What changed in Okta, Inc.'s 10-K — 2024 vs 2025
vs
Paragraph-level year-over-year comparison of Okta, Inc.'s 2024 and 2025 10-K annual filings, covering the Business, Risk Factors, Legal Proceedings, Cybersecurity, MD&A and Market Risk sections. Every new, removed and edited paragraph is highlighted side-by-side so you can see exactly what management changed in the 2025 report.
+537 added−594 removedSource: 10-K (2025-03-05) vs 10-K (2024-03-01)
Top changes in Okta, Inc.'s 2025 10-K
537 paragraphs added · 594 removed · 462 edited across 6 sections
- Item 1A. Risk Factors+283 / −349 · 244 edited
- Item 1. Business+119 / −116 · 100 edited
- Item 7. Management's Discussion & Analysis+97 / −91 · 85 edited
- Item 1C. Cybersecurity+27 / −26 · 22 edited
- Item 7A. Quantitative and Qualitative Disclosures About Market Risk+7 / −7 · 7 edited
Item 1. Business
Business — how the company describes what it does
100 edited+19 added−16 removed34 unchanged
Item 1. Business
Business — how the company describes what it does
100 edited+19 added−16 removed34 unchanged
2024 filing
2025 filing
Biggest changeAdditional Information The following filings are available through our investor relations website after we file them with the SEC: Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and our Proxy Statement for our annual meeting of stockholders. These filings are also available for download free of charge on our investor relations website.
Biggest changeOur Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and Proxy Statements for our annual meetings of stockholders, including any exhibits and amendments to these filings, are available, free of charge, on our investor relations website after we file or furnish them with the SEC, and they are available on the SEC's website at www.sec.gov.
Most of our product offerings can be used for both customer identity and for workforce identity use cases and we are continuously enhancing our product offerings and services. Our workforce identity product offerings are consumed through web and mobile interfaces and provide simple ways for IT organizations to manage identities for their employees, contractors and business partners.
Most of our product offerings can be used for both customer identity and workforce identity use cases, and we are continuously enhancing our product offerings and services. Our workforce identity product offerings are consumed through web and mobile interfaces and provide simple ways for IT organizations to manage identities for their employees, contractors and business partners.
For additional information regarding the cybersecurity risks that we face, see “ Risk Factors ” included under Part I, Item 1A of this Annual Report on Form 10-K. 10 Scalability and Uptime Our technical operations and engineering models are designed around the concept of an always-on, highly redundant and available platform that we seek to upgrade without customer disruption.
For additional information regarding the cybersecurity risks that we face, see “ Risk Factors ” included under Part I, Item 1A of this Annual Report on Form 10-K. Scalability and Uptime Our technical operations and engineering models are designed around the concept of an always-on, highly redundant and available platform that we seek to upgrade without customer disruption.
Designed to enable IT and security teams to move faster, more accurately and more cost effectively as they scale, Okta Workflows enables the building of identity-related business processes with minimal or no code, such as automating user onboarding and provisioning, creating just-in-time authorization for software development and IT processes, automating identity-centric security responses, and orchestrating customer data across backend systems.
Designed to enable IT and security teams to move faster, more accurately and more cost effectively as they scale, Okta Workflows enables the building of identity-related business processes with minimal or no code, such as automating user onboarding and provisioning, creating just-in-time authorization for software development and IT processes, automating identity-centric security responses, and orchestrating customer data across backend systems. • Okta Identity Governance .
Our product offerings and architecture were built entirely in and for the cloud with availability, resiliency and scalability at the center of the design. We have zero planned downtime, including during our maintenance windows. Okta's proprietary architecture includes redundant, active-active-active availability zones with cross-continental disaster recovery regions, real-time database replication and geo-distributed storage.
Our product offerings and architecture were built entirely in and for the cloud with availability, resiliency and scalability at the center of the design. We have zero planned downtime, including during our maintenance windows. Our proprietary architecture includes redundant, active-active-active availability zones with cross-continental disaster recovery regions, real-time database replication and geo-distributed storage.
In addition to market-competitive base pay, short-term bonus incentives and long-term equity incentives, our total rewards program offers comprehensive employee benefits that may vary by country/region, including an employee stock purchase plan, a 401(k) plan in the United States with company matching contributions, comprehensive medical, dental and vision insurance, life and disability insurance, health savings accounts, charitable donation matching, flexible time off, volunteer time off, gender-neutral paid parental leave, fertility and adoption support, family care resources, mobile and internet reimbursement, mental health and lifestyle support programs and a variety of other health and wellness resources.
In addition to market-competitive base pay, short-term bonus incentives and long-term equity 13 incentives, our total rewards program offers comprehensive employee benefits that may vary by country or region, including an employee stock purchase plan, a 401(k) plan in the United States with company matching contributions, comprehensive medical, dental and vision insurance, life and disability insurance, health savings accounts, charitable donation matching, flexible time off, volunteer time off, gender-neutral paid parental leave, fertility and adoption support, family care resources, mobile and internet reimbursement, mental health and lifestyle support programs, and a variety of other health and wellness resources.
However, certain of our competitors have substantial competitive advantages, such as significantly greater financial, technical, sales and marketing, distribution, customer support or other resources, longer operating histories, greater resources to make strategic acquisitions, and greater name recognition than we have. Our principal competitor is Microsoft.
However, certain of our 12 competitors have substantial competitive advantages, such as significantly greater financial, technical, sales and marketing, distribution, customer support or other resources, longer operating histories, greater resources to make strategic acquisitions, and greater name recognition than we have. Our principal competitor is Microsoft.
Our Universal Directory product offering also serves as a system of record to help our customers organize, customize and manage their users. Our Lifecycle Management product offering enables customers to manage users’ access privileges through their entire lifecycle with a no-code approach that improves administrative efficiency and productivity.
Our Universal Directory product offering also serves as a system of record to help our customers organize and manage their users. Our Lifecycle Management product offering enables customers to manage users’ access privileges through their entire lifecycle with a no-code approach that improves administrative efficiency and productivity.
Item 1. Business Overview Okta is the leading independent identity partner. Our vision is to free everyone to safely use any technology, and we believe identity is the key to making that happen. Our purpose is to bring simple and secure digital access to people and organizations everywhere.
Item 1. Business Overview Okta, Inc. is the leading independent identity partner. Our vision is to free everyone to safely use any technology, and we believe identity is the key to making that happen. Our purpose is to bring simple and secure digital access to people and organizations everywhere.
It offers adaptive, risk-based authentication that leverages data intelligence from across the Okta network of thousands of organizations as well as from our partner ecosystem. • API Access Management . API Access Management enables organizations to secure APIs as systems connect to each other.
It offers adaptive, risk-based authentication that leverages data intelligence from across the Okta Platform network of thousands of organizations as well as from our partner ecosystem. • API Access Management . API Access Management enables organizations to secure APIs as systems connect to each other.
The Okta platform and features are updated regularly, and along with continuous security testing, there are periodic security reviews that provide audited and verifiable security checkpoints to ensure the quality of our source code.
The Okta Platform and its features are updated regularly, and along with continuous security testing, there are periodic security reviews that provide audited and verifiable security checkpoints to ensure the quality of our source code.
Further corporate governance information, including our corporate governance guidelines and code of conduct, is also available on our investor relations website under the heading "Corporate Governance." Information contained on, or that can be accessed through, our websites is not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.
Further corporate governance information, including our corporate governance guidelines and code of conduct, is also available on our investor relations website under the heading "Responsibility and Governance." Information contained on, or that can be accessed through, our websites is not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only. 15
Due to the flexibility and breadth of our platform, we can and often do co-exist alongside our competitors’ products within our customer base. Principal competitive factors in our markets include flexibility, independence, product capabilities, total cost of ownership, time to value, scalability, user experience, number of pre-built integrations, customer satisfaction, global reach and ease of integration, management and use.
Due to the flexibility and breadth of our platforms, we can and often do co-exist alongside our competitors’ products within our customer base. Principal competitive factors in our markets include flexibility, independence, product capabilities, total cost of ownership, time to value, scalability, user experience, number of pre-built integrations, customer satisfaction, global reach and ease of integration, management and use.
We believe global demand for our product offerings will continue to be a long-term opportunity as organizations outside the United States fully embrace the transition to cloud computing, and larger international organizations take advantage of technology consolidation within their global locations. Increase Our Opportunities • Innovate and Extend Our Platform with New Products .
We believe global demand for our product offerings will continue to be a long-term opportunity as organizations outside the United States fully embrace the transition to cloud computing, and larger international organizations take advantage of technology consolidation within their global locations. Increase Our Opportunities • Innovate and Extend Our Platforms with New Products .
Access Gateway enables organizations to extend Workforce Identity Cloud, which is a cloud-native platform, from the cloud to their existing on-premises applications so that they can harness the benefits of Okta to manage all of their critical systems, whether in the cloud, on-premises or hybrid.
Access Gateway enables organizations to extend Okta Platform, which is a cloud-native platform, from the cloud to their existing on-premises applications so that they can harness the benefits of the platform to manage all of their critical systems, whether in the cloud, on-premises or hybrid.
Single Sign-On also enables built-in reporting and analytics that provide real-time search functionalities across users, devices, applications and the associated access and usage activity. • Adaptive Multi-Factor Authentication . Adaptive MFA is a comprehensive, but simple-to-use, product that provides an additional layer of security for an organization’s cloud, mobile and web applications and data.
Single Sign-On also enables built-in reporting and analytics that provide real-time search functionalities across users, devices, applications and the associated access and usage activity. • Adaptive MFA . Adaptive MFA is a comprehensive, but simple-to-use, product that provides an additional layer of security for an organization’s cloud, mobile and web applications and data.
Robust Security Security is essential for Okta and for our customers. Our approach to security spans day-to-day operational practices from the design and development of our software to how customer data is segmented and secured within our multi-tenant platform.
Robust Security Security is essential for us and for our customers. Our approach to security spans day-to-day operational practices from the design and development of our software to how customer data is segmented and secured within our multi-tenant platform.
Actions and extensibility allow our customers to create customized identity flows that address their unique requirements through a drag-and-drop interface to add pre-built partner integrations and their own custom logic across an authentication flow. • Enterprise Connections . Enterprise Connections enable Enterprise Federation using pre-built integrations with commonly used Enterprise Identity Systems.
Actions and Extensibility allow our customers to create customized identity flows that address their unique requirements through a drag-and-drop interface to add pre-built partner integrations and their own custom logic across an authentication flow. • Enterprise Connections . Enterprise Connections enable Enterprise Federation using pre-built integrations with commonly used enterprise identity systems. • Fine Grained Authorization .
In many instances, we find that initial customer success with our platform results in key internal decision-makers expanding their deployments, for example, from initial use for workforce identity to expanded use for their customer identity needs.
In many instances, we find that initial customer success with our platforms results in key internal decision-makers expanding their deployments, for example, from initial use for workforce identity to expanded use for their customer identity needs.
From time to time, we evaluate opportunities to acquire or invest in emerging and adjacent technologies to complement our organic investments and improve our product offerings, services and customers’ experiences. We will continue to use these types of strategic levers as opportunities arise. Our Product Offerings Okta's suite of product offerings and services is used to manage and secure identities.
From time to time, we evaluate opportunities to acquire or invest in emerging and adjacent technologies to complement our organic investments and improve our product offerings, services and customers’ experiences. We will continue to use these types of strategic levers as opportunities arise. Our Product Offerings Our portfolio of product offerings and services is used to manage and secure identities.
Given the growth trends in the number of applications and cloud adoption and the movement to remote and hybrid workforces, identity is becoming the most critical layer of an organization’s security.
Given the growth trends in cloud adoption and the number of applications customers use and the movement to remote and hybrid workforces, identity is becoming the most critical layer of an organization’s security.
Every day, thousands of organizations and millions of people use Okta to securely access a wide range of cloud, mobile, web and Software-as-a-Service ("SaaS") applications, on-premises servers, application programming interfaces ("APIs"), IT infrastructure providers, and services from a multitude of devices.
Every day, thousands of organizations and millions of people use our platforms to securely access a wide range of cloud, mobile, web and Software-as-a-Service ("SaaS") applications, on-premises servers, application programming interfaces ("APIs"), IT infrastructure providers, and services from a multitude of devices.
We had over 7,000 integrations with cloud, mobile and web applications and IT infrastructure providers as of January 31, 2024, which, while not directly correlated to revenue, shows the breadth and acceptance of our platform. We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings.
We had over 7,000 integrations with cloud, mobile and web applications and IT infrastructure providers as of January 31, 2025, which, while not directly correlated to revenue, shows the breadth and acceptance of our platforms. We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings.
It automates IT processes and ensures user accounts are created and deactivated at the appropriate times, including the workflow and policies needed to power those processes, and helps ensure compliance requirements are met as user roles evolve and access levels change. • Okta Identity Governance .
It automates IT processes and ensures user accounts are created and deactivated at the appropriate times, including the workflow and policies needed to power those processes, and helps ensure compliance requirements are met as user roles evolve and access levels change. • Okta Workflows .
Similarly, the Auth0 Marketplace is a trusted catalog of integrations that enables application teams to easily assemble complete identity solutions. The Auth0 Marketplace connects customers with service providers and builders who solve integration use cases and implement integrations with Customer Identity Cloud.
Similarly, the Auth0 Marketplace is a trusted catalog of integrations that enables application teams to easily assemble complete identity solutions. The Auth0 Marketplace connects customers with service providers and builders who solve integration use cases and implement integrations with the Auth0 Platform.
Our approach to customer identity provides organizations—from companies to government agencies—with the scale, interoperability, extensibility and security they need to build applications with seamless and private experiences that serve a wide variety of users, from customers to citizens.
Our approach to customer identity provides organizations with the scale, interoperability, extensibility and security they need to build applications with seamless and private experiences that serve a wide variety of users, from customers to citizens.
We believe that our platform enables developers to focus their time and attention on innovating within their core application capabilities while relying on our platform for their identity-related requirements, leading to more secure and convenient experiences for their own customers. • Leverage Our Unique Data Assets with Powerful Analytics .
We believe that our platforms enable developers to focus their time and attention on innovating within their core application capabilities while relying on our platforms for their identity-related requirements, leading to more secure and convenient experiences for their own customers. • Leverage Our Unique Data Assets with Powerful Analytics .
Our position at the intersection of people, devices, applications and infrastructure gives us unique access to powerful data, and the opportunity to provide differentiated insights based on that data, as well as predictive capabilities based on that data to help keep customers more secure.
Our position at the intersection of people, devices, applications and infrastructure gives us unique access to powerful threat intelligence identity data, and the opportunity to provide differentiated insights based on that data, as well as predictive capabilities 6 based on that data to help keep customers more secure.
We also expect that our analytics ability will enable our customers to use our data and third-party data from our partners, to help customers make more informed and secure access decisions. We do not currently derive direct revenue from our unique data assets, but we may explore opportunities for monetization in the future.
We also expect that our analytics ability will enable our customers to use our data and third-party data from our partners, allowing customers to make more informed and secure access decisions. We do not currently derive direct revenue from our unique data assets, but we may explore opportunities for monetization in the future. • Mergers and Acquisitions and Investments .
We also have filed other trademark applications pending in various jurisdictions throughout the world. We also have registered other trademarks in the United States including “Okta Workforce Identity Cloud,” “Okta Customer Identity Cloud,” “The World’s Identity Company,” and “Oktane". We are the registered holder of a variety of domestic and international domain names that include “Okta,” "Auth0" and similar variations.
We also have filed other trademark applications pending in various jurisdictions throughout the world. We also have registered other trademarks in the United States including “The World’s Identity Company” and “Oktane". We are the registered holder of a variety of domestic and international domain names that include “Okta,” "Auth0" and similar variations.
