Brett Tighe
And then, Eric, to answer your question fairly simple, like many other public sector deals, the RPO value and the current RPO value are going to be the same because it's a 1-year deal. So that's just how it works with a lot of the public sector.
Dave Gennarelli
Okay. Next up, we're going to go to Brian Essex.
Brian Lee Essex
Great. And David, you said Eric Kelleher is on as well?
Dave Gennarelli
Yes.
Brian Lee Essex
All right. Awesome. So when we met intra-quarter, you gave us some great context of the evolution of the sales force, both the hunter- farmer model and the decision to specialize. Could you maybe bring us up to date in terms of where that sales -- where each of those kind of specialization or specialized sales forces have evolved to? And how does that drive confidence in your ability to execute through the remainder of the year, both from a productivity as well as plans for hiring going forward?
Eric Kelleher
Great question. Thanks, Brian. We feel very confident in where we are today. We said last quarter when we got together that we were very much on track for the expected impact and productivity impact of all the changes we made to specialize on the Okta platform and the Auth0 platform. And in Q2, our results were very strong as well. As you can see, it's a solid quarter, and they reflect increased productivity from a specialization standpoint. So we remain optimistic and confident that this works.
Again, this isn't the first time we've specialized, and Brett talked about this in his opening comments. So our first real investment in specialization was for our public sector business, and you've heard us talk for many quarters now about strength in public sector and how that's been performing. 18 months ago, we implemented a hunter-farmer specialization in the SMB space for North America. And we've seen that deliver. That group has had a very effective first half of this year. And so the change management and the change costs associated with that have really played out, and we're really pleased with the productivity for that group in the organization.
And our specialization for platforms is now our third major wave of specialization we feel good about as well. We saw productivity gains in Q2, which were in line with where we're hoping to get. And one of the metrics in our commentary, we generated an all- time high for pipe in Q2. And so that's partly attributed to the fact that we now have people specializing in our buyers, in our buyer personas. So we have people specialized in developer buyers and people specializing in IT and security buyers, and they're more effectively able to identify and qualify and prosecute leads and convert that into opportunity at the top of the funnel. So we're very pleased with progress so far.
Brett Tighe
Brian, I would just add one thing to what Eric said, which is around what he was saying around the pipeline by source. We saw a nice growth in the quarter for pipe being created by AEs themselves, right? And that really is attributed to the fact, like what Eric was just saying, they know the products better. And so if you allow them to specialize, they're going to know it better and you're going to see numbers like that. And so that's really a nice sign for us as an organization because really, it's one of those positive feedback points that we feel like things are working and headed in the right direction.
Brian Lee Essex
Right. And you've been focused on channel productivity as well. Has that also improved sequentially? Are you getting kind of momentum there?
Brett Tighe
Yes, absolutely. So 20 of the top 20 deals were all touched by a partner. And also from a pipe gen perspective, there was also very -- in terms of the source where it was coming from, the partners, that also had very nice growth in the quarter. So you add all that up and you get record pipe gen and nice results like we just had.
Brian Lee Essex
Good stuff. Congrats on the results.
Dave Gennarelli
Next up is Josh Tilton.
Joshua Alexander Tilton
Since I have Todd, I'm going to try and ask a nerdy tech question, although I preface it with I'm not 100% sure I understand what I'm asking. I think investors are kind of trying to understand which piece of the identity puzzle is going to benefit the most from AI. And it sounds like you're making an acquisition because there's some PAM pieces that are going to help you secure AI. But then if you dig into Cross App Access, it also looks like it's using tokens and protocols and stuff you use for SSO and MFA. So maybe like, what is your view of which piece of this puzzle is really best positioned to benefit from an AI future? And then just kind of more broadly, like, what is incremental to Cross App Access that you're getting from this acquisition you just announced?
Todd McKinnon
Yes. Josh, imagine how confused the buyers are in the market, like when they're trying to buy all this stuff. And that's what I -- and it's true, right? And so they're all very excited, as we all are, the technologists and business people and people that just observe the world, of what it could be possible with AI. But they're just inundated with this complexity of how you get the best products and what the right platform is and should you use Microsoft or should you use Google and should you use OpenAI, like, what's the right thing to build? What's the right thing to buy?