Professional Services Our professional services team provides assistance to customers in the deployment of our Workforce Identity Cloud and Customer Identity Cloud and includes identity and security experts, customized deployment plans, SmartStart, which provides a quick path to implementation, and Okta Expert Assist, in which we provide Workforce Identity Cloud and Customer Identity Cloud customers with recommendations and best practices designed to improve their security posture.
Professional Services Our professional services team provides assistance to customers in the deployment of our Okta Platform and Auth0 Platform and includes identity and security experts, customized deployment plans, SmartStart, which provides a quick path to implementation, and Okta Expert Assist, in which we provide our customers with recommendations and best practices designed to improve their security posture.
With 21% of our revenue generated outside of the United States in fiscal 2024, and our international revenue growing 19% from fiscal 2023 to fiscal 2024, we believe there is a significant opportunity to continue to grow our international business.
With 21% of our revenue generated outside of the United States in fiscal 2025, and our international revenue growing 14% from fiscal 2024 to fiscal 2025, we believe there is a significant opportunity to continue to grow our international business.
We provide our employees with a wide range of learning and development opportunities, including in-person, virtual, social and self-directed learning, mentoring, coaching and external development. We offer extensive onboarding and training programs through our internal learning initiative to prepare our employees at all levels for career progression and individual development.
We provide our employees with a wide range of learning and development opportunities, including in-person, virtual, social and self-directed learning, mentoring, coaching and external development. Our extensive onboarding and training programs prepare our employees at all levels for career progression and individual development.
Customer Identity Cloud Customer Identity Cloud, powered by Auth0, enables companies, nonprofits and governmental agencies to transform their own customers’ or citizens’ experiences by empowering development teams to rapidly and securely build customer- and citizen-facing cloud, mobile or web applications. Our Customer Identity Cloud primarily supports consumer and SaaS applications.
Auth0 Platform The Auth0 Platform enables companies, nonprofits and governmental agencies to transform their own customers’ or citizens’ experiences by empowering development teams to rapidly and securely build customer- and citizen-facing cloud, mobile or web applications. The Auth0 Platform primarily supports consumer and SaaS applications.
Workforce Identity Cloud can be used as the central system for an organization’s connectivity, access, authentication and identity lifecycle management needs spanning all of its users, technology and applications.
The Okta Platform can be used as the central system for an organization’s connectivity, access, authentication and identity lifecycle management needs spanning all of its users, technology and applications.
If one of our systems goes down, another is quickly promoted. Our architecture is designed to scale both vertically by increasing the size of the application tiers and horizontally by adding new geo-distributed cells. Our Workforce Identity Cloud and Customer Identity Cloud are monitored not only at the infrastructure level, but also at the application and third-party integration level.
If one of our systems goes down, another is quickly promoted. Our architecture is designed to scale both vertically by increasing the size of the application tiers and horizontally by adding new geo-distributed cells. The Okta Platform and Auth0 Platform are monitored not only at the infrastructure level, but also at the application and third-party integration level.
Extending the benefits of Workforce Identity Cloud to hybrid IT environments delivers a single point of management for our customers’ administrators and a single location from which end users can access their critical applications. • Okta Device Access . Okta Device Access extends Okta's secure access management to the device login experience.
Extending the benefits of the Okta Platform to hybrid IT environments delivers a single point of management for our customers’ administrators and a single location from which end users can access their critical applications. • Okta Device Access . Okta Device Access extends the Okta Platform's secure access management to the device login experience.
Workforce Identity Cloud also supports FIPS 140-2 encryption requirements. Additional information regarding our cybersecurity risk management strategy and governance is included in “ Cybersecurity ” under Part I, Item 1C of this Annual Report on Form 10-K.
The Okta Platform also supports FIPS 140-2 encryption requirements. Additional information regarding our cybersecurity risk management strategy and governance is included in “ Cybersecurity ” under Part I, Item 1C of this Annual Report on Form 10-K.
Okta uses its investor.okta.com website and okta.com/blog websites (including the Security Blog, Okta Developer Blog and Auth0 Developer Blog) as a means of disclosing material non-public information, announcing upcoming investor conferences and for complying with its disclosure obligations under Regulation FD.
We also use our investor.okta.com website and okta.com/blog websites (including the Security Blog, Okta Developer Blog and Auth0 Developer Blog) as a means of disclosing material non-public information, announcing upcoming investor conferences and for complying with our disclosure obligations under Regulation FD.
We intend to continue making significant investments in research and development, hiring top technical talent and maintaining an agile organization. By continuing to innovate, introduce new product offerings and extend our platform, we believe that we can offer increasing value to our existing and potential customers. • Extend Our Accessible Market with New Use Cases .
We intend to continue making significant investments in research and development, hiring top technical talent and maintaining an agile organization. By continuing to innovate, introduce new product offerings and extend our platforms, we believe that we can offer increasing value to our existing and potential customers.
Okta Device Access enables end users to securely log in to their devices with their Okta credentials and meet MFA challenges from a set of strong factors, helping organizations to harden their security posture by protecting a user's device with the same experience Okta provides for applications and resources. 8 Identity Governance and Administration (“IGA”) • Universal Directory .
Okta Device Access enables end users to securely log in to their devices with their Okta Platform credentials and meet MFA challenges from a set of strong factors, helping organizations to harden their security posture by protecting a user's device with the same experience that the Okta Platform provides for applications and resources. 7 • Universal Directory .
As of January 31, 2024, more than 18,950 customers across nearly every industry used Okta to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises to small- and medium-sized businesses, universities, nonprofits and government agencies.
As of January 31, 2025, more than 19,650 customers across nearly every industry used our solutions to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises to small- and medium-sized businesses, universities, nonprofits and government agencies.
Differentiated Administration, User and Developer Experience Workforce Identity Cloud and Customer Identity Cloud offer administrators and users a consistent, easy-to-use, consumer-like experience across our product offerings. Our technology integrates with industry-leading browsers and mobile applications to provide seamless access to nearly any web or native mobile application.
Differentiated Administration, User and Developer Experience The Okta Platform and Auth0 Platform offer administrators and users a consistent, easy-to-use, consumer-like experience across our product offerings. Our technology integrates with industry-leading browsers and mobile applications to provide seamless access to nearly any web or native mobile application.
We enable organizations to provide their workforces with immediate and secure access to every application they need from any device they use, without requiring multiple credentials, which significantly enhances user connectivity and productivity. We offer our customers an additional security layer through our Adaptive Multi-Factor Authentication (“Adaptive MFA”) product offering.
We enable organizations to provide their workforces with immediate and secure access to every application they need from any device they use, without requiring multiple credentials, which significantly enhances user productivity and IT efficiency. We offer our customers an additional security layer through our Adaptive Multi-Factor Authentication (“Adaptive MFA”), Device Access, and Identity Threat Protection with Okta AI product offerings.
We plan to further leverage the sales efforts of resellers, system integrators, managed service providers, and other distribution partners, for growth, scale and specialized expertise. For example, in fiscal 2024, we launched the Okta Elevate Partner Program designed to incentivize partners to deliver and manage Okta solutions. • Expand Our International Footprint .
We plan to further leverage the sales efforts of global system integrators, managed service providers, technology partners and other distribution partners for growth, scale and specialized expertise. Our Okta Elevate Partner Program is designed to incentivize partners to deliver and manage our solutions. • Expand Our International Footprint .
Developers leverage our Customer Identity Cloud and Workforce Identity Cloud to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core mission.
Developers leverage our Okta Platform and Auth0 Platform to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core mission.
As we add new customers, users, developers and integrations to our platform, our business, customers, partners and users benefit from powerful network effects that increase the value and security of our Workforce Identity Cloud and Customer Identity Cloud.
As we add new customers, users, developers and integrations to our platforms, our business, customers, partners and users benefit from powerful network effects that increase the value and security of our solutions.
For customer identity, our APIs are also used by developers to embed Okta identity functionality into their own customer-facing mobile or web applications. We continuously improve our Workforce Identity Cloud and Customer Identity Cloud through the release and development of additional product offerings, features and services. Workforce Identity Product Offerings Access Management • Single Sign-on .
For customer identity, our APIs are also used by developers to embed our identity functionality into their own customer-facing mobile or web applications. We continuously improve our Okta Platform and Auth0 Platform by releasing and developing additional product offerings, features and services. Okta Platform Product Offerings Access Management • Single Sign-on .
For financial information regarding our business, see “ Management’s Discussion and Analysis of Financial Condition and Results of Operations ” included in Part II, Item 7 of this Annual Report on Form 10-K and our consolidated audited financial statements and related notes included elsewhere in this Annual Report on Form 10-K.
For financial information regarding our business, see “ Management’s Discussion and Analysis of Financial Condition and Results of Operations ” included in Part II, Item 7 of this Annual Report on Form 10-K and our consolidated audited financial statements and related notes included elsewhere in this Annual Report on Form 10-K. 14 Corporate Information We incorporated in 2009 as Saasure Inc., a California corporation.
Corporate Information We were incorporated in 2009 as Saasure Inc., a California corporation, and were later reincorporated in 2010 under the name Okta, Inc. as a Delaware corporation. Our principal executive offices are located at 100 First Street, Suite 600, San Francisco, California 94105, and our telephone number is (888) 722-7871. Our website address is www.okta.com.
In 2010, we reincorporated as Okta, Inc., a Delaware corporation. Our principal executive offices are located at 100 First Street, Suite 600, San Francisco, California 94105, and our telephone number is (888) 722-7871. Our website address is www.okta.com. Additional Information Our investor relations website address is investor.okta.com.
Okta Privileged Access enables organizations to reduce risk with unified access and governance management for on-premises and cloud privileged resources, for better visibility, compliance, and security for critical applications, resources and infrastructure requiring privileged access. Workforce Identity Cloud Platform: Extensibility • Okta Workforce Identity Workflows .
Okta Privileged Access enables organizations to reduce risk with unified access and governance management for on-premises and cloud privileged resources, for better visibility, compliance, and security for critical applications, resources and infrastructure requiring privileged access. Auth0 Platform Product Offerings • Universal Login .
Employees and contractors sign into Workforce Identity Cloud to seamlessly and securely access the applications they need to do their most important work. Organizations use our platform to collaborate with their partners and to provide their customers with more modern and secure experiences in the cloud and via mobile devices.
Employees and contractors sign into the Okta Platform to seamlessly and securely access the applications they need to do their most important work with more modern and secure experiences in the cloud and via mobile devices.
Builder and Owner Culture “Build and own it” is one of our core values. Our goal is to create a shared sense of ownership in achieving our company vision where career growth, competitive rewards, and purpose empower our employees to do great work. We want every employee to feel ownership of Okta.
In fiscal 2025, 86% of our eligible employees participated in our annual employee engagement survey. Builder and Owner Culture “Build and own it” is one of our core values. Our goal is to create a shared sense of ownership in achieving our company vision where career growth, competitive rewards, and purpose empower our employees to do great work.
We strive to further increase revenue from our existing customers by cross-selling and up-selling additional and new product offerings. We also believe we can expand our footprint by focusing on current customers that have deployed our Workforce Identity Cloud and expanding those customers’ use of our Customer Identity Cloud, or vice versa. • Leverage Partner Ecosystem .
We strive to further increase revenue from our existing customers by cross-selling and up-selling additional and new product offerings. We also believe we can expand our footprint by focusing on current customers that have deployed our Okta Platform and expanding those customers’ use of our Auth0 Platform, or vice versa. • Drive Growth with Large Customers.
To increase our market share, we intend to continue to grow our customer base using a land-and-expand sales model, with a focus on key markets by size of customers, as well as key verticals, including highly regulated sectors. • Deepen Relationships Within Our Existing Customer Base .
To increase our market share, we intend to focus on growing our base of large customers using a land-and-expand sales model, with a focus on key markets by size of customers, as well as key verticals, including highly regulated sectors. • Leverage Partner Ecosystem .
Our Customers As of January 31, 2024, we had more than 18,950 customers, including more than 4,485 customers with an annual contract value greater than $100,000.
Our Customers As of January 31, 2025, we had more than 19,650 customers, including more than 4,800 customers with an annual contract value greater than $100,000.
For many years, Okta has embraced a hybrid approach to enable our employees to work remotely or from one of our offices. We believe a hybrid approach can increase employee empowerment, satisfaction and productivity, drive efficiency and enable us to hire from a broader, more diverse pool of talent.
We embrace a hybrid working approach that permits employees to work remotely or from one of our offices. We believe a hybrid approach can increase employee empowerment, satisfaction and productivity, drive efficiency and enable us to hire from a broader pool of talent.
We provide 24/7 support for the highest support tiers as well as access to Customer Success and Technical Account Managers. We also provide on-demand access to a robust online digital community and customer success hub, where our customers can find answers to common use cases, information about product features, and interact with Okta experts and industry peers.
We also provide on- 11 demand access to a robust online digital community and customer success hub, where our customers can find answers to common use cases, information about product features, and interact with our experts and industry peers.
Furthermore, as our customers are successful in their businesses and increase headcount, the number of their customers or their monthly active users, we share in their growth as the number of identities that we manage increases. Conversely, if our customers reduce the size of their workforce, then the number of identities that we manage, and therefore our revenue, decreases.
Furthermore, as our customers are successful in their businesses and increase headcount, the number of their customers or their monthly active users, we have the opportunity to share in their growth as the number of identities that we manage increases.
We focus on acquiring and retaining our customers and increasing the value we provide to our customers over time and thus their spending with us through expanding the number of users who access our Workforce Identity Cloud and Customer Identity Cloud and up-selling additional product offerings.
We focus on attracting and retaining our customers and increasing the value we provide to them over time. By retaining customers and increasing value, we increase their spending with us through expanding the number of users who access our Okta Platform and Auth0 Platform, and by selling additional product offerings.
Our employee onboarding program helps our employees get off to the right start, our manager development program helps to build a solid foundation for our people managers, and our technical training program brings our new technical employees up to speed on our product offerings. 14 Compensation, Benefits and Wellness We provide robust compensation, benefits and wellness programs that help support the varying needs of our employees.
Our employee onboarding program helps our new hires get off to the right start, our manager development program helps to build a solid foundation for our people managers, and our technical training program brings our new technical employees up to speed on our product offerings.
We benefit from an expansive partner ecosystem that helps drive additional sales. Nearly all of the leading cloud application providers are our partners, and many of them drive further customer acquisition for us through co-selling arrangements, building our offerings directly into their products, and product demonstrations running on Okta.
Nearly all of the leading cloud application providers are our partners, and many of them drive further customer acquisition for us through co-selling arrangements, building our offerings directly into their products, and product demonstrations running on our technology. We also partner with several of the large technology companies that are driving the movement to the cloud.
Additional information regarding our competition is included in “ Risk Factors ” under Part I, Item 1A of this Annual Report on Form 10-K. 13 Human Capital Resources Our core values—love our customers, never stop innovating, act with integrity, be transparent and empower our people—inform and guide our human capital initiatives and objectives.
Additional information regarding our competition is included in “ Risk Factors ” under Part I, Item 1A of this Annual Report on Form 10-K. Human Capital Resources Our core values—love our customers, always secure and always on, build and own it, and drive what’s next—inform and guide our human capital initiatives and objectives.
Our customers span nearly all industry verticals and range from small organizations with fewer than 100 employees to companies in the Fortune 50, with up to hundreds of thousands of employees, some of which use our platform to manage millions of their customers' identities.
Our customers span nearly all industry verticals and range from small organizations with fewer than 100 employees to companies in the Fortune 50, with up to hundreds of thousands of employees, some of which use our platforms to manage millions of their customers' identities. 10 Sales and Marketing Sales We sell directly to customers through our direct inside and field sales force and also indirectly through our extensive ecosystem of channel partners.
In addition, as of such date, we also had seventy-three issued patents granted outside of the United States, which expire between 2033 and 2043 and cover various aspects of our product offerings. 12 We have registered “Okta” and "Auth0" as trademarks in many jurisdictions throughout the world to protect our brands.
As of January 31, 2025, we had 74 issued patents in the United States and 81 issued patents granted outside of the United States that expire between 2030 and 2044 and cover various aspects of our product offerings. We have registered “Okta” and "Auth0" as trademarks in many jurisdictions throughout the world to protect our brands.
Our customers use Workforce Identity Cloud to secure their workforces, to create solutions that make their partner networks more collaborative, and to provide more seamless and secure experiences for their end users, which, combined with our open approach, enables our customers to future-proof their environments.
Our customers use the Okta Platform to secure their workforces, to create solutions that make their partner networks more collaborative, and to provide more seamless and secure experiences for their end users. These features, combined with our technological neutrality, help our customers future-proof their environments.
Customer Identity Cloud Product Offerings • Universal Login . Universal Login is a standards-based login infrastructure with centralized feature management and configuration for websites and applications that can be integrated with a wide range of social media login credential providers, enterprise login services and customer-provided databases.
Universal Login is a standards-based login infrastructure with centralized feature management and configuration for websites and applications that can be integrated with a wide range of social media login credential providers, enterprise login services and customer-provided databases. Universal Login enables our customers to provide a consistent login experience across many different applications and devices. 8 • Attack Protection .
Customer Identity Cloud provides multiple enhanced security capabilities including bot detection, Adaptive MFA, fraud prevention, and account takeover attack protection while delivering a high level of security. In addition to security and authentication, Customer Identity Cloud also supports authorization. 6 Growth Strategy Key elements of our growth strategy are to: Execute with Our Platform • Drive New Customer Growth .
The Auth0 Platform provides multiple enhanced security capabilities including bot detection, Adaptive MFA, fraud prevention, and account takeover attack protection while delivering a high level of security. In addition to security and authentication, Auth0 also supports authorization, including fine grained authorization.
Research and Development Our research and development organization is responsible for the design, architecture, creation and quality of our platform. The research and development organization also works closely with our technical operations team to ensure the successful deployment and monitoring of our platform. We use test automation and application monitoring to ensure our services are always on.
The research and development organization also works closely with our technical operations team to ensure the successful deployment and monitoring of our platforms. We use test automation and application monitoring to ensure our services are always on. Customer Support and Professional Services Our product offerings are designed for ease of use and fast deployments.
Additional information on our ESG programs and initiatives can be found in our “ESG Fact Sheet” on the “Responsibility” page of our website at www.okta.com. 15 Financial Information The financial information required under this Item 1 is incorporated herein by reference to “ Financial Statements and Supplementary Data ” included in Part II, Item 8 of this Annual Report on Form 10-K.
Financial Information The financial information required under this Item 1 is incorporated herein by reference to “ Financial Statements and Supplementary Data ” included in Part II, Item 8 of this Annual Report on Form 10-K.
Our employee engagement program helps us understand employee sentiment on a wide range of topics throughout the employee lifecycle, providing insights that inform our decisions about company initiatives, employee programs, talent risks, management opportunities and more. In fiscal 2024, 83% of our eligible employees participated in our annual employee engagement survey.
We have not experienced any work stoppages, and we consider our relations with our employees to be good. Our employee engagement program helps us understand employee sentiment on a wide range of topics throughout the employee lifecycle, providing insights that inform our decisions about company initiatives, employee programs, talent risks, management opportunities and more.
Private Cloud is a deployment option that allows our customers to run a dedicated cloud instance of Customer Identity Cloud. Private Cloud capability supports multiple cloud providers. • Organizations . Organizations enable our customers to support a large number of partners or customers of their own with independent configurations, login experiences and security options. • Actions and Extensibility .
Organizations enable our customers to support a large number of partners or customers of their own with independent configurations, login experiences and security options. • Actions and Extensibility .
We often leverage our expansion sales model to generate incremental revenue, often within the term of the initial agreement, through the addition of new users and the sale of additional product offerings.
We also offer a self-service approach for developers to sign up for free trials of our Auth0 Platform, which may transition to paid offerings. We often leverage our expansion sales model to generate incremental revenue, often within the term of the initial agreement, through the addition of new users and the sale of additional product offerings.
We are committed to fair compensation and opportunity in our workplace. We conduct regular equal pay assessments and adjust as needed to attempt to ensure our employees are paid equitably without regard to gender or ethnicity. Hybrid and Remote Work We help our employees succeed by providing flexibility in where and how they work.
We are committed to fair compensation and opportunity in our workplace. We conduct regular equal pay assessments to attempt to promote pay equity among all of our employees. Flexible Work We help our employees succeed by providing flexibility in where and how they work.
Our Workforce Identity Cloud and Customer Identity Cloud help organizations effectively harness the power of cloud, mobile and web technologies by securing users and connecting them with the applications and technology they use.
At the same time, consumer expectations favoring simple, secure digital experiences are driving the adoption of new consumer identity technologies. Our platforms help organizations effectively harness the power of cloud, mobile and web technologies by securing users and connecting them with the applications and technology they use.
As technology and our customers’ needs evolve, we plan to use our platform to help our customers address new challenges, regulatory requirements and use cases. • Leverage Our Integrations . The Okta Integration Network is an extensive ecosystem, which includes over 7,000 integrations with cloud, mobile and web applications as well integrated solutions with IT infrastructure providers.
The Okta Integration Network is an extensive ecosystem, which includes over 7,000 integrations with cloud, mobile and web applications as well integrated solutions with IT infrastructure providers and security vendors. We continue to add new integrations as we expand the surface area of our identity platform.
Okta for Good is a part of our company and not a separate legal entity. Additional information can be found on the "Okta for Good" page of our website at www.okta.com. Sustainability In fiscal 2021, we launched our Environmental, Social and Governance (“ESG”) program. We established an oversight structure to provide strategic direction for our ESG program.
Okta for Good is a part of our company and not a separate legal entity. Additional information can be found on the "Okta for Good" page of our website at www.okta.com. Sustainability We have an established sustainability program that aligns with our interest to have a positive impact on society and the environment.
The acceleration of digital transformation, cloud adoption and the evolving security threat landscape are driving a shift in how organizations securely manage the identity of their employees, contractors and partners on the internet. At the same time, changing consumer expectations favoring simple, secure digital experiences are driving the adoption of new consumer identity technologies.
Our Okta Platform and Auth0 Platform enable our customers to securely connect the right people to the right technologies and services at the right time. The acceleration of digital transformation, cloud adoption and the evolving security threat landscape are driving a shift in how organizations securely manage the identity of their employees, contractors and partners.
Intellectual Property We protect our intellectual property through a combination of trademarks, domain names, copyrights, trade secrets and patents, as well as contractual provisions and restrictions on access to our proprietary technology. As of January 31, 2024, we had fifty-two issued patents in the United States, which expire between 2030 and 2043 and cover various aspects of our product offerings.
Intellectual Property We protect our intellectual property through a combination of trademarks, domain names, copyrights, trade secrets and patents, as well as contractual provisions and restrictions on access to our proprietary technology.
Prior to our initial public offering ("IPO") in April 2017, we reserved 300,000 shares of our common stock to fund and support the operations of Okta for Good, of which 56,250 shares of Class A common stock remained reserved for future issuances as of January 31, 2024.
Prior to our initial public offering ("IPO") in April 2017, we reserved 300,000 shares of our common stock to fund and support the operations of Okta for Good, all of which have been issued as of January 31, 2025. Ongoing philanthropic activities will be funded via cash contributions from Okta, Inc.
… 55 more changes not shown on this page.
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
244 edited+39 added−105 removed136 unchanged
Item 1A. Risk Factors
Risk Factors — what could go wrong, per management
244 edited+39 added−105 removed136 unchanged
2024 filing
2025 filing
Biggest changeThese risks include, among other things: • macroeconomic conditions, including the inflation and interest rate environment; • unexpected costs and errors in the localization of our products, including translation into foreign languages and adaptation for local practices and regulatory requirements; • lack of familiarity and burdens of complying with foreign laws, legal standards, privacy standards, regulatory requirements, tariffs and other barriers; • laws and business practices favoring local competitors or commercial parties; • costs and liabilities related to compliance with the numerous and ever-growing landscape of U.S. and international data privacy and cybersecurity regimes, many of which involve disparate standards and enforcement approaches, to address cross-border data flows; • greater risk that our foreign employees or partners will fail to comply with U.S. and foreign laws; • practical difficulties of enforcing intellectual property rights in countries with fluctuating laws and standards and reduced or varied protection for intellectual property rights in some countries; • restrictive governmental actions focusing on cross-border trade, including taxes, trade laws, tariffs, import and export restrictions or quotas, barriers, sanctions, custom duties or other trade restrictions; • unexpected changes in legal and regulatory requirements; • difficulties in managing systems integrators and technology partners; • differing technology standards; • longer accounts receivable payment cycles and difficulties in collecting accounts receivable; 24 • difficulties in managing and staffing international operations and differing employer/employee relationships and local employment laws; • political, economic and social instability, war, terrorist activities or armed conflict, including Russia's invasion of Ukraine; • global economic uncertainty caused by global political events; • health epidemics, such as COVID-19, influenza and other highly communicable diseases or viruses; • fluctuations in exchange rates that may increase the volatility of our foreign-based revenue and expense; and • potentially adverse tax consequences, including the complexities of foreign value added tax (or other tax) systems and restrictions on the repatriation of earnings.
Biggest changeConducting international operations also subjects us to, among other risks described in these risk factors: • political, economic and social uncertainties, including macroeconomic conditions; • unexpected changes in, or costs and liabilities related to, compliance with foreign legal and regulatory requirements, such as data privacy and cybersecurity regimes; intellectual property rights protections; and requirements relating to the localization of our solutions; • restrictive governmental actions focusing on cross-border trade, including taxes, trade laws, tariffs, import and export restrictions or quotas, barriers, sanctions, custom duties or other trade restrictions; and • difficulties in managing systems integrators and technology partners.
For example, if we develop a new product feature but our competitors give an equivalent feature away for free, we may need to also include our newly developed feature for free as part of an existing product offering to remain competitive in the marketplace.
For example, if we develop a new feature but our competitors give an equivalent feature away for free, we may need to also include our newly developed feature for free as part of an existing product offering to remain competitive in the marketplace.
If we are unable to close one or more of such expected significant transactions in a particular period, or if such an expected transaction is delayed until a subsequent period, our results of operations for that period, and for any future periods in which revenue from such transaction would otherwise have been recognized, may be harmed.
If we are unable to close one or more of expected significant transactions in a particular period, or if such an expected transaction is delayed until a subsequent period, our results of operations for that period, and for any future periods in which revenue from such transaction would otherwise have been recognized, may be harmed.
We have experienced cybersecurity incidents resulting from our use of and oversight over third-party service providers and may experience such incidents in the future. These incidents have, in the past, and may, in the future, result from our configuration of such providers’ products or from cybersecurity attacks on such providers of the same type that could affect our own systems.
We have experienced cybersecurity incidents resulting from our use of and oversight over third-party service providers and could experience such incidents in the future. These incidents have, in the past, and may, in the future, result from our configuration of such providers’ products or from cybersecurity attacks on such providers of the same type that could affect our own systems.
Foreign Corrupt Practices Act of 1977, as amended (“FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery and anti-money laundering laws in countries in which we conduct activities.
Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery and anti-money laundering laws in countries in which we conduct activities.
Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that: • provide that our board of directors is classified into three classes of directors with staggered three-year terms; • permit the board of directors to establish the number of directors and fill any vacancies and newly-created directorships; • require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws; • authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan; • provide that only the Chairperson of our board of directors, our Chief Executive Officer, or a majority of our board of directors are authorized to call a special meeting of stockholders; • provide for a dual class common stock structure in which holders of our Class B common stock have the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Class A and Class B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets; • prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders; • provide that the board of directors is expressly authorized to make, alter or repeal our bylaws; and • advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that: • provide that our board is classified into three classes of directors with staggered three-year terms; • permit our board to establish the number of directors and fill any vacancies and newly-created directorships; • require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws; • authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan; • provide that only the Chairperson of our board, our Chief Executive Officer, or a majority of our board of directors are authorized to call a special meeting of stockholders; • provide for a dual class common stock structure in which holders of our Class B common stock have the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Class A and Class B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets; • prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders; • provide that our board is expressly authorized to make, alter or repeal our bylaws; and • advance notice requirements for nominations for election to our board or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
For example, it could: • make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry and competitive conditions and adverse changes in government regulation; • limit our flexibility in planning for, or reacting to, changes in our business and our industry; • place us at a disadvantage compared to our competitors who have less debt; • limit our ability to borrow additional amounts to fund acquisitions, for working capital and for other general corporate purposes; and 46 • make an acquisition of our company less attractive or more difficult.
For example, it could: • make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry and competitive conditions and adverse changes in government regulation; • limit our flexibility in planning for, or reacting to, changes in our business and our industry; • place us at a disadvantage compared to our competitors who have less debt; • limit our ability to borrow additional amounts to fund acquisitions, for working capital and for other general corporate purposes; and • make an acquisition of our company less attractive or more difficult.
Furthermore, as a well-known provider of identity and security solutions that form a part of our customers’ security software supply chain, any such breach, including a breach of our customers’ systems, could compromise systems secured by our products, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ systems, and the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, which could subject us to liability and cause us financial harm.
Furthermore, as a well-known provider of identity and security solutions that form a part of our customers’ security software supply chain, any such breach, including a breach of our customers’ systems, could compromise systems secured by our solutions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ systems, and the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, which could subject us to liability and cause us financial harm.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware will be the exclusive forum for: • any derivative action or proceeding brought on our behalf; • any action asserting a breach of fiduciary duty; • any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; or 45 • any action asserting a claim against us that is governed by the internal affairs doctrine.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware will be the exclusive forum for: • any derivative action or proceeding brought on our behalf; • any action asserting a breach of fiduciary duty; • any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; or • any action asserting a claim against us that is governed by the internal affairs doctrine.
Any successful action by state, foreign or other authorities to compel us to collect and remit sales tax, use tax or other taxes, either retroactively, prospectively or both, could harm our business, results of operations and financial condition. Our ability to use our U.S. net operating loss carry-forwards and certain other tax attributes may be limited.
Any successful action by state, foreign or other authorities to compel us to collect and remit sales tax, use tax or other taxes, either retroactively, prospectively or both, could harm our business, results of operations and financial condition. 35 Our ability to use our U.S. net operating loss carry-forwards and certain other tax attributes may be limited.
Because of the ten-to-one voting ratio between our Class B and Class A common stock, the holders of our Class B common stock collectively could continue to control nearly a majority of the combined voting power of our common stock and be able to effectively control all matters submitted to our stockholders for approval until April 12, 2027, the date that is the ten-year anniversary of the closing of our IPO.
Because of the ten-to-one voting ratio between our Class B and Class A common stock, the 37 holders of our Class B common stock collectively could continue to control nearly a majority of the combined voting power of our common stock and be able to effectively control all matters submitted to our stockholders for approval until April 12, 2027, the date that is the ten-year anniversary of the closing of our IPO.
Alternatively, if a court were to find the choice of forum provision contained in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, results of operations and financial condition.
Alternatively, if a court were to find the choice of forum provision contained in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur 39 additional costs associated with resolving such action in other jurisdictions, which could harm our business, results of operations and financial condition.
The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements.
The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our 34 business in a manner consistent with our corporate structure and intercompany arrangements.
New income, sales, use, value-added or other transaction level taxes, tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could adversely impact our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, 40 regulations or ordinances could be interpreted, changed, modified or applied adversely to us.
New income, sales, use, value-added or other transaction level taxes, tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could adversely impact our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us.