And our perspective is quite simple. It's that you have many problems today in your enterprise that are clear and present and you can get a lot of security benefit by addressing these problems. These are the problems that we talk about a lot. These are service accounts. These are machine identities. These are putting the right vaulting and governance workflows around all of these things. These are like
the bread and butter of our identity platform across Governance and Privileged Access and Identity Threat Protection with Okta AI and the bread and butter of what we're talking about. These are clear and present things today.
In addition to that, every company is going to make a huge investment in AI agents. And what that's going to do, first and foremost, is it's going to make that problem I just described 5x worse because every agent wants to connect to 10 service accounts and is going to have its own tokens. And so we are in this environment where people are very receptive to what we're saying because it's fundamentally understood that this is a problem they have today, and it's getting worse. The last week, I've had conversations with CIOs of massive companies that everyone's heard of that say, there's no way we're going to be able to do this AI stuff if we don't get our identity foundation in order. So that's clear and present.
Now in addition to that, I think there are investments we are making in innovation we're building that is going to even take it a step further, which is actually modeling the identity of an agent and giving more power to the customer to manage and secure these things because it's a native thing inside of Okta, which is also very exciting. But that's very early because the amount of companies that are actually playing with AI agents is 100%. The ones that are actually putting them in production at scale is very small. So the timing is right here to solve this problem they all have today, the surface accounts and token vaulting, et cetera. And then over time, be the system of record for the AI agents themselves, and give them choice and flexibility on if they want to use Salesforce or what they want to use Salesforce for, agents, or ServiceNow agents or build their own agents and give them the fundamentals across all of that, which are security, control and governance.
Now specific to your questions about Axiom, we're very excited about Axiom. But it's a little different. Axiom, first of all, these folks on this team are super talented, and they are deep, deep privileged access management experts. And one thing we're doing at Okta right now is we're on this mission to recruit across the entire company the best identity people in the world. And Axiom falls in that bucket. So we get some of the best PAM experts in the world to join our Privileged Access Management team, which is great. And they also have a technical capability around securing infrastructure connections to databases that is world-class and gives us an enhanced benefit there. But honestly, it's really about the team and having this great technology for sure, but it's these expert privileged access engineers and product people to join our PAM team, which is we're trying to build the world's best team across the board, and it's a great addition.
I know this is a long answer. I'll try to say one more thing. Cross App Access is an industry-wide effort. It's actually 3 years old. We've been working on this for 3 years. And it came out of Mike from Atlassian and Eric from Zoom and many other SaaS leaders wanted a way to standardize how when they sold their products into companies, how those products were then hooked up to everything else in the company. So Zoom wants to connect to your calendar, wants to connect to a note taking. Atlassian wants to connect to all of your other software development tools. So we invented this protocol and this concept and have published this open standard to solve a very important problem. How do you give your IT teams and your security teams visibility into all these application connections that happen between apps. Now guess what? That's a problem that's existed for a long time. And guess what's happening with AI. AI is supercharging this problem.
Now every agent gets what it wants to do. It wants to connect to 15 applications and guess what you need. You need an open protocol for all of those applications that are letting those agents connect, publish and share that information with the security team so they can have visibility and control and audit that. So that's why Cross App Access is so important. It lets the ecosystem form around this system of how agents can share their connection information in an open and transparent way.
Joshua Alexander Tilton
Actually very helpful. I appreciate the long response.
Todd McKinnon
Thanks for the question, Josh.
Dave Gennarelli
Let's go to Gregg Moskowitz.
Gregg Steven Moskowitz
All right. Terrific. Congratulations on a really good quarter. Brett, I'm wondering if there was any change in upsell or cross-sell rates among SMB customers or enterprise customers? And then I realize that it's still early days, but what are you seeing so far regarding demand for your new suites?
Brett Tighe
Yes. I'll let Eric talk about the suite side of the house. But from an overall upsell, cross-sell perspective, it was fairly similar to what we've seen in the last few quarters. You've heard us talk about for several quarters now, the pipeline being more weighted toward upsell and cross-sell as opposed to new business. That continues to be the case. And you see these bigger customers getting bigger as a result of that, right? That's why you see the greater than $100,000, having a nice add. You see the greater than $1 million. Almost $500,000, we're at $495 million, up 15% year-over-year. And so that upsell, cross-sell continues to work, especially, as you've heard Todd talk about, we keep adding all these new products into the mix, depending on which side of the business you're on and ultimately helping us across the board there.