If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our Class A common stock could decrease, which might cause our Class A common stock price and trading volume to decline. 44 We do not intend to pay dividends for the foreseeable future.
If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our Class A common stock could decrease, which might cause our Class A common stock price and trading volume to decline. We do not intend to pay dividends for the foreseeable future.
If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.
If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced net cash flows and lower overall profitability of our operations.
Future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our applications, restrict our business operations, or increase our costs and impair our ability to maintain and grow our customer base and increase our 31 revenue.
Future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our applications, restrict our business operations, or increase our costs and impair our ability to maintain and grow our customer base and increase our revenue.
In addition, a decrease in new subscriptions or renewals in a reporting period may not have an immediate impact on billings for that period. We may face exposure to foreign currency exchange rate fluctuations. Today, a vast majority of our customer contracts are denominated in U.S. dollars.
In addition, a decrease in new subscriptions or renewals in a reporting period may not have an immediate impact on billings for that period. 33 We face exposure to foreign currency exchange rate fluctuations. Today, a vast majority of our customer contracts are denominated in U.S. dollars.
This activity could cause a decrease in the market price of our Class A common stock. 47 General Risk Factors We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
This activity could cause a decrease in the market price of our Class A common stock. General Risk Factors We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their Class A common 38 stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Any of these factors could harm our business, results of operations and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase. The conversion features of the Notes, if triggered, may adversely affect our financial condition and results of operations.
Any of these factors could harm our business, results of operations and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase. 40 The conversion features of the Notes, if triggered, may adversely affect our financial condition and results of operations.
Further, we may be subject to audits and investigations regarding 26 our role as a subcontractor in government contracts, and violations could result in penalties and sanctions, including contract termination, refunding or forfeiting payments, fines, and suspension or debarment from future government business.
Further, we may be subject to audits and investigations regarding our role as a subcontractor in government contracts, and violations could result in penalties and sanctions, including contract termination, refunding or forfeiting payments, fines, and suspension or debarment from future government business.
The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or 22 other metrics for a particular period.
The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or other metrics for a particular period.
Third parties have induced and may continue to fraudulently induce employees, contractors, customers or our customers’ users into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our applications, internal networks, electronic systems and/or physical facilities in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platform, interruptions or malfunctions in our operations, account lockouts, and, ultimately, harm to our future business prospects and revenue.
Third parties have induced and may continue to fraudulently induce employees, contractors, customers or our customers’ users into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our applications, internal networks, electronic systems and/or physical facilities in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platforms, interruptions or malfunctions in our operations, account lockouts, and, ultimately, harm to our future business prospects and revenue.
The conditional conversion features of the 2025 Notes were triggered as of January 31, 2021 and the 2025 Notes were convertible at the option of the holders between February 1, 2021 and April 30, 2021; however, as of January 31, 2024, the conditions allowing holders of the 2025 Notes to convert were not met.
The conditional conversion features of the 2025 Notes were triggered as of January 31, 2021 and the 2025 Notes were convertible at the option of the holders between February 1, 2021 and April 30, 2021; however, as of January 31, 2025, the conditions allowing holders of the 2025 Notes to convert were not met.
We use open source software in our products and expect to use more open source software in the future. From time to time, there have been claims challenging the ownership of open source software against companies that incorporate open source software into their products.
We use open source software in our solutions and expect to use more open source software in the future. From time to time, there have been claims challenging the ownership of open source software against companies that incorporate open source software into their products.
Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers is generally recognized over the applicable service period.
Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from customers is generally recognized over the applicable service period.
Significant assumptions and estimates used in preparing our consolidated financial statements include, but are not limited to those referenced in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our 42 results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our Class A common stock.
Significant assumptions and estimates used in preparing our consolidated financial statements include, but are not limited to those referenced in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our 36 results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our Class A common stock.
When such breaches occur, as a result of third-party action, technology limitations, employee or contractor error, malfeasance or otherwise, and if the confidentiality, integrity or availability of our customers’ data or systems is disrupted, we could incur significant liability to our customers and to individuals or businesses whose information was being stored by our customers, and our platform may be perceived as less desirable, which could negatively affect our business and damage our reputation.
When such breaches occur, as a result of third-party action, technology limitations, employee or contractor error, malfeasance or otherwise, and if the confidentiality, integrity or availability of our customers’ data or systems is disrupted, we could incur significant liability to our customers and to individuals or businesses whose information was being stored by our customers, and our platforms may be perceived as less desirable, which could negatively affect our business and damage our reputation.
We have, in the past, and may, in the future, experience disruptions, data loss or corruption, outages and other performance problems with our infrastructure or service due to a variety of factors.
We have experienced in the past, and may experience in the future, disruptions, data loss or corruption, outages, and other performance problems with our infrastructure or service due to a variety of factors.
Issues in the development and use of artificial intelligence, combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.
Issues in the development and use of artificial intelligence (“AI”), combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.
These factors include, for example, 28 infrastructure and functionality changes, human or software errors, capacity constraints, ransomware attacks that encrypt our data and render it inaccessible or security-related incidents.
These factors include, for example, infrastructure and functionality changes, human or software errors, capacity constraints, ransomware attacks that encrypt our data and render it inaccessible, or security-related incidents.
Any loss of the right to use any of these services could result in decreased functionality of our products until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls.
Any loss of the right to use any of these services could result in decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls.
Although we are working to comply with those federal, state and foreign laws and regulations, industry standards, contractual obligations and other legal obligations that apply to us, those laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another, other requirements or legal obligations, our practices or the features of our platform.
Although we are working to comply with those federal, state and foreign laws and regulations, industry standards, contractual obligations and other legal obligations that apply to us, those laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another, other requirements or legal obligations, our practices or the features of our platforms.
We also expect that there will continue to be new proposed laws, regulations, self-regulatory and industry standards concerning privacy, data protection and information security in the United States, China, the European Union, India and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards may have on our business.
We also expect that there will continue to be new proposed laws, regulations, self-regulatory and industry standards concerning privacy, data protection, digital services, and information security in the United States, China, the European Union, India and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards may have on our business.
Also, we may not be successful in developing or maintaining relationships with key participants in the mobile industry or in developing products that operate effectively with a range of operating systems, networks, devices, browsers, protocols and standards. In addition, we may face different fraud, security and regulatory risks from transactions sent from mobile devices than we do from personal computers.
Also, we may not be successful in developing or maintaining relationships with key participants in the mobile industry or in developing solutions that operate effectively with a range of operating systems, networks, devices, browsers, protocols and standards. In addition, we may face different fraud, security and regulatory risks from transactions sent from mobile devices than we do from personal computers.
If we acquire additional businesses, we may not be able to successfully integrate and retain the acquired personnel, integrate the acquired operations and technologies, and adequately test and assimilate the internal control processes of the acquired business in accordance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley Act”), or effectively manage the combined business following the acquisition.
If we acquire additional businesses, we may not be able to successfully integrate and retain the acquired personnel; integrate the acquired operations and technologies; adequately test and assimilate the internal control processes of the acquired business in accordance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley Act”); or effectively manage the combined business.
As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our products.
As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions.
State, foreign and local taxing jurisdictions have differing rules and regulations governing sales, use and other indirect taxes (including digital services taxes), and these rules and regulations are subject to varying interpretations that may change over time. In particular, the applicability of certain sales, value-added and digital services taxes to our platform in various jurisdictions is unclear.
State, foreign and local taxing jurisdictions have differing rules and regulations governing sales, use and other indirect taxes (including digital services taxes), and these rules and regulations are subject to varying interpretations that may change over time. In particular, the applicability of certain sales, value-added and digital services taxes to our platforms in various jurisdictions is unclear.
In addition, the number of U.S. states with comprehensive Data Protection Laws significantly increased in 2023. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions.
In addition, the number of U.S. states with comprehensive Data Protection Laws significantly increased in 2024. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions.
Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation.
Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our solutions, impair the functionality of our solutions, delay introductions of new solutions, result in our substituting inferior or more costly technologies into our solutions, or injure our reputation.
Increasingly, companies, including Okta, are subject to a wide variety of attacks on their systems and networks on an ongoing basis.
Increasingly, companies, including Okta, Inc., are subject to a wide variety of attacks on their systems and networks on an ongoing basis.
We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create products that compete with ours.
We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our solutions and use information that we regard as proprietary to create solutions that compete with ours.
Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products. To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets.
Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our solutions. To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets.
Even if we do meet them, the additional costs associated with providing our service to government entities could harm our margins. Moreover, changes in underlying regulatory requirements could be an impediment to our ability to efficiently provide our service to government customers and to grow or maintain our customer base.
Even if we do meet them, the additional costs associated with providing our service to public sector entities could harm our margins. Moreover, changes in underlying regulatory requirements could be an impediment to our ability to efficiently provide our service to government customers and to grow or maintain our customer base.
Further, as competitors introduce new products that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively internationally.
Further, as competitors introduce new solutions that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively internationally.
The security measures we have integrated into our internal systems and platform, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected and have not in the past been, and may not in the future be, sufficient to protect our internal networks and platform against certain attacks.
The security measures we have integrated into our internal systems and platforms, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected and have not in the past been, and may not in the future be, sufficient to protect our internal networks and platforms against certain attacks.
Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our products and proprietary information.
Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our solutions and proprietary information.
However, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products.
However, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions.
Public concerns regarding personal data processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platform.
Public concerns regarding personal data processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platforms.
Although we take precautions to prevent our products from being provided in violation of such laws, our products may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. This could result in negative consequences to us, including government investigations, penalties and harm to our reputation.
Although we take precautions to prevent our solutions from being provided in violation of such laws, our solutions may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. This could result in negative consequences to us, including government investigations, penalties and harm to our reputation.
The success of any enhancement or new product depends on several factors, including the timely completion and market acceptance of the enhancement or new product. Any new product we develop or acquire might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue.
The success of any enhancement or new solution depends on several factors, including the timely completion and market acceptance of the enhancement or new solution. Any new solution we develop or acquire might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue.
Uncertainty around new and emerging AI technologies, such as generative AI, may require additional investment in the development and maintenance of proprietary datasets and machine learning models, development of new approaches and processes to provide attribution or remuneration to creators of training data, and development of appropriate protections and safeguards for handling the use of customer data with AI technologies, which may be costly and could impact our expenses if we decide to expand generative AI into our product offerings.
Uncertainty around new and emerging AI technologies, such as generative AI, may require additional investment in the development and maintenance of proprietary datasets and machine learning models, development of new approaches and processes to provide attribution or remuneration to creators of training data, and development of appropriate protections and safeguards for handling the use of customer data with AI technologies, which may be costly and could impact our expenses as we continue to expand generative AI into our product offerings.
Our financial statements could fail to reflect adequate reserves to cover such a contingency. Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our products and harm our business.
Our financial statements could fail to reflect adequate reserves to cover such a contingency. Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our solutions and harm our business.
Risks Related to Our Business and Industry Adverse general economic, market and industry conditions and reductions in workforce identity and customer identity spending have, in the past, and may, in the future, reduce demand for our products, which could harm our revenue, results of operations and cash flows.
Risks Related to Our Business and Industry Adverse general economic, market and industry conditions and reductions in workforce identity and customer identity spending have, in the past, and may, in the future, reduce demand for our solutions, which could harm our revenue, results of operations and cash flows.
In addition, if our mix of products sold changes, then we may need to, or choose to, revise our pricing. As a result, we may be required or choose to reduce our prices or change our pricing model, which could harm our business, results of operations and financial condition.
In addition, if our mix of solutions sold changes, then we may need to, or choose to, revise our pricing. As a result, we may be required or choose to reduce our prices or change our pricing model, which could harm our business, results of operations and financial condition.
Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our products. We rely on technologies from third parties to operate critical functions of our business, including cloud infrastructure services and customer relationship management services.
Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions. We rely on technologies from third parties to operate critical functions of our business, including cloud infrastructure services and customer relationship management services.
In addition, we may be required to license additional technology from third parties to develop and market new products, and we cannot ensure that we can license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.
In addition, we may be required to license additional technology from third parties to develop and market new solutions, and we cannot ensure that we can license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.
There is considerable patent and other intellectual property development activity in our industry, and we expect that software companies will increasingly be subject to infringement claims as the number of products and competitors grows and the functionality of products in different industry segments overlaps.
There is considerable patent and other intellectual property development activity in our industry, and we expect that software companies will increasingly be subject to infringement claims as the number of solutions and competitors grows, and the functionality of solutions in different industry segments overlaps.
Unsuccessful, lengthy, or costly customer implementation and integration projects could result in claims from customers, harm to our reputation, and opportunities for competitors to displace our products, each of which could have an adverse effect on our business and results of operations.
Unsuccessful, lengthy, or costly customer implementation and integration projects could result in claims from customers, harm to our reputation, and opportunities for competitors to displace our solutions, each of which could have an adverse effect on our business and results of operations.
Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our products. In the future, these services may not be available to us on commercially reasonable terms, or at all.
Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our solutions. In the future, these services may not be available to us on commercially reasonable terms, or at all.
If we fail to maintain our privacy certifications, or if we fail to seek expansion of their applicability to acquired and/or newly-developed products, we may fail to meet our contractual commitments and we may fail to retain our existing customers or attract new customers, and our business, results of operations and financial condition could suffer.
If we fail to maintain our privacy certifications, or if we fail to seek expansion of their applicability to acquired and/or newly-developed solutions, we may fail to meet our contractual commitments and we may fail to retain our existing customers or attract new customers, and our business, results of operations and financial condition could suffer.
Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, results of operations and financial condition. Non-compliance with these obligations can trigger significant fines.
Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, results of operations and financial condition. Non-compliance with these obligations can trigger significant fines and other penalties.
As a result, we depend on the interoperability of our products with such third-party services, mobile devices and mobile operating systems, as well as cloud-enabled hardware, software, networking, browsers, database technologies and protocols that we do not control.
As a result, we depend on the interoperability of our solutions with such third-party services, mobile devices and mobile operating systems, as well as cloud-enabled hardware, software, networking, browsers, database technologies and protocols that we do not control.
These breaches, or any perceived breach, of our systems, our customers’ systems, our service providers’ systems, or other systems or networks secured by our products, whether or not any such breach is due to a vulnerability in our platform, may also undermine confidence in our platform or our industry and result in damage to our reputation and brand, negative publicity, loss of ISVs and other channel partners, customers and sales, increased costs to remedy any problem, costly litigation and other liability.
These breaches, or any perceived breach, of our systems, our customers’ systems, our service providers’ systems, or other systems or networks secured by our platforms, whether or not any such breach is due to a vulnerability in our platforms, may also undermine confidence in our platforms or our industry and result in damage to our reputation and brand, negative publicity, loss of ISVs and other channel partners, customers and sales, increased costs to remedy any problem, costly litigation and other liability.
The markets for our products are rapidly evolving, highly competitive and subject to shifting customer needs and frequent introductions of new technologies. As the markets in which we operate continue to mature and new technologies and competitors enter such markets, we expect competition to intensify.
The markets for our solutions are rapidly evolving, highly competitive, and subject to shifting customer needs and frequent introductions of new technologies. As the markets in which we operate continue to mature and new technologies and competitors enter such markets, we expect competition to intensify.
If we elect not to or are unable to develop products internally, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations.
If we elect not to or are unable to develop solutions internally, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations.
Furthermore, we might be forced to limit the features available in our current or future products. These delays and feature limitations, if they occur, could harm our business, results of operations and financial condition.
Furthermore, we might be forced to limit the features available in our current or future solutions. These delays and feature limitations, if they occur, could harm our business, results of operations and financial condition.
We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our products become more complex and our user traffic increases.
We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our solutions become more complex and our user traffic increases.
If we are unable to effectively anticipate and manage these risks, or if it is difficult for our customers to access and use our platform, our business, results of operations and financial condition may be harmed.