Eric Kelleher
Yes. On the suites part of that question, and thanks, Gregg, for the question. We're pleased with what we're seeing with suites. Again, we introduced suites for the Okta platform a few months ago, and it was in response to demand from customers who have bought into Okta's vision of the Secure Identity Fabric. And these are companies that, as Todd mentioned earlier, are looking for an identity partner that they can work with to help them solve all of their identity use cases, whether that's threat protection or security posture management, access management, governance, privileged access. That is the Secure Identity Fabric vision that Okta is bringing to customers. And what we found is our customers want easier ways to engage with us to get the Secure Identity Fabric for themselves. And the suites are really designed to do that. So they bundle pieces of the Okta portfolio to help customers address the use cases that are most compelling for them right now, but also give them room for where they're going to grow on their road map as they go forward. So we're pleased with what we've seen. We're a few months in. So we're not breaking out numbers for Suites for that packaging specifically, but we're seeing the impact we expected.
Todd McKinnon
I think it's -- I'll just add real quick, just to give the group some really detailed color about what's going on. So we have a sales team now that's focused totally on selling the Okta products. And the opportunity there is big simply because we have to make sure the customer understands the breadth of what we have. It's much broader than it was just a couple of years ago. Just a couple of days ago, I was on a call with a big federal agency, and it's been a customer of Okta forever, but they really think of Okta as multifactor authentication and just login. And they had no idea we have a governance solution, we have identity threat protection, we have all these other products that can help them be secure across the board and consolidate vendors, et cetera, et cetera. And their eyes just lit up and the size of that deal potential just probably tripled or more. So it's really about getting this message out there that this is possible. We have the best solution, the most comprehensive solution, modern solution. There is a better way. And that's why these things like suites or specialization dovetail right into that strategy that's working.
Eric Kelleher
It's also a tieback to the conversation we've been having for a few quarters now around specialization. And one of the reasons specialization to us was the winning strategy is we've seen so much innovation on the product side of the business for both the Okta platform and the Auth0 platform. To Todd's point, our sales reps were having difficulty really articulating and evangelizing the full benefits of the entire portfolio, the entire Secure Identity Fabric to our customers. Specializing gives them more opportunity to get deeper.
So whether it's Identity Threat Protection or Identity Security Posture Management, Okta Identity Governance, Okta Privileged Access, Fine Grained Authorization, Highly Regulated Identity, all the products that have been coming out for both of these platforms and now Auth0 for Agentic AI, our specialists are better able to get into the specifics of these technologies for the specific use cases our customers are talking to us, and that's bringing us help. So the suites are helping with that from a design and purchase standpoint.
Dave Gennarelli
Okay. Next up, we have John DiFucci.
John Stephen DiFucci
There's a lot of good information coming out tonight, especially things like Cross App Access, and it just demonstrates your leadership position in the whole identity space, especially when you're able to contribute that to the whole ecosystem. But my question is for Brett, and it's a little more tactical, I think, because otherwise, I know I'm going to get -- we're all going to get this question all day tomorrow.
Brett, you said that the sort of, I forget your exact words, but excess conservatism around the U.S. Fed, which was strong and macro were no longer implied in your guide. So I guess I just want to make sure I understand what that means. Does it mean that we potentially won't see the same amount of beats going forward? You sort of alluded to that in the past. And along the same lines, how long do you think the go-to-market changes that happened in fiscal 1Q will present a potential headwind to your business momentum? Because that's still in the guide, right?
Brett Tighe
Absolutely. So yes, we did remove that layer of prudence for macro going forward. And the primary reason is it didn't come to fruition like we thought it was going to the last time we spoke probably about 90 days ago, John. So then, to answer your second part of your question is, yes, the go-to-market specialization is still baked in there. Although we're seeing positive signs and positive feedback from the field, we're still a couple of quarters in. And if you remember, when we first started talking to all of you about this, it takes time for these things to come to fruition and really hit their full stride. We talked about U.S. public sector. We've talked about U.S. SMB. It's taken a little -- it takes some time. You have to be methodical in your approach.