If we are unable to effectively anticipate and manage these risks, or if it is difficult for our customers to access and use our platforms, our business, results of operations and financial condition may be harmed.
Our continued growth depends, in part, on the ability of our existing and potential customers to access our platform 24 hours a day, seven days a week, without interruption or degradation of performance.
Our continued growth depends, in part, on the ability of our existing and potential customers to access our platforms 24 hours a day, seven days a week, without interruption or degradation of performance.
In addition, if an acquired business fails to meet our expectations, our business, results of operations and financial condition could suffer. Because our long-term success depends, in part, on our ability to expand the sales of our products to customers located outside of the United States, our business will be susceptible to risks associated with international operations.
If an acquired business fails to meet our expectations, our business, results of operations and financial condition could suffer. Because our long-term success depends, in part, on our ability to expand the sales of our solutions to customers located outside of the United States, our business will be susceptible to risks associated with international operations.
Existing and potential privacy laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, products and services such as ours.
Existing and potential privacy laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, solutions and services such as ours.
If we are unable to ensure that our products integrate or interoperate with a variety of operating systems, platforms, services, software applications devices, mobile phones and other hardware form factors that are developed by others, our platform may become less competitive and our results of operations may be harmed.
If we are unable to ensure that our solutions integrate or interoperate with a variety of operating systems, platforms, services, software applications devices, mobile phones and other hardware form factors that are developed by others, our platforms may become less competitive and our results of operations may be harmed.
The intellectual property ownership and license rights, including copyright, surrounding AI technologies has not been fully addressed by courts or national or local laws or regulations, and the use or adoption of third-party AI technologies into our products and services may result in exposure to claims of copyright infringement or other intellectual property misappropriation.
The intellectual property ownership and license rights, including copyright, surrounding AI technologies has not been fully addressed by courts or national or local laws or regulations, and the use or adoption of third-party AI technologies into our solutions may result in exposure to claims of copyright infringement or other intellectual property misappropriation.
If we raise our prices to offset the costs of these additional taxes, existing and potential future customers may elect not to purchase our products in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating and other costs, as well as the costs of our products.
If we raise our prices to offset the costs of these additional taxes, existing and potential future customers may elect not to purchase our solutions in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our compliance, operating and other costs, as well as the costs of our solutions to our customers.
Selling to these entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense. Government entities often require contract terms that differ from our standard arrangements and impose additional compliance requirements, require increased attention to pricing practices, or are otherwise time consuming and expensive to satisfy.
Selling to these entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense. Public sector entities often require contract terms that differ from our standard arrangements and impose additional compliance requirements, require increased attention to pricing practices, or are otherwise time consuming and expensive to satisfy.
Any change in our customers’ preference for cloud-based identity management or any shift towards on-premises systems could also adversely affect adoption and usage of our platform.
Any change in our customers’ preference for cloud-based identity management or any shift towards on-premises systems could also adversely affect adoption and usage of our platforms.
In the past we have experienced cybersecurity incidents that allowed unauthorized access to our systems or data or our customers’ data, harmed our reputation, created additional liability and adversely impacted our financial results. We may experience similar incidents in the future which may also include disabling access to our service.
In the past, we have experienced cybersecurity incidents that allowed unauthorized access to our systems or data or our customers’ data, harmed our reputation, created additional liability, and adversely impacted our financial results. We and our third-party service providers may experience similar incidents in the future which may also include disabling access to our service.
Even if we maintain adequate research and development resources, we may be unable to monetize newly developed products or features such that we can recoup our research and development expenditures.
Even if we maintain adequate research and development resources, we may be unable to monetize newly developed solutions or features such that we can recoup our research and development expenditures.
… 308 more changes not shown on this page.
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
22 edited+5 added−4 removed1 unchanged
Item 1C. Cybersecurity
Cybersecurity — threats and controls disclosure
22 edited+5 added−4 removed1 unchanged
2024 filing
2025 filing
Biggest changeIn the face of this threat landscape, Okta remains committed to protecting its systems, internal networks and its customers’ systems, and the information that it and they store and process. Okta has an established cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of its critical systems, internal networks and information.
Biggest changeWe have an established cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of Okta, Inc.'s critical systems, internal networks, and information. This program implements policies, processes and controls to respond to cybersecurity threats and mitigate business impacts.
We require high risk third-party vendors, suppliers and service providers to undergo a cybersecurity risk assessment prior to contracting with Okta. Certain third parties are monitored and reassessed on an ongoing basis, depending on their level of risk or in the event of changes to their products or services.
We require high risk third-party vendors, suppliers and service providers to undergo a cybersecurity risk assessment prior to contracting with Okta, Inc. Certain third parties are monitored and reassessed on an ongoing basis, depending on their level of risk or in the event of changes to their products or services.
We also take a cross-functional approach to cybersecurity risk management by engaging teams across the business, including security, technical operations, engineering, IT, customer support, legal and communications, to implement shared processes for identifying, assessing and managing key cybersecurity risks.
We also take a cross-functional approach to cybersecurity risk management by engaging teams across the business, including security, technical operations, 42 engineering, IT, customer support, legal and communications, to implement shared processes for identifying, assessing, and managing key cybersecurity risks.
The cybersecurity risk committee receives regular updates from Okta’s chief security officer (the “CSO”) on our cybersecurity program. In addition, management updates the cybersecurity risk committee, as appropriate, regarding cybersecurity incidents. The cybersecurity risk committee reports to the board on its activities.
The cybersecurity risk committee receives regular updates on our cybersecurity program from our chief security officer (the “CSO”). In addition, management updates the cybersecurity risk committee, as appropriate, regarding cybersecurity incidents. Our cybersecurity risk committee reports to the board on its activities.
We design and assess our cybersecurity risk management program against the National Institute of Standards and Technology Cybersecurity Framework (the “NIST Framework”). This does not imply that Okta satisfies any particular specifications or requirements, only that we use the NIST Framework to guide our efforts to improve our security posture.
We design and assess our cybersecurity risk management program against the National Institute of Standards and Technology Cybersecurity Framework (the “NIST Framework”). This does not imply that Okta, Inc.'s cybersecurity risk management program satisfies any particular specifications or requirements, only that we use the NIST Framework to guide our efforts to improve our security posture.
Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security and technical personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our technical environment.
Okta, Inc.'s management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security and technical personnel; threat intelligence and other information obtained from governmental, public or private sources, including third-party consultants engaged by us; and alerts and reports produced by security tools deployed in our technical environment.
In addition to receiving reports from the cybersecurity risk committee, the board periodically receives cyber risk management program briefings directly from the CSO. Additionally, the audit committee of the board receives cybersecurity updates as part of the audit committee’s oversight of Okta’s enterprise risk management program.
In addition to receiving reports from the cybersecurity risk committee, our board periodically receives cyber risk management program briefings directly from the CSO. Additionally, the audit committee of the board (the "audit committee") receives regular cybersecurity updates as part of the audit committee’s oversight over our enterprise risk management program.
Our security team includes individuals with experience across a broad range of cybersecurity areas, including product security; cloud security; infrastructure security; security monitoring and incident response; identity and access management; vulnerability management; and governance, risk and compliance.
The Okta, Inc. security team includes individuals with experience across a broad range of cybersecurity areas, including product security; cloud security; infrastructure security; security monitoring and incident response; identity and access management; vulnerability management; and governance, risk and compliance.
Our management team, including the CSO, is responsible for assessing and managing our risks from cybersecurity threats. The CSO partners with the security, technical operations, legal, internal audit, engineering and product development teams to supervise both our cybersecurity program and our retained external cybersecurity consultants, and to stay informed on Okta’s security and the overall security landscape.
Our management team, including the CSO, is responsible for assessing and managing our risks from cybersecurity threats. The CSO partners with the security, technical operations, legal, internal audit, engineering and product development teams to supervise both our cybersecurity program and our retained third-party cybersecurity consultants, and to stay informed on security at Okta, Inc. and the overall security landscape.
These training sessions advise on how to protect Okta, our information systems and data, as well as our customers’ systems and data. From time to time we may also require supplemental cybersecurity training for certain members of our workforce depending on their job responsibilities. • Third-party risk management .
These training sessions advise on employee responsibilities and relevant policies designed to protect us, our information systems and data, as well as our customers’ systems and data. From time to time we may also require supplemental cybersecurity training for certain members of our workforce depending on their job responsibilities. • Third-party risk management .
We have a management-level risk oversight committee, led by internal audit and security risk management personnel, that meets quarterly with other internal business leaders to review the results of these enterprise-wide and functional team risk assessments and evaluate the adequacy of any proposed mitigation plans. • Incident response planning .
Okta, Inc. has a management-level risk oversight committee, led by internal audit and security risk management personnel, that meets quarterly with other internal business leaders to review the results of these security risk assessments and evaluate the adequacy of any proposed mitigation plans. • Incident response planning .
To date we have not identified any prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.
To date we have not identified any prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Despite our efforts, we cannot eliminate all risks related to cybersecurity threats or incidents.
Item 1C. Cybersecurity Okta, like other companies, is subject to a wide variety of cybersecurity attacks on its systems and networks on an ongoing basis and with increasing sophistication.
Item 1C. Cybersecurity Cybersecurity risk management is an important part of our overall risk management efforts. Okta, Inc., like other companies, is subject to a wide variety of cybersecurity attacks on its systems, networks and data on an ongoing basis and with increasing sophistication.
Our current CSO brings over 20 years of cybersecurity and risk management experience to his work at Okta, having held numerous security leadership positions in highly-regulated industries such as finance.
Our current CSO brings over 20 years of cybersecurity and risk management experience to his work at Okta, Inc., having held numerous security leadership positions in highly-regulated industries such as finance. His experience delivering cybersecurity at scale extends internationally, and includes security and risk management roles at companies in Australia, the United Kingdom and the United States.
Key features of our cybersecurity risk management program include: • Designated security risk team . Our security risk management team is responsible for maintaining Okta’s cybersecurity risk management framework and risk assessments and tracking risk mitigation efforts. This team, together with our enterprise risk management team, monitors and regularly reports on our cybersecurity risk profile.
Our security governance, risk and compliance team is responsible for maintaining Okta, Inc.’s cybersecurity risk management framework and risk assessments, and for tracking risk mitigation efforts. This team, together with our enterprise risk management team, monitors and regularly reports on our cybersecurity risk profile.
Cybersecurity Governance Okta’s board oversees Okta’s enterprise risk management program, of which cybersecurity is a critical component. To facilitate the board’s supervision of cybersecurity matters, the board formed a cybersecurity risk committee. Among other responsibilities, the cybersecurity risk committee oversees Okta's cybersecurity program.
Cybersecurity Governance Our board oversees Okta, Inc.’s enterprise risk management program, of which cybersecurity is an important component. To facilitate the board’s supervision of cybersecurity matters, the board formed the cybersecurity risk committee. Among other responsibilities, the cybersecurity risk committee provides oversight over the effectiveness of Okta, Inc.'s cybersecurity program.
Our internal audit team partners with these teams to provide input on the overall effectiveness of Okta’s security risk governance and management processes. • Risk assessments . We periodically perform enterprise-wide assessments to stay informed about critical security risks. Okta’s functional teams also assess risks associated with their specific activities, with supervision by the security risk management team.
Our internal audit team partners with these teams to provide input on the overall effectiveness of Okta, Inc.’s security risk governance and management processes. • Risk assessments . We periodically perform security risk assessments to stay informed about relevant security risks.
Our cybersecurity risk management program consists of technical and organizational safeguards aimed at protecting the confidentiality of our systems and the Okta platform. From time to time, we engage external consultants and advisors to perform independent assessments and testing of our program, or otherwise assist with aspects of our program and security controls.
From time to time, management will engage external consultants and advisors to perform independent assessments and testing of the cybersecurity risk management program, or otherwise assist with aspects of the program and security controls. Key features of our cybersecurity risk management program include: • Designated security governance, risk and compliance team .
Okta’s cybersecurity incident response plan outlines the processes and procedures for responding to, remediating and resolving a security incident, and defines the roles and responsibilities of Okta personnel in responding to such incidents. • Security awareness training . We require our employees and contractors to complete general cybersecurity awareness training at least annually.
Our cybersecurity incident response plan outlines the processes and procedures for responding to, remediating and resolving a security incident, and defines the roles and responsibilities of company personnel and third-party service providers who may assist in responding to such incidents.
This program implements policies, processes and controls to respond to cybersecurity threats and mitigate business impacts. Okta’s board of directors (the “board”) has delegated to the cybersecurity risk committee of the board (the “cybersecurity risk committee”) oversight responsibility of the cybersecurity risk management program, which includes a cybersecurity incident response plan.
Our board of directors (the “board”) has delegated to the cybersecurity risk committee of the board (the “cybersecurity risk committee”) oversight responsibility of the cybersecurity risk management program, which includes a cybersecurity incident response plan. We devote significant resources, including human and financial capital, to create security measures, configuration policies and response plans to address cybersecurity threats.
There can be no assurance that Okta’s cybersecurity risk management program and processes, including its policies, controls or procedures, will be fully implemented, complied with or effective in protecting its systems and information. Cybersecurity Risk Management and Strategy Cybersecurity is essential for Okta.
There can be no assurance that Okta, Inc.’s cybersecurity risk management program and processes will be fully implemented. Even if implemented, they may not be complied with or may not effectively protect our systems and information or those of our customers. Cybersecurity Risk Management and Strategy Cybersecurity is a top priority for Okta, Inc.
For additional information related to these risks, see “ Risk Factors ” included under Part I, Item 1A of this Annual Report on Form 10-K. In the past we have experienced cybersecurity incidents, and we cannot anticipate when or the extent to which cybersecurity breaches will materially affect Okta or its customers’ use of Okta’s platform in the future.
In the past we have experienced cybersecurity incidents, and cannot anticipate when or the extent to which cybersecurity incidents will materially affect us or our customers’ use of our platforms in the future.
Removed
In addition to threats from traditional computer “hackers,” malicious code (such as malware, viruses, worms and ransomware), employee or contractor theft or misuse, password spraying, phishing and denial-of-service attacks, Okta and its third-party service providers now also face threats from sophisticated nation-state actors and organized crime groups who engage in attacks (including 48 advanced persistent threat intrusions).
Added
Given the evolving cybersecurity threat landscape facing us and our third-party service providers, we remain committed to protecting our systems, internal networks and our customers’ systems, and the information that we and they store and process.
Removed
Okta devotes significant resources, including human and financial capital, to create security measures, configuration policies and response plans to address cybersecurity threats. However, as a well-known provider of identity and security solutions, Okta is a particularly attractive target for such threats.
Added
However, as a well-known provider of identity and security solutions, Okta, Inc. is a particularly attractive target to threat actors. For additional information related to these risks, see “ Risk Factors ” included under Part I, Item 1A of this Annual Report on Form 10-K.
Removed
Functional team risk assessments follow an established framework that includes information-gathering from internal and external sources to identify risks, and evaluating the adequacy of controls to mitigate those risks.
Added
Certain of our Okta Platform product offerings have attained multiple security certifications, the details of which are described in "Our Technology" under Part I, Item I of this Annual Report on Form 10-K. Our cybersecurity risk management program consists of technical and organizational safeguards aimed at protecting the confidentiality of our systems and platforms.
Removed
Prior to joining Okta, the CSO was Senior Vice President and Chief Security Officer at Symantec Corporation, a leading cybersecurity company, where he had global oversight responsibility for all cybersecurity and physical security programs. His experience delivering cybersecurity at scale extends internationally, and includes security and risk management roles at companies in Australia, the United Kingdom and the United States.
Added
Functional teams across the business assess risks associated with their specific activities, following an established framework with supervision by the security governance, risk and compliance team.