And then yes, to your point, John, yes, we are trying to shoot for closer to the pin than we have historically. We started trying to do that about 3, 4 quarters ago. Yes, I will admit that I was probably a bit a little wrong on the macro side, and we delivered a really nice beat this quarter. But if you look 90 days ago, the world was a little different. So I will take that charge. But yes, ultimately, we are trying to get a little closer to the pin than we have historically.
Dave Gennarelli
And next up, we have Shrenik Kothari.
Shrenik Kothari
Congrats on the great quarter. Just on the Cross App Access securing AI agent workflows, I know it's still early days to settle on any kind of pricing or monetization model to capitalize on this opportunity. Just if you can help expand on how you are viewing the monetization path for this. Is it going to be embedded in the existing tiers? You highlighted the initial traction from your good, better, best suite or something you see evolving to stand-alone. Just curious what are the earlier signs of feedback from like Zoom or AWS or all these customers trying to standard out in terms of downstream enterprise security spending and plans on this one?
Todd McKinnon
Yes. I would think of it this way. It's a really good question, and this is how I -- when we've talked about it and modeled it out, this is how we think about it. First of all, the Cross App Access is an open industry standard. And if you were able to -- we were able to talk last year around Oktane, we talked about this another new standard we've put out there and are working with all the identity companies on and a bunch of technology companies, it's called IPSIE. So these are 2 open standards we're pushing out there with the ecosystem. And the effect of both of these things for Okta is going to be basically identity providers are going to be more valuable tools to the customers. So they're going to have better control, fine-grained control, into resources, better policies, more value. So the whole identity market gets more valuable and bigger. And so that's the way to think about these open standards.
Now specifically on how Okta is going to monetize these 2 layers I've talked about. I talked about the clear and present issue today, which is service accounts, nonhuman identities. We monetize that through Okta Privileged Access and Identity Security Posture Management. So Identity Security Posture Management detects the nonhuman identities and the risks in a proactive way that's comprehensive across all platforms. And Okta Privileged Access and Okta Identity Governance can vault the credentials and rotate the credentials and have the right governance workflows. And Axiom, of course, is going to add capability to Okta Privileged Access
to have better support and more extensive support for database connection. So that's the monetization of the clear and present thing today. That's affecting the results today. We talked about new products contribute healthily to the bookings, and that's true today.
Now on top of that, in a world of AI agents, our belief is strong that you are going to manage AI agents with your identity system. And so that's how we're going to monetize that. You're going to -- when you put a bunch of AI agents inside Okta, that's going to be more valuable from an identity security perspective and we're going to be able to have -- we're going to be able to charge for that with our customers. So they're kind of separate things in 2 layers, but that's how we see the world unfolding.
But it all is kind of predicated on a vibrant, healthy growing AI agent ecosystem, which I think there's a lot of different thoughts on how that exactly play out, but who's the vendor going to be, who's the platform, SaaS vendors versus custom development, whatever. I think whatever happens, you're going to need to manage this stuff. And that's why we're inserting ourselves on that dimension, and that's why we're very excited about where this is all going.
Dave Gennarelli
Next, let's go to Adam Borg.
Adam Charles Borg
Awesome. Maybe for Eric on the go-to-market changes, and you did talk about this a few minutes ago in your answer to Brian, but where are we today with sales force productivity relative to historical levels? And I guess, what do you guys need to see in order to put more gas in the sales force new hiring process either in the back half of the year or ultimately as we head into fiscal '27?
Eric Kelleher
Yes, you bet. We talked about at the end of last year, based upon our first 2 rounds of specialization in public sector and hunter- farmer, I think it was in our Q4 results, we talked about how we hit a multiyear high for sales productivity. And then we were leaning into the specialization work and reorienting our sales capacity and our supporting teams in presales and post sales and also our marketing generation teams. As I mentioned earlier, we generated a record amount of pipeline for us in Q2. So specialization is definitely helping at the top of the funnel. We're pleased with that. And I think from a sales productivity standpoint, we saw gains in Q2 as well. So we're very much on track with what we expected out of this model and our guidance for the second half reflects that as well. But we're confident in the strategy of specializing on our buyers and our platforms.
Todd McKinnon
One thing I'll add there is that our year is, like a lot of enterprise companies, is back-end loaded. So in terms of that confidence and putting the investment level, cranking the investment in terms of go-to-market and growth acceleration, et cetera, et cetera, a strong Q3, a strong Q4 is worth more than a strong Q1 and a strong Q2. That's just the nature of the numbers and how they play out. And so as we go through the rest of the year, we're looking to build on the strength and get super confident exiting this year and going into next year.
Dave Gennarelli
Next question is from Mike Cikos.
Michael Joseph Cikos
I just wanted to cycle back on some of the different dimensions here for public sector. I know that you guys spoke about, hey, there was some restructuring standpoint for some of the civilian contracts. But first, is it fair to assume then the Q2 played out better than what you initially anticipated? And then secondly, with the removal of some of that conservatism we had previously introduced to the guide, are we now just operating in a more normalized buying environment? Or are you guys just executing better than planned? Any detail on the pub sector front from that standpoint would be beneficial.
Todd McKinnon
I was going to say like 3 months ago, there was a lot of uncertainty in public sector. You had massive government layoffs and you had a lot of people talking about a lot of dramatic changes. And I think in the quarter, what we saw is that there were some contracts that were paused or restructured. But what we also saw is that the overwhelming balance of the business was super positive and the impact on some of those government spending efforts didn't materialize in a negative way. So I think that's just a different -- we've gotten through some of that uncertainty, and it settled down a little bit. And what we're seeing is that the technology we provide is pretty critical and pretty strategic.
And by the way, the government, particularly the federal government has a huge need for it. They have legacy systems. Identity in the federal government often means some massive outsourced operation run by a big contractor. And this concept of a modern purpose- built identity security platform is just amazing for them. So I think the fundamentals are running out there in terms of -- and some of the short-term uncertainty, I think, was a little -- we overestimated that.
Brett Tighe
Yes. And you see that in some of the structures of the deal, Mike. So I talked about earlier, and Todd just said, some of the contract restructuring. What that would look like is, in some cases, we don't have as many users as we used to because I think we all know that there's been a few layoffs in the government. But then at the same time, there's an upsell that goes along with it for new products that they're not previously using. So we end up in a good place. It just maybe we don't get as much of an upsell because ultimately, there's less users on the other side because there's less employees in the federal government now. So that's what we mean by contract restructuring. It's actually not a bad thing. It's actually them being more ingrained with Okta, and we look at that as a positive Usually, more products you're on, the higher the renewal rates and the higher upsell rates we get over time.
Dave Gennarelli
Let's go to Andy Nowinski.
Andrew James Nowinski
Okay. Great. Nice quarter as well. Todd, I know Auth0 has been doing exceptionally well, and you have a great pipeline on Auth0 given all the new AI products coming out. But I want to ask a question maybe about your workforce ACV. We continue to hear how customers want to consolidate identity vendors and how they want workforce products like IGA and PAM and SSO all on a single platform, which you guys have. But my question is, why hasn't that sort of thirst for a complete platform had more of a positive impact on your workforce ACV growth, which has been decelerating over the last 12 months? Just wondering how you're thinking about sort of your bread-and-butter workforce ACV going forward.
Todd McKinnon
I think we're going to do better there. I think the market is big. I think the opportunity is substantial. And I think we're doing a better job of explaining to customers what we have and getting the message out and getting real proof points with customers live at scale. And by the way, that's one of the real strengths of our product suite, particularly in the identity governance space, our average customer is live with multiple resources in 30 days. And that's unheard of for a SailPoint implementation. It's legacy software. It's pretty heavyweight to deploy. It's hard to get successful with.
And as those stories get out there of proof points of customers getting live with multiple applications and bringing stuff into the management, bringing resources into the management framework, it starts to resonate. And I think that's one of the reasons why we specialize the sales force to be more effective there. It's one of the reasons why we're investing heavily in the R&D for these new products to make sure they are fully featured, particularly upmarket. That's why we're excited about the Axiom acquisition and many other efforts. And like I said before, we're building the best team in identity. So if anyone is world-class and wants to work on identity, they should come work for us.
Brett Tighe
Go ahead, Eric.