Added
In fiscal 2025, we conducted tabletop exercises involving multiple operational teams, as well as an executive preparedness simulation with members of our management team, to educate personnel on their roles in response scenarios. • Security awareness training . We require our employees and contractors to complete general cybersecurity awareness training at least annually.
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
4 edited+0 added−1 removed5 unchanged
Item 5. Market for Registrant's Common Equity
Market for Common Equity — stock, dividends, buybacks
4 edited+0 added−1 removed5 unchanged
2024 filing
2025 filing
Biggest changeWe relied on this exemption from registration based in part on representations made by the holders of the 2023 Notes in the exchange agreements pursuant to which the shares of Class A Common Stock were issued. Issuer Purchases of Equity Securities None. Item 6. [Reserved] 54 OKTA, INC. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
Biggest changeUnregistered Sales of Equity Securities None. Issuer Purchases of Equity Securities None. Item 6. [Reserved] 46 OKTA, INC. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
Any further determination to pay dividends on our capital stock will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors considers relevant. 52 Stock Performance Graph This performance graph shall not be deemed "soliciting material" or to be "filed" with the Securities and Exchange Commission ("SEC") for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Okta, Inc. under the Securities Act of 1933, as amended ("Securities Act") or the Exchange Act.
Any further determination to pay dividends on our capital stock will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors considers relevant. 45 Stock Performance Graph This performance graph shall not be deemed "soliciting material" or to be "filed" with the Securities and Exchange Commission ("SEC") for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Okta, Inc. under the Securities Act of 1933, as amended ("Securities Act") or the Exchange Act.
Our Class B common stock is not listed or traded on any stock exchange. As of February 26, 2024, we had 68 holders of record of our Class A common stock and 17 holders of record of our Class B common stock.
Our Class B common stock is not listed or traded on any stock exchange. As of February 27, 2025, we had 56 holders of record of our Class A common stock and 15 holders of record of our Class B common stock.
Company/Index 1/31/2019 1/31/2020 1/31/2021 1/31/2022 1/31/2023 1/31/2024 Okta $ 100 $ 155 $ 314 $ 240 $ 89 $ 100 S&P 500 Index 100 122 143 176 161 195 S&P 500 Information Technology Index 100 146 200 253 214 320 53 Securities Authorized for Issuance under Equity Compensation Plans The information required by this item with respect to our equity compensation plans is incorporated by reference to our 2024 Annual Report to Stockholders, which includes our Proxy Statement for the 2024 Annual Meeting of Stockholders to be filed with the SEC within 120 days of the fiscal year ended January 31, 2024.
Company/Index 1/31/2020 1/31/2021 1/31/2022 1/31/2023 1/31/2024 1/31/2025 Okta $ 100 $ 202 $ 155 $ 57 $ 65 $ 74 S&P 500 Index 100 117 145 133 160 203 S&P 500 Information Technology Index 100 137 173 146 219 280 Securities Authorized for Issuance under Equity Compensation Plans The information required by this item with respect to our equity compensation plans is incorporated by reference to our 2025 Annual Report to Stockholders, which includes our Proxy Statement for the 2025 Annual Meeting of Stockholders to be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Removed
Unregistered Sales of Equity Securities In connection with conversions of certain convertible notes due in 2023 ("2023 Notes") during the fiscal year ended January 31, 2024, we issued 81 shares of our Class A common stock. These issuances were made in reliance on the exemption from registration provided by Section 4(a)(2) of the Securities Act.
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
85 edited+12 added−6 removed53 unchanged
Item 7. Management's Discussion & Analysis
Management's Discussion & Analysis (MD&A) — revenue / margin commentary
85 edited+12 added−6 removed53 unchanged
2024 filing
2025 filing
Biggest changeMANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Results of Operations The following table sets forth our results of operations for the periods presented: Year Ended January 31, 2024 2023 2022 (dollars in millions) Revenue Subscription $ 2,205 $ 1,794 $ 1,249 Professional services and other 58 64 51 Total revenue 2,263 1,858 1,300 Cost of revenue Subscription (1) 502 464 329 Professional services and other (1) 79 82 67 Total cost of revenue 581 546 396 Gross profit 1,682 1,312 904 Operating expenses Research and development (1) 656 620 469 Sales and marketing (1) 1,036 1,066 771 General and administrative (1) 450 409 432 Restructuring and other charges 56 29 — Total operating expenses 2,198 2,124 1,672 Operating loss (516) (812) (768) Interest expense (8) (11) (91) Interest income and other, net 81 22 9 Gain on early extinguishment of debt 106 — — Interest and other, net 179 11 (82) Loss before provision for (benefit from) income taxes (337) (801) (850) Provision for (benefit from) income taxes 18 14 (2) Net loss $ (355) $ (815) $ (848) (1) Includes stock-based compensation expense as follows: Year Ended January 31, 2024 2023 2022 (dollars in millions) Cost of subscription revenue $ 75 $ 69 $ 49 Cost of professional services and other revenue 15 14 12 Research and development 277 275 193 Sales and marketing 156 159 136 General and administrative 161 160 176 Total stock-based compensation expense $ 684 $ 677 $ 566 59 OKTA, INC.
Biggest changeMANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Results of Operations The following table sets forth our results of operations for the periods presented: Year Ended January 31, 2025 2024 2023 (dollars in millions) Revenue Subscription $ 2,556 $ 2,205 $ 1,794 Professional services and other 54 58 64 Total revenue 2,610 2,263 1,858 Cost of revenue Subscription (1) 549 502 464 Professional services and other (1) 69 79 82 Total cost of revenue 618 581 546 Gross profit 1,992 1,682 1,312 Operating expenses Research and development (1) 642 656 620 Sales and marketing (1) 965 1,036 1,066 General and administrative (1) 448 450 409 Restructuring and other charges 11 56 29 Total operating expenses 2,066 2,198 2,124 Operating loss (74) (516) (812) Interest expense (5) (8) (11) Interest income and other, net 106 81 22 Gain on early extinguishment of debt 19 106 — Interest and other, net 120 179 11 Income (loss) before provision for income taxes 46 (337) (801) Provision for income taxes 18 18 14 Net income (loss) $ 28 $ (355) $ (815) (1) Includes stock-based compensation expense as follows: Year Ended January 31, 2025 2024 2023 (dollars in millions) Cost of subscription revenue $ 82 $ 75 $ 69 Cost of professional services and other revenue 12 15 14 Research and development 216 277 275 Sales and marketing 131 156 159 General and administrative 124 161 160 Total stock-based compensation expense $ 565 $ 684 $ 677 51 OKTA, INC.
The decrease in sales and marketing expenses as a percentage of total revenue was primarily driven by improved spend efficiency. We expect our sales and marketing expenses will continue to be our largest operating expense category for the foreseeable future. We expect sales and marketing expenses as a percentage of total revenue to decrease as our total revenue grows.
The decrease in sales and marketing as a percentage of total revenue was primarily driven by improved spend efficiency. We expect our sales and marketing expenses will continue to be our largest operating expense category for the foreseeable future. We expect sales and marketing expenses as a percentage of total revenue to decrease as our total revenue grows.
We intend to continue to invest additional resources in our platform infrastructure, our platform support organizations and security posture. We will continue to invest in technology innovation and we anticipate that costs qualifying for capitalization of internal-use software costs and related amortization may fluctuate over time.
We intend to continue to invest additional resources in our platform infrastructure, our platforms support organizations and security posture. We will continue to invest in technology innovation and we anticipate that costs qualifying for capitalization of internal-use software costs and related amortization may fluctuate over time.
The transaction price of the contract is allocated to the separate performance obligations on a relative standalone selling price basis. Evaluating customer contracts with multiple performance obligations and complex terms may require significant judgment in identifying the distinct performance obligations.
The transaction price of the contract is allocated to the separate performance obligations on a relative standalone selling price ("SSP") basis. Evaluating customer contracts with multiple performance obligations and complex terms may require significant judgment in identifying the distinct performance obligations.
As we continue to monitor the direct and indirect impacts of these circumstances, the broader implications of these macroeconomic events on our business, results of operations and overall financial position remain uncertain.
As we continue to monitor the direct and indirect impacts of these circumstances, the broader implications of these macroeconomic and political events on our business, results of operations and overall financial position remain uncertain.
Future growth may be impacted by longer sales cycles, which we have experienced, which in turn, could result in delays in deals closing, creating near-term headwinds for cash flow, remaining performance obligations (“RPO”) and billings growth as well as potential future impacts on revenue growth and other key metrics on a trailing basis. 55 OKTA, INC.
Future growth may be impacted by longer sales cycles, which we have experienced, which in turn, could result in delays in deals closing, creating near-term headwinds for cash flow, remaining performance obligations (“RPO”) and billings growth as well as potential future impacts on revenue growth and other key metrics on a trailing basis. 47 OKTA, INC.
We also partner with leading application, IT infrastructure and security vendors through our Okta Integration Network. As of January 31, 2024, we had over 7,000 integrations with these cloud, mobile and web applications and IT infrastructure and security vendors. We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings.
We also partner with leading application, IT infrastructure and security vendors through our Okta Integration Network. As of January 31, 2025, we had over 7,000 integrations with these cloud, mobile and web applications and IT infrastructure and security vendors. We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings.
Our future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, billing frequency, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the expansion of our international operations, the introduction of new and enhanced product offerings, and the continuing market adoption of our platform.
Our future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, billing frequency, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the expansion of our international operations, the introduction of new and enhanced product offerings, and the continuing market adoption of our platforms.
Professional services revenue includes fees from assisting customers in implementing and optimizing the use of our products. These services include application configuration, system integration and training services. We generally invoice customers as the work is performed for time-and-materials arrangements, and up front for fixed fee arrangements. Professional services revenue is recognized as the services are performed.
Professional services revenue includes fees from assisting customers in implementing and optimizing the use of our solutions. These services include application configuration, system integration and training services. We generally invoice customers as the work is performed for time-and-materials arrangements, and up front for fixed fee arrangements. Professional services revenue is recognized as the services are performed.
Effective the first quarter of fiscal 2025, we intend to satisfy employee payroll tax withholding due upon the vesting of share-based compensation awards with our own funds under the "net share settlement" approach. Previously, payroll tax withholding was satisfied via the sale of shares of our common stock in the open market.
Effective the first quarter of fiscal 2025, we satisfy employee payroll tax withholding due upon the vesting of share-based compensation awards with our own funds under the "net share settlement" approach. Previously, payroll tax withholding was satisfied via the sale of shares of our common stock in the open market.
These expenses include employee-related costs associated with our cloud-based infrastructure and our customer support organization, third-party hosting fees, software and maintenance costs, outside services associated with the delivery of our subscription services, amortization expense associated with capitalized internal-use software and acquired developed technology and allocated overhead.
These expenses include employee-related costs associated with our cloud-based infrastructure, our product security organization and our customer support organization, third-party hosting fees, software and maintenance costs, outside services associated with the delivery of our subscription services, amortization expense associated with capitalized internal-use software and acquired developed technology and allocated overhead.
We sell our product offerings directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including resellers, system integrators and other distribution partners. Our subscription fees include the use of our service and our technical support and management of our platform.
We sell our product offerings directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including resellers, system integrators and other distribution partners. Our subscription fees include the use of our service and our technical support and management of our platforms.
Our Dollar-Based Net Retention Rate measures our ability to increase revenue across our existing customer base through expansion of users and products associated with a customer as offset by churn and contraction in the number of users and/or products associated with a customer.
Our Dollar-Based Net Retention Rate measures our ability to increase revenue across our existing customer base through expansion of users and solutions associated with a customer as offset by churn and contraction in the number of users and/or solutions associated with a customer.
Given the growth trends in the number of applications and cloud adoption and the movement to remote and hybrid workforces, identity is becoming the most critical layer of an organization’s security.
Given the growth trends in cloud adoption and the number of applications customers use and the movement to remote and hybrid workforces, identity is becoming the most critical layer of an organization’s security.
Research and development expenses consist primarily of employee compensation costs and allocated overhead. We believe that continued investment in our platform is important for our growth. Sales and Marketing.
Research and development expenses consist primarily of employee compensation costs and allocated overhead. We believe that continued investment in our platforms is important for our growth. Sales and Marketing.
Every day, thousands of organizations and millions of people use Okta to securely access a wide range of cloud, mobile, web and Software-as-a-Service ("SaaS") applications, on-premises servers, application programming interfaces, IT infrastructure providers and services from a multitude of devices.
Every day, thousands of organizations and millions of people use our platforms to securely access a wide range of cloud, mobile, web and Software-as-a-Service ("SaaS") applications, on-premises servers, application programming interfaces, IT infrastructure providers and services from a multitude of devices.
A discussion regarding our financial condition and results of operations for fiscal 2023 compared to fiscal 2022 can be found under Item 7 in our Annual Report on Form 10-K for fiscal 2023, filed with the SEC on March 3, 2023, which is available free of charge on the SEC’s website at www.sec.gov and our Investor Relations website at investor.okta.com.
A discussion regarding our financial condition and results of operations for fiscal 2024 compared to fiscal 2023 can be found under Item 7 in our Annual Report on Form 10-K for fiscal 2024, filed with the SEC on March 1, 2024, which is available free of charge on the SEC’s website at www.sec.gov and our Investor Relations website at investor.okta.com.
We expect this trend to continue as larger enterprises recognize the value of our platform and replace their legacy identity access management infrastructure.
We expect this trend to continue as larger enterprises recognize the value of our platforms and replace their legacy identity access management infrastructure.
The decrease in our Dollar-Based Net Retention Rate as of January 31, 2024, compared to January 31, 2023, was primarily a result of the macroeconomic environment, with ACV from existing customers increasing at a slower rate in the current period.
The decrease in our Dollar-Based Net Retention Rate as of January 31, 2025, compared to January 31, 2024, was primarily a result of the macroeconomic environment, with overall ACV from existing customers increasing at a slower rate in the current period.
We believe we can achieve these goals by focusing on delivering value and functionality that enables us to both retain our existing customers and expand the number of users and products used within an existing customer. We assess our performance in this area by measuring our Dollar-Based Net Retention Rate.
We believe we can achieve these goals by focusing on delivering value and functionality that enables us to both retain our existing customers and expand the number of users and solutions used within an existing customer. One way that we assess our performance in this area by measuring our Dollar-Based Net Retention Rate.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) A discussion regarding our financial condition and results of operations for fiscal 2024 compared to fiscal 2023 is presented below.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) A discussion regarding our financial condition and results of operations for fiscal 2025 compared to fiscal 2024 is presented below.
Under this method, deferred tax assets and liabilities are recognized for the expected future tax consequences of temporary differences between the financial reporting and tax basis of assets and liabilities, as well as for operating loss and tax credit carryforwards. 66 OKTA, INC.
Under this method, deferred tax assets and liabilities are recognized for the expected future tax consequences of temporary differences between the financial reporting and tax basis of assets and liabilities, as well as for operating loss and tax credit carryforwards.
Subscription revenue primarily consists of fees for access to and usage of our cloud-based platform and related support. Subscription revenue is driven primarily by the number of customers, the number of users per customer and the products used. We typically invoice customers in advance in annual installments for subscriptions to our platform. Professional Services and Other .
Subscription revenue primarily consists of fees for access to and usage of our cloud-based platforms and related support. Subscription revenue is driven primarily by the number of customers, the number of users per customer and the solutions used. We typically invoice customers in advance in annual installments for subscriptions to our platforms. Professional Services and Other .
Our accumulated deficit as of January 31, 2024 was $2,830 million. Key Business Metrics We review a number of operating and financial metrics, including the following key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans, and make strategic decisions.
Our accumulated deficit as of January 31, 2025 was $2,802 million. Key Business Metrics We review a number of operating and financial metrics, including the following key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans, and make strategic decisions.