Eric Kelleher
Another thing I would add to that is, coming back to the overall vision of the Secure Identity Fabric we've talked about and how to consolidate use cases on the platform, Todd talked about one account he's working with one of the world's largest technology companies and consolidating 50 different identity systems on to Okta. From the CIOs and CISOs that I'm talking to the accounts that I work with, what I'm really hearing is that having such a disparate framework isn't just expensive, it also adds complexity, which adds fragility, which creates security holes.
And so part of the value in our customers' mind of consolidating use cases with a trusted identity provider is they can have confidence in how they administer the product, how they administer the platform and knowing that they can have secure identity across all of these use cases. So that's an added value and something that we've seen more and more from our customers as we've kind of seen the wave in industry ride from cloud enablement and how identity is necessary to help people move to the cloud into this phase of security and how we help companies secure identity. And now as we look forward to agentic AI, again, it's going to be even more important for our customers to make sure that they've got a partner that they can work with.
Dave Gennarelli
Okay. Next up, we'll go to Jonathan Ruykhaver.
Jonathan Blake Ruykhaver
So I think, Todd, this is probably for you. I'm curious if you would agree with the view that has been articulated by other industry participants that PAM capabilities can be delivered to all employees at a cost comparable to IAM. And I think when you look at the growing need for cloud native just-in-time ephemeral credentials to support agentic and machine identities, maybe help us understand, does Axiom potentially fit into that thesis that, yes, PAM can be deployed more broadly and cost effectively, both across human and nonhuman identities? What's your strategy along those lines?
Todd McKinnon
Yes. Every identity type, employees, partners, customers, every resource, so database, cloud infrastructure, servers, Kubernetes containers, every resource in machines, in the environment and then every use case, so privileged access workflows, identity governance, attestation reporting, core access management workflows around creating accounts and removing accounts, so that's what we're building. So it's comprehensive, it's complete. And I do agree, I do think that you want every employee to have a really locked-down secure identity experience. And that's why we have the world's leading authenticator, phishing-resistant authenticator called FastPass, which is employed by quite a significant number of our customers and has been over the last 5 years. It's why it's so important to have these different pieces together. So I think that's very important.
And I think one of the things that's also very important as I talk to customers, I was talking with a Chief Security Officer of a big beverage company just 2 weeks ago, and their whole thing was they want to make sure that their identity provider works with all of their security tools. So it's in divisions and companies they bought, they have SentinelOne. They have CrowdStrike. They have legacy technology for end point. They have Wiz. They have Zscaler. They have Palo Alto Networks. And his plea to me was he said, "Todd, I need to consolidate something. I can't consolidate all my security stuff. It's too disparate. But I can consolidate identity, but you have to make sure it connects to all this stuff and make sure it connects to Zscaler, make sure it connects to Palo Alto Networks, make sure it connects to Microsoft's network security." And I said that's what we do. We connect to everything. So I think that's the winning formula.
Dave Gennarelli
Next up is Rob Owens. Rob?
Robbie David Owens
Actually, it's exactly what I was going to ask. So I'll shift to a more Brett-focused RPO, cRPO question, I guess. Brett, if I look at the last couple of years just in the RPO acceleration that you guys have seen, number one. Number two, you've talked about constant duration as well. But over that same time, cRPO has been trending down. It's finding a bottom here. But at what point do we see a
better marriage, I guess, between prior RPO growth and forward cRPO growth? And maybe you can weave into that, just what you're seeing from a retention rate perspective, in terms of GRR.
Brett Tighe
Yes. So you're talking about last year, we saw RPO outpace cRPO, right? Is that what you're talking about?
Robbie David Owens
Yes. For a couple of years, you've seen that acceleration in RPO. And if it's constant duration, it feels like that should come through on the cRPO, but that's not in your guide. And I think a lot of us have looked for maybe some of those headwinds to abate here in the second half that have been holding down NRR potentially providing a lift to CRPO, especially as you're talking about your success with cross-selling and upselling.
Brett Tighe
Yes, absolutely. So when I've said the constant duration, I mean the duration of the amount in current RPO because you don't have a 12-month value in current RPO at all times. That's just how it works. In terms of duration of contracts that we're signing, if you remember, in FY '25, we went back to incenting the field on contract duration as part of their compensation plan. The prior couple of years, we hadn't done that. And you saw RPO go up in a big way because contract duration went up in a big way, right? If you look at this year, contract duration is still in their comp plan, right? And it's still a component that we pay them on. And so you're seeing more of a normalization.
We see contract duration actually, in the first half, slightly ticking up, but it's not going to have the effect like it did last year because it's coming off of a different base, if you will, Rob. So hopefully, that answers your question around current RPO and total RPO and the dynamics in between those because it's a simple sales comp model. That's all it really is.
Robbie David Owens
Any broader comments on GRR?
Brett Tighe
Yes, we continue to have that be a strong number for us. So it's been healthy. It's been one of those things that's a hallmark of this company that for years, it's been healthy, and it continues to be so, at least through the first half of FY '26. And we're looking forward to some solid results as we finish out the fiscal year.
Dave Gennarelli
We're coming up on the hour, but let's try to get questions in from Annick and Gabriela. Annick Baumann, go ahead.
Annick Jana Baumann
I'm on for Joe Gallo here. Brett, any verticals beyond federal because we've talked about that a lot or geos of strength or weakness to call out in 2Q? And then, Todd, can you just talk us through the key to unlocking the international market? It seems like an incredible opportunity relative to what you've built in the U.S. today.
Brett Tighe
Yes, I would say larger customers. So enterprise in general had a really nice quarter. So we're feeling solid about that. That's been actually pretty consistent for a while now. We've talked about bigger customers getting bigger, and that's why we see enterprise doing well. But I'll let Eric comment a little bit on that because I know it's near and dear to his heart on that topic.
Eric Kelleher
Yes. We continue to see strength in upmarket and large customers, I would agree with that focus. And we talked about updated stats on our customers above $100,000 and customers above $1 million in ACV spend, continue to be growing at high rates. And again, that reflects what we see as the industry trend of the importance of people investing in security. We look now at cyber events worldwide and over 80% of them start with some form of compromised identity. Our customers, CIOs and CISOs, are coming to us to help them build the partnership they need across our expanded product portfolio. So we continue to see great success there.
Todd McKinnon
And on the international question, we have a big opportunity in international. And our strategy there is really to invest in our top 10 countries and make sure we fully do everything we need to make those successful and get those to grow to their potential versus spreading ourselves too thinly. So we're going to continue to really prioritize our countries, our top 10 countries ruthlessly and invest to make those successful because we do think the opportunity is quite substantial.
Dave Gennarelli
Okay. Last question from Gabriela Borges.
Gabriela Borges
For Todd and for Eric, I want to explore this idea of security and identity and the convergence of it. Give us a little bit of an update on where you're seeing progress with the go-to-market, specifically with security buyers in the enterprise. And the reason I'm asking now is, Todd, you mentioned not expecting to see a change in the competitive landscape because of Palo Alto. Palo Alto is really good at driving some of these strategic conversations at the top of the house with CISOs. So maybe just an update on how you're progressing and please push back against.
Todd McKinnon
Yes. I think it's a question of the capabilities of the products you're offering. And I think where a security vendor is going to struggle is the breadth of identity types, first of all, and the breadth of use cases they can support across those identity types because we still see it's very influenced by security, but it's still more than a security conversation. A lot of the identity management products, particularly governance, they operationally help the companies in terms of being more efficient and passing compliance audits, et cetera.
I was talking to the Chief Information Officer of a global auto company just a couple of days ago, and she was talking about -- I was talking to her about cyber and she goes, "Yes, of course, identity is a cyber thing," but it's really about we want visibility into what people are using, so we know how much we spend on all these things. And we want to make sure we automate these workflows that are slowing people down. So while the security voice is very important, I think it's not still purely a security sell, which I think is a little bit different for some of these security companies. But I think ultimately, Gabriela, it kind of comes down to having the products, and you have to have a broad range of identity types and use cases and resources to really serve this concept that these customers want.
Dave Gennarelli
Okay. Well, apologies for not getting to all the questions today. It is the top of the hour. But before you go, I just want to let you know that in addition to hosting on-site and virtual bus tours this quarter, we'll be attending the Citi TMT Conference on September 3 in New York, the Goldman Sachs Conference on September 9 in San Francisco, the Piper Conference in Nashville on September 10 and the JPMorgan Software Conference on October 8 in Napa. So we hope to see you at one of those events. Thank you.
Eric Kelleher
Thanks, everyone.