(2) See Note 9 to our consolidated financial statements "Leases" for additional information. (3) Purchase obligations primarily relate to data center hosting facilities, and other sales and marketing obligations.
(2) See Note 9 to our consolidated financial statements "Leases" for additional information. (3) Purchase obligations primarily relate to data center hosting facilities, and other sales and marketing obligations. 58 OKTA, INC.
For fiscal 2024, the decrease in professional services and other revenue was due to lower bookings associated with professional services.
For fiscal 2025, the decrease in professional services and other revenue was due to lower bookings associated with professional services.
Indemnification Agreements In the ordinary course of business, we enter into agreements of varying scope and terms pursuant to which we agree to indemnify customers, vendors, lessors, business partners and other parties with respect to certain matters, including, but not limited to, losses arising out of the breach of such agreements, services to be provided by us or from intellectual property infringement claims made by third parties.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Indemnification Agreements In the ordinary course of business, we enter into agreements of varying scope and terms pursuant to which we agree to indemnify customers, vendors, lessors, business partners and other parties with respect to certain matters, including, but not limited to, losses arising out of the breach of such agreements, services to be provided by us or from intellectual property infringement claims made by third parties.
We define a customer as a separate and distinct buying entity, such as a company, an educational or government institution, or a distinct business unit of a large company that has an active contract with us or one of our partners to access our platform.
We define a customer as a separate and distinct buying entity, such as a company, an educational or government institution, or a distinct business unit of a large company that has an active contract with us or one of our partners to access our platforms. 48 OKTA, INC.
Overhead Allocation and Employee Compensation Costs We allocate shared costs, such as facilities costs (including rent, utilities and depreciation on assets shared by all departments), certain information technology costs and recruiting costs to all departments based on headcount. As such, allocated shared costs are reflected in each of the cost of revenue and operating expense categories.
Overhead Allocation and Employee Compensation Costs We allocate shared costs, such as facilities costs (including rent, utilities and depreciation on assets shared by all departments), certain information technology costs, security costs and recruiting costs to all departments based on headcount. As such, allocated shared costs are reflected in each of the cost of revenue and operating 49 OKTA, INC.
Our strong Dollar-Based Net Retention Rate is primarily attributable to gross retention, an expansion of users and upselling additional products within our existing customers. Larger enterprises often implement a limited initial deployment of our platform before increasing their deployment on a broader scale.
Our Dollar-Based Net Retention Rate is primarily attributable to our healthy gross retention, an expansion of users and upselling additional solutions within our existing customers. Larger enterprises often implement a limited initial deployment of our platforms before increasing their deployment on a broader scale.
We refer to accounting estimates of this type as critical accounting estimates, which we discuss below. Income Taxes Income taxes are accounted for in accordance with the liability method.
We refer to accounting estimates of this type as critical accounting estimates, which we discuss below. Income Taxes Income taxes are accounted for using the liability method.
Recent Accounting Pronouncements See Note 2 to our consolidated financial statements “Summary of Significant Accounting Policies — Recent Accounting Pronouncements Not Yet Adopted" for more information. 68
Recent Accounting Pronouncements See Note 2 to our consolidated financial statements “Summary of Significant Accounting Policies — Accounting Pronouncements Recently Adopted and Recent Accounting Pronouncements Not Yet Adopted" for more information. 61
As of January 31, 2024, more than 18,950 customers across nearly every industry used Okta to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises, to small and medium-sized businesses, universities, non-profits and government agencies.
As of January 31, 2025, more than 19,650 customers across nearly every industry used our solutions to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises, to small and medium-sized businesses, universities, non-profits and government agencies.
We base subscription fees primarily on the products used and the number of users on our platform. We typically invoice customers in advance in annual installments for subscriptions to our platform. Our revenue is relatively predictable as a result of our subscription-based business model, which constituted approximately 97% of total revenue for fiscal 2024.
We base subscription fees primarily on the solutions used and the number of users on our platforms. We typically invoice customers in advance in annual installments for subscriptions to our platforms. Our revenue is relatively predictable as a result of our subscription-based business model, which constituted approximately 98% of total revenue for fiscal 2025.
Impact of Current Economic Conditions Worldwide economic uncertainties and negative trends, including financial and credit market fluctuations, uncertainty in the banking sector, rising interest rates, inflation and other impacts from the macroeconomic environment have, and could continue to, adversely affect our business operations or financial results.
Impact of Current Economic Conditions Worldwide economic and political uncertainties and negative trends, including financial and credit market fluctuations, tariffs and increasing trade protectionism, changes in government spending levels, uncertainty in the banking sector, rising interest rates, inflation and other impacts from the macroeconomic environment have, and could continue to, adversely affect our business operations or financial results.
As of January 31, 2024 2023 2022 (dollars in millions) Number of customers 18,950 17,600 15,000 Customers with annual contract value ("ACV") above $100,000 4,485 3,930 3,100 Dollar-based net retention rate for the trailing 12 months ended 111 % 120 % 124 % Current remaining performance obligations $ 1,952 $ 1,684 $ 1,351 Remaining performance obligations $ 3,385 $ 3,007 $ 2,694 Total Customers and Number of Customers with Annual Contract Value Above $100,000 As of January 31, 2024, we had over 18,950 customers on our platform.
As of January 31, 2025 2024 2023 (dollars in millions) Number of total customers 19,650 18,950 17,600 Customers with annual contract value ("ACV") above $100,000 4,800 4,485 3,930 Dollar-based net retention rate for the trailing 12 months ended 107 % 111 % 120 % Current remaining performance obligations $ 2,248 $ 1,952 $ 1,684 Remaining performance obligations $ 4,215 $ 3,385 $ 3,007 Total Customers and Number of Customers with Annual Contract Value Above $100,000 As of January 31, 2025, we had over 19,650 customers on our platforms.
Provision for (Benefit from) Income Taxes Our provision for (benefit from) income taxes consists of federal and state income taxes in the United States and income taxes in certain foreign jurisdictions where we operate.
Provision for Income Taxes Our provision for income taxes consists of federal and state income taxes in the United States and income taxes in certain foreign jurisdictions where we operate. 50 OKTA, INC.
As of January 31, 2024, we had deferred revenue of $1,511 million, of which $1,488 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met.
As of January 31, 2025, we had deferred revenue of $1,718 million, of which $1,691 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met. 57 OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) The following table sets forth our results of operations for the periods presented as a percentage of our total revenue: Year Ended January 31, 2024 2023 2022 Revenue Subscription 97 % 97 % 96 % Professional services and other 3 3 4 Total revenue 100 100 100 Cost of revenue Subscription 22 25 25 Professional services and other 4 4 5 Total cost of revenue 26 29 30 Gross profit 74 71 70 Operating expenses Research and development 29 33 36 Sales and marketing 46 58 59 General and administrative 20 22 34 Restructuring and other charges 2 2 — Total operating expenses 97 115 129 Operating loss (23) (44) (59) Interest expense — (1) (7) Interest income and other, net 4 2 1 Gain on early extinguishment of debt 4 — — Interest and other, net 8 1 (6) Loss before provision for (benefit from) income taxes (15) (43) (65) Provision for (benefit from) income taxes 1 1 — Net loss (16) % (44) % (65) % 60 OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) The following table sets forth our results of operations for the periods presented as a percentage of our total revenue: Year Ended January 31, 2025 2024 2023 Revenue Subscription 98 % 97 % 97 % Professional services and other 2 3 3 Total revenue 100 100 100 Cost of revenue Subscription 21 22 25 Professional services and other 3 4 4 Total cost of revenue 24 26 29 Gross profit 76 74 71 Operating expenses Research and development 25 29 33 Sales and marketing 37 46 58 General and administrative 17 20 22 Restructuring and other charges — 2 2 Total operating expenses 79 97 115 Operating loss (3) (23) (44) Interest expense — — (1) Interest income and other, net 4 4 2 Gain on early extinguishment of debt 1 4 — Interest and other, net 5 8 1 Income (loss) before provision for income taxes 2 (15) (43) Provision for income taxes 1 1 1 Net income (loss) 1 % (16) % (44) % 52 OKTA, INC.
Business Combinations When we acquire a business, the purchase price is allocated to the acquired assets, including separately identifiable intangible assets, and assumed liabilities at their respective estimated fair values. Any residual purchase price is recorded as goodwill.
Business Combinations When we acquire a business, the purchase price is allocated to the acquired assets, including separately identifiable intangible assets, and assumed liabilities at their respective estimated fair values. Any residual purchase price is recorded as goodwill. The allocation of the purchase price requires management to make significant 59 OKTA, INC.
References to fiscal 2024, for example, refer to the fiscal year ended January 31, 2024. Overview Okta is the leading independent identity partner. Our Workforce Identity Cloud and Customer Identity Cloud, powered by Auth0, enable our customers to securely connect the right people to the right technologies and services at the right time.
References to fiscal 2025, for example, refer to the fiscal year ended January 31, 2025. Overview Okta, Inc. is the leading independent identity partner. Our Okta Platform and Auth0 Platform, enable our customers to securely connect the right people to the right technologies and services at the right time.
For fiscal 2023, income tax expense resulted primarily from income from profitable foreign jurisdictions, the tax impact of shortfalls from stock-based compensation in the United Kingdom, and state taxes.
For fiscal 2024, income tax expense resulted primarily from income in profitable foreign jurisdictions, federal and state taxes resulting from tax attribution utilization limitations, and the tax impact of shortfalls from stock-based compensation in the United Kingdom.
A description of our revenue recognition policies is included in Note 2 to our consolidated financial statements "Summary of Significant Accounting Policies." Our contracts with customers often contain multiple performance obligations. For these contracts, we account for individual performance obligations separately if they are distinct.
A description of our revenue recognition policies is included in Note 2 to our consolidated financial statements "Summary of Significant Accounting Policies." 60 OKTA, INC. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Our contracts with customers often contain multiple performance obligations. For these contracts, we account for individual performance obligations separately if they are distinct.
Sales and marketing expenses consist primarily of employee compensation costs, costs of general marketing and promotional activities, travel-related expenses, amortization expense associated with acquired customer relationships (including unbilled and unrecognized contracts yet to be fulfilled) and trade names and allocated overhead.
Sales and marketing expenses consist primarily of employee compensation costs, costs of general marketing and promotional activities, travel-related expenses, amortization expense associated with acquired customer relationships and trade names and allocated overhead.
Cash Flows The following table summarizes our cash flows for the periods indicated: Year Ended January 31, 2024 2023 2022 (dollars in millions) Net cash provided by operating activities $ 512 $ 86 $ 104 Net cash provided by (used in) investing activities 441 (130) (367) Net cash provided by (used in) financing activities (883) 48 89 Effects of changes in foreign currency exchange rates on cash, cash equivalents and restricted cash 1 (6) (2) Net increase (decrease) in cash, cash equivalents and restricted cash $ 71 $ (2) $ (176) Operating Activities Our largest source of operating cash is cash collections from our customers for subscription and professional services.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Cash Flows The following table summarizes our cash flows for the periods indicated: Year Ended January 31, 2025 2024 2023 (dollars in millions) Net cash provided by operating activities $ 750 $ 512 $ 86 Net cash provided by (used in) investing activities (314) 441 (130) Net cash provided by (used in) financing activities (359) (883) 48 Effects of changes in foreign currency exchange rates on cash, cash equivalents and restricted cash (4) 1 (6) Net increase (decrease) in cash, cash equivalents and restricted cash $ 73 $ 71 $ (2) Operating Activities Our largest source of operating cash is cash collections from our customers for subscription and professional services.
For fiscal 2024, 2023 and 2022, our revenue was $2,263 million, $1,858 million and $1,300 million, respectively, representing a growth rate of 22% and 43% in fiscal 2024 and 2023, respectively. For fiscal 2024, 2023 and 2022, we generated net losses of $355 million, $815 million and $848 million, respectively.
For fiscal 2025, 2024 and 2023, our revenue was $2,610 million, $2,263 million and $1,858 million, respectively, representing a growth rate of 15% and 22% in fiscal 2025 and 2024, respectively. For fiscal 2025, we generated net income of $28 million, and for fiscal 2024 and 2023, we generated net losses of $355 million and $815 million, respectively.
Employees and contractors sign into the Workforce Identity Cloud to seamlessly and securely access the applications they need to do their most important work. Organizations use our platform to collaborate with their partners and to provide their customers with more modern and secure experiences in the cloud and via mobile devices.
Employees and contractors sign into the Okta Platform to seamlessly and securely access the applications they need to do their most important work with more modern and secure experiences in the cloud and via mobile devices.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Deferred tax assets and liabilities are measured using enacted tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled.
Deferred tax assets and liabilities are measured using enacted tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled.
Provision for Income Taxes Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Provision for income taxes $ 18 $ 14 $ 4 31 % For fiscal 2024, income tax expense resulted primarily from income in profitable foreign jurisdictions, federal and state taxes resulting from tax attribution utilization limitations, and the tax impact of shortfalls from stock-based compensation in the United Kingdom.
Provision for Income Taxes Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Provision for income taxes $ 18 $ 18 $ — — % For fiscal 2025, income tax expense resulted primarily from income in profitable foreign jurisdictions, federal and state taxes resulting from limitations on tax attribute utilization, offset by the impact of tax windfalls from stock-based compensation in the United States.
Employee compensation costs reflected in each of the cost of revenue and operating expense categories include salaries, bonuses, compensation related taxes, benefits and stock-based compensation. Additionally included in the sales and marketing expense category are sales commissions and related taxes. 57 OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) expense categories. Employee compensation costs reflected in each of the cost of revenue and operating expense categories include salaries, bonuses, compensation related taxes, benefits and stock-based compensation. Additionally included in the sales and marketing expense category are sales commissions and related taxes.
Developers leverage our Customer Identity Cloud and Workforce Identity Cloud to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core missions.
Developers leverage our Okta Platform and Auth0 Platform to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core mission.
These restrictions take credit quality, liquidity and diversification into consideration among other criteria. We continue to monitor the impacts of this situation; however, there can be no assurances that conditions in the banking sector and in global financial markets will not worsen and/or adversely affect us.
We continue to monitor the impacts of this situation; however, there can be no assurances that conditions in the banking sector and in global financial markets will not worsen and/or adversely affect us.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Dollar-Based Net Retention Rate Part of our ability to generate revenue is dependent upon our ability to maintain our relationships with our customers and to increase their utilization of our platform.
Dollar-Based Net Retention Rate Part of our ability to generate revenue is dependent upon our ability to maintain our relationships with our customers and to increase their utilization of our platforms.
See Note 16 to our consolidated financial statements "Subsequent Events" for additional information. We believe our existing cash and cash equivalents, our investments and cash provided by sales of our products and services will be sufficient to meet our short-term and long-term projected working capital and capital expenditure needs for the foreseeable future.
We believe our existing cash and cash equivalents, our investments and cash provided by sales of our solutions will be sufficient to meet our short-term and long-term projected working capital and capital expenditure needs for the foreseeable future.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Cost of Revenue and Gross Margin Cost of Subscription . Cost of subscription primarily consists of expenses related to hosting our services and providing support.
Cost of Revenue and Gross Margin Cost of Subscription . Cost of subscription primarily consists of expenses related to hosting our services and providing support.
Interest and Other, Net Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Interest expense $ (8) $ (11) $ 3 (25) % Interest income and other, net 81 22 59 265 Gain on early extinguishment of debt 106 — 106 — Interest and other, net $ 179 $ 11 $ 168 1,571 % For fiscal 2024, the change in interest and other, net was primarily due to the gain on early extinguishment of debt related to repurchases of convertible senior notes and an increase in interest income from our short-term investments.
Interest and Other, Net Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Interest expense $ (5) $ (8) $ 3 (30) % Interest income and other, net 106 81 25 31 Gain on early extinguishment of debt 19 106 (87) (82) Interest and other, net $ 120 $ 179 $ (59) (33) % For fiscal 2025, interest and other, net decreased primarily due to a decrease in gains on early extinguishment of debt related to repurchases of the convertible senior notes offset by an increase in interest income from our short-term investments.
We focus on acquiring and retaining our customers and increasing the value we provide to our customers over time, and thus their spending with us through expanding the number of users who access our Workforce Identity Cloud and Customer Identity Cloud and up-selling additional product offerings.
We focus on attracting and retaining our customers and increasing the value we provide to them over time. By retaining customers and increasing value, we increase their spending with us through expanding the number of users who access our Okta Platform and Auth0 Platform, and by selling additional product offerings.
Our primary uses of cash from operating activities are for employee-related expenditures, marketing expenses and third-party hosting costs. During fiscal 2024, cash provided by operating activities was $512 million, an increase of $426 million compared to fiscal 2023.
Our primary uses of cash from operating activities are for employee-related expenditures, marketing expenses and third-party hosting costs. During fiscal 2025, cash provided by operating activities was $750 million, an increase of $238 million compared to fiscal 2024. The increase was primarily attributable to an increase in cash received from customers and improved spend efficiency.
Material Cash Requirements Contractual Obligations The following table represents the Company’s known short-term (i.e., the next twelve months) and long-term (i.e., beyond the next twelve months) obligations as of January 31, 2024: Short-term Long-term Total (dollars in millions) Convertible Senior Notes: (1) Principal payments $ — $ 1,160 $ 1,160 Interest payments 3 4 7 Operating leases (2) 37 124 161 Purchase obligations (3) 262 240 502 Total contractual obligations $ 302 $ 1,528 $ 1,830 (1) See Note 8 to our consolidated financial statements "Convertible Senior Notes, Net" for additional information.
Material Cash Requirements Contractual Obligations The following table represents the Company’s known short-term (i.e., the next twelve months) and long-term (i.e., beyond the next twelve months) obligations as of January 31, 2025: Short-term Long-term Total (dollars in millions) Convertible Senior Notes: (1) Principal payments $ 510 $ 350 $ 860 Interest payments 2 1 3 Operating leases (2) 34 102 136 Purchase obligations (3) 336 210 546 Total contractual obligations $ 882 $ 663 $ 1,545 (1) See Note 8 to our consolidated financial statements "Convertible Senior Notes, Net" for additional information.
The interest rate on the 2025 Notes is fixed at 0.125% per year and is payable semi-annually in arrears on March 1 and September 1 of each year, beginning on March 1, 2020.
In September 2019, we completed our private offering of the 2025 Notes due on September 1, 2025 and received aggregate gross proceeds of $1,060 million. The interest rate on the 2025 Notes is fixed at 0.125% per year and is payable semi-annually in arrears on March 1 and September 1 of each year, beginning on March 1, 2020.
The interest rate on the 2026 Notes is fixed at 0.375% per year and is payable semi-annually in arrears on June 15 and December 15 of each year, beginning on December 15, 2020.
In June 2020, we completed our private offering of the 2026 Notes due on June 15, 2026 and received aggregate gross proceeds of $1,150 million. The interest rate on the 2026 Notes is fixed at 0.375% per year and is payable semi-annually in arrears on June 15 and December 15 of each year, beginning on December 15, 2020.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Our gross margin for professional services and other revenue decreased to (36)% during fiscal 2024 from (27)% during fiscal 2023 primarily due to a decrease in professional services and other revenue.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Our gross margin for professional services and other revenue improved to (29)% during fiscal 2025 from (36)% during fiscal 2024 primarily due to improved spend efficiency resulting in lower relative cost of professional services and other.
Comparison of the Years Ended January 31, 2024 and 2023 Revenue Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Revenue: Subscription $ 2,205 $ 1,794 $ 411 23 % Professional services and other 58 64 (6) (10) Total revenue $ 2,263 $ 1,858 $ 405 22 % Percentage of revenue: Subscription 97 % 97 % Professional services and other 3 3 Total 100 % 100 % For fiscal 2024, the increase in subscription revenue was primarily due to the addition of new customers, an increase in users and sales of additional products to existing customers.
Comparison of the Years Ended January 31, 2025 and 2024 Revenue Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Revenue: Subscription $ 2,556 $ 2,205 $ 351 16 % Professional services and other 54 58 (4) (7) Total revenue $ 2,610 $ 2,263 $ 347 15 % Percentage of revenue: Subscription 98 % 97 % Professional services and other 2 3 Total 100 % 100 % For fiscal 2025, the increase in subscription revenue was primarily due to an increase in users and sales of additional solutions to existing customers and the addition of new customers.
We expect general and administrative expenses as a percentage of total revenue to decrease as our total revenue grows. 62 OKTA, INC.
The decrease in general and administrative as a percentage of total revenue was primarily driven by improved spend efficiency. We expect general and administrative expenses as a percentage of total revenue to decrease as our total revenue grows. 54 OKTA, INC.
The objective of the measurement period is to provide a reasonable period of time to obtain the information necessary to complete all aspects of business combination accounting with a high level of confidence. During the measurement period, which may be up to one year from the acquisition date, adjustments to the reported 67 OKTA, INC.
The objective of the measurement period is to provide a reasonable period of time to obtain the information necessary to complete all aspects of business combination accounting with a high level of confidence.
Certain jurisdictions in which we operate have enacted Pillar Two legislation, with other countries considering changes to their tax laws to adopt the OECD's proposals. The enactment of Pillar Two legislation is not expected to have a material adverse effect in fiscal 2025, on our effective tax rate, financial position, results of operations and cash flows.
Certain jurisdictions in which we operate have enacted Pillar Two legislation, with other countries considering changes to their tax laws to adopt the OECD's proposals. The enactment of Pillar Two legislation is not expected to 55 OKTA, INC.
For purposes of determining our customer count, we do not include customers that use our platform under self-service arrangements only. 56 OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) For purposes of determining our customer count, we do not include customers that use our platforms under self-service arrangements only.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Liquidity and Capital Resources As of January 31, 2024, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $2,202 million, which were held for working capital and general corporate purposes, including potential future acquisition activity.
Liquidity and Capital Resources As of January 31, 2025, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $2,523 million, which were held for working capital and general corporate purposes, including potential future acquisition activity. Our cash equivalents and investments consisted primarily of U.S. treasury securities, money market funds, corporate debt securities and certificates of deposit.
In connection with the 2025 Notes, we used a portion of the proceeds to enter into capped call transactions ("2025 Capped Calls") with respect to our Class A common stock. In June 2020, we completed our private offering of the 2026 convertible senior notes ("2026 Notes") due on June 15, 2026 and received aggregate gross proceeds of $1,150 million.
In connection with the 2025 Notes, we used a portion of the proceeds to enter into capped call transactions ("2025 Capped Calls") with respect to our Class A common stock.
Recent macroeconomic events, including rising interest rates, global inflation and bank failures, have led to further economic uncertainty in the global economy. To mitigate risk, our cash and cash equivalents are distributed across large financial institutions. In addition, we have policy restrictions in place on the types of securities that can be purchased as part of our available-for-sale securities portfolio.
To mitigate risk, our cash and cash equivalents are distributed across large financial institutions. In addition, we have policy restrictions in place on the types of securities that can be purchased as part of our available-for-sale securities portfolio. These restrictions take credit quality, liquidity and diversification into consideration among other criteria.
The allocation of the purchase price requires management to make significant estimates in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) estimates in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets.
The increase in revenue was attributable to a 8% increase in total customers, from over 17,600 as of January 31, 2023, to over 18,950 as of January 31, 2024, and revenue from existing customers as reflected in our Dollar-Based Net Retention Rate of 111% as of January 31, 2024.
The increase in revenue was attributable to increased revenue from existing customers as reflected in our Dollar-Based Net Retention Rate of 107% as of January 31, 2025 and an increase in the number of customers as detailed in our Key Business Metrics.
Cost of Revenue, Gross Profit and Gross Margin Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Cost of revenue: Subscription $ 502 $ 464 $ 38 8 % Professional services and other 79 82 (3) (4) Total cost of revenue $ 581 $ 546 $ 35 6 % Gross profit $ 1,682 $ 1,312 $ 370 28 % Gross margin: Subscription 77 % 74 % Professional services and other (36) (27) Total gross margin 74 % 71 % For fiscal 2024, cost of subscription revenue increased primarily due to an increase of $22 million in employee compensation costs, an increase of $7 million in software costs and an increase of $5 million in third-party hosting costs as we expanded capacity to support our growth.
Cost of Revenue, Gross Profit and Gross Margin Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Cost of revenue: Subscription $ 549 $ 502 $ 47 9 % Professional services and other 69 79 (10) (12) Total cost of revenue $ 618 $ 581 $ 37 6 % Gross profit $ 1,992 $ 1,682 $ 310 18 % Gross margin: Subscription 79 % 77 % Professional services and other (29) (36) Total gross margin 76 % 74 % For fiscal 2025, cost of subscription revenue increased primarily due to an increase of $15 million in labor costs and an increase in stock-based compensation of $7 million as we expanded our headcount.
Sales and Marketing Expenses Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Sales and marketing $ 1,036 $ 1,066 $ (30) (3) % Percentage of revenue 46 % 58 % For fiscal 2024, sales and marketing expenses decreased primarily due to a decrease in marketing costs of $15 million and a decrease in amortization expense of $9 million for acquired customer relationships and trade names.
Sales and Marketing Expenses Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Sales and marketing $ 965 $ 1,036 $ (71) (7) % Percentage of revenue 37 % 46 % For fiscal 2025, sales and marketing expenses decreased primarily due to a reduction in labor costs of $34 million and a decrease in stock-based compensation expense of $25 million, driven by lower headcount.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Restructuring and Other Charges Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Restructuring and other charges $ 56 $ 29 $ 27 92 % Percentage of revenue 2 % 2 % For fiscal 2024, restructuring and other charges increased primarily due to an increase of $14 million in lease impairment charges and an increase of $13 million in severance and termination benefit costs.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) Restructuring and Other Charges Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Restructuring and other charges $ 11 $ 56 $ (45) (80) % Percentage of revenue — % 2 % For fiscal 2025, restructuring and other charges decreased primarily due to the absence of lease impairments along with a smaller overall restructuring plan implemented in fiscal 2025 compared to fiscal 2024.
Increasing awareness of our platform and capabilities, coupled with the mainstream adoption of cloud technology, has expanded the diversity of our customer base to include organizations of all sizes across all industries. The number of customers who have greater than $100,000 in ACV with us was 4,485, 3,930 and 3,100 as of January 31, 2024, 2023 and 2022, respectively.
Increasing awareness of our platforms and capabilities, coupled with the mainstream adoption of cloud technology, has expanded the diversity of our customer base to include organizations of all sizes across all industries.
Operating Expenses Research and Development Expenses Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) Research and development $ 656 $ 620 $ 36 6 % Percentage of revenue 29 % 33 % For fiscal 2024, research and development expenses increased primarily due to an increase of $39 million in employee compensation costs.
Operating Expenses Research and Development Expenses Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) Research and development $ 642 $ 656 $ (14) (2) % Percentage of revenue 25 % 29 % For fiscal 2025, research and development expenses decreased due to a reduction in stock-based compensation expense of $61 million, offset by increases in labor costs of $28 million, hosting fees of $6 million and software costs of $2 million.
General and Administrative Expenses Year Ended January 31, 2024 2023 $ Change % Change (dollars in millions) General and administrative $ 450 $ 409 $ 41 10 % Percentage of revenue 20 % 22 % For fiscal 2024, general and administrative expenses increased primarily due to an increase of $26 million in employee compensation costs.
General and Administrative Expenses Year Ended January 31, 2025 2024 $ Change % Change (dollars in millions) General and administrative $ 448 $ 450 $ (2) — % Percentage of revenue 17 % 20 % For fiscal 2025, general and administrative expenses decreased primarily due to a reduction in stock-based compensation expense of $37 million, offset by increases in consulting costs of $12 million, labor costs of $9 million, and software costs of $6 million.
Our gross margin for subscription revenue improved from 74% to 77% during fiscal 2024. The increase was primarily driven by improved spend efficiency resulting in lower relative cost of subscription revenue. For fiscal 2024, cost of professional services and other revenue decreased slightly. 61 OKTA, INC.
Additionally, third-party hosting costs increased by $8 million as we expanded capacity to support our growth, while software and consulting costs increased by $7 million and $4 million, respectively. Our gross margin for subscription revenue improved from 77% to 79% during fiscal 2025. The increase was primarily driven by improved spend efficiency resulting in lower relative cost of subscription revenue.
We will continue to monitor and reflect the impact of such legislative changes in future financial statements as appropriate. 63 OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued) have a material adverse effect on our effective tax rate, financial position, results of operations and cash flows. We will continue to monitor and reflect the impact of such legislative changes in future financial statements as appropriate.
… 23 more changes not shown on this page.
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
Market Risk — interest-rate, FX, commodity exposure
7 edited+0 added−0 removed11 unchanged
Item 7A. Quantitative and Qualitative Disclosures About Market Risk
Market Risk — interest-rate, FX, commodity exposure
7 edited+0 added−0 removed11 unchanged
2024 filing
2025 filing
Biggest changeAs of January 31, 2024, $552 million principal amount of the 2025 Notes remain outstanding. In June 2020, we issued the 2026 Notes due June 15, 2026 with a principal amount of $1,150 million. Concurrently with the issuance of the 2026 Notes, we entered into separate capped call transactions.
Biggest changeAs of January 31, 2025, $510 million principal amount of the 2025 Notes remain outstanding. As of January 31, 2025, the 2025 Notes are classified as current liabilities due to their upcoming maturity on September 1, 2025. In June 2020, we issued the 2026 Notes due June 15, 2026 with a principal amount of $1,150 million.
Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign currency exchange rates. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative financial instruments.
Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative financial instruments.
Changes in the interest rate environment upon maturity of this fixed rate debt could have an effect on our future cash flows and earnings, depending on whether the debt is replaced with other fixed rate debt, variable rate debt or equity. 69
Changes in the interest rate environment upon maturity of this fixed rate debt could have an effect on our future cash flows and earnings, depending on whether the debt is replaced with other fixed rate debt, variable rate debt or equity. 62
During fiscal 2024, 2023 and 2022, a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have had a material impact on our consolidated financial statements.
During fiscal 2025, 2024 and 2023, a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have had a material impact on our consolidated financial statements.
As of January 31, 2024, a hypothetical 10% relative change in interest rates would not have had a material impact on the value of our cash equivalents or investment portfolio.
As of January 31, 2025, a hypothetical 10% relative change in interest rates would not have had a material impact on the value of our cash equivalents or investment portfolio.
Interest Rate Risk We had cash, cash equivalents and short-term investments totaling $2,202 million as of January 31, 2024, of which $2,019 million was invested in U.S. treasury securities, money market funds, corporate debt securities and certificates of deposit. Our cash and cash equivalents are held for working capital and general corporate purposes, including potential future acquisition activity.
Interest Rate Risk We had cash, cash equivalents and short-term investments totaling $2,523 million as of January 31, 2025, of which $2,362 million was invested in U.S. treasury securities, money market funds, corporate debt securities and certificates of deposit. Our cash and cash equivalents are held for working capital and general corporate purposes, including potential future acquisition activity.
The 2026 Capped Calls were completed to reduce the potential dilution from the conversion of the 2026 Notes. As of January 31, 2024, $608 million principal amount of the 2026 Notes remain outstanding.
Concurrently with the issuance of the 2026 Notes, we entered into separate capped call transactions. The 2026 Capped Calls were completed to reduce the potential dilution from the conversion of the 2026 Notes. As of January 31, 2025, $350 million principal amount of the 2026 Notes remain outstanding.