UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 10-K
(Mark One)
| ☒ | ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | ||||
For the fiscal year ended January 31, 2025
or
| ☐ | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 | ||||
For the transition period from to
Commission File Number: 001-38044
Okta, Inc.
(Exact name of Registrant as specified in its charter)
Delaware | 100 First Street, Suite 600 | 26-4175727 | ||||||||||||
(State or Other Jurisdiction of Incorporation or Organization) | San Francisco | (I.R.S. Employer Identification Number) | ||||||||||||
California | ||||||||||||||
94105 | ||||||||||||||
| (Address of Principal executive offices) | ||||||||||||||
Registrant’s telephone number, including area code: (888) 722-7871
___________________________________________________
Securities registered pursuant to Section 12(b) of the Act:
| (Title of each class) | Trading Symbol(s) | (Name of each exchange on which registered) | ||||||||||||
Class A common stock, par value $0.0001 per share | OKTA | The Nasdaq Stock Market LLC | ||||||||||||
Securities registered pursuant to Section 12(g) of the Act: None
___________________________________________________
Indicate by check mark if the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒ No ☐
Indicate by check mark if the Registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐ No ☒
Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒ No ☐
Indicate by check mark whether the Registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the Registrant was required to submit such files). Yes ☒ No ☐
Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large Accelerated Filer | ☒ | Accelerated filer | ☐ | |||||||||||||||||
| Non-accelerated filer | ☐ | Smaller reporting company | ☐ | |||||||||||||||||
| Emerging growth company | ☐ | |||||||||||||||||||
If an emerging growth company, indicate by check mark if the Registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Indicate by check mark whether the Registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the Registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the Registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐
Indicate by check mark whether the Registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No ☒
The aggregate market value of the stock of the Registrant as of July 31, 2024 (based on a closing price of $93.94 per share) held by non-affiliates was approximately $15.2 billion. As of February 27, 2025, there were 165,819,291 shares of the Registrant’s Class A Common Stock and 7,783,873 shares of the Registrant's Class B Common Stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant's definitive Proxy Statement relating to the 2025 Annual Meeting of Stockholders are incorporated herein by reference in Part III of this Annual Report on Form 10-K to the extent stated herein. Such Proxy Statement will be filed with the Securities and Exchange Commission within 120 days of the registrant's fiscal year ended January 31, 2025.
Okta, Inc.
Form 10-K
For the Fiscal Year Ended January 31, 2025
TABLE OF CONTENTS
| Page | ||||||||
| Part I | ||||||||
| Part II | ||||||||
| Part III | ||||||||
| Part IV | ||||||||
Special Note Regarding Forward-Looking Statements
This Annual Report on Form 10-K contains "forward-looking statements" within the meaning of the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995. Words such as “expect,” “anticipate,” “should,” “believe,” “hope,” “target,” “project,” “goals,” “estimate,” “potential,” “predict,” “may,” “will,” “might,” “could,” “intend,” “shall” and similar expressions are intended to identify these forward-looking statements, although not all forward-looking statements include these identifying words.
Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about:
•our future financial performance, including our revenue, costs of revenue, gross profits, margins and operating expenses;
•the impact of general economic, business and market conditions, including geopolitical events, economic downturns or recessions, market volatility, inflation and interest rates, and foreign currency fluctuations;
•trends in our key business metrics;
•our growth strategy and ability to compete;
•the sufficiency of our cash and cash equivalents, investments and cash provided by sales of our solutions to meet our liquidity needs;
•potential impacts of cybersecurity incidents to our reputation, customer relations and financial results;
•our ability to detect, minimize or prevent security breaches to our internal systems and our platforms;
•our ability to maintain the security and service performance of our and our third-party service providers' systems or data, or our customers' data;
•our ability to retain and sell additional solutions to existing customers;
•our ability to successfully expand our existing marketing and sales capabilities, including further specializing our go-to-market organization;
•our ability to effectively sustain or manage our revenue growth and profitability;
•our ability to expand our product sales by promoting our brand and engaging channel partners;
•our ability to partner with third-party software vendors and system integrators;
•our ability of our solutions to effectively integrate with third-party systems and technologies;
•our ability to adequately fund research and development, and introduce new solutions, enhance existing solutions and address new use cases;
•our ability to expand our international business operations and product sales;
•our ability to maintain and protect our proprietary rights and intellectual property;
•our ability to comply with modified or new laws, regulations and industry standards;
•our intent to pay off our convertible senior notes at maturity;
•the attraction and retention of qualified employees and key personnel;
•the impact of recent accounting pronouncements on our financial statements;
•our ability to successfully defend litigation or other claims brought against us; and
•our ability to successfully identify, integrate and/or realize the benefits of strategic acquisitions or investments.
These forward-looking statements are made as of the date they were first issued and are based on current expectations and assumptions that are subject to a number of risks and uncertainties, which could cause our actual results to differ materially from those anticipated or implied by any forward-looking statements. Factors that could cause or contribute to such differences include, but not limited to, those discussed in “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Result of Operations” in this Annual Report on Form 10-K, as well as other documents that may be filed by us from time to time with the Securities and Exchange Commission ("SEC"). We undertake no obligation to revise or publicly release the results of any revision to these forward-looking statements, except as required by law. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements.
Part I
Item 1. Business
Overview
Okta, Inc. is the leading independent identity partner. Our vision is to free everyone to safely use any technology, and we believe identity is the key to making that happen. Our purpose is to bring simple and secure digital access to people and organizations everywhere. Our Okta Platform and Auth0 Platform enable our customers to securely connect the right people to the right technologies and services at the right time.
The acceleration of digital transformation, cloud adoption and the evolving security threat landscape are driving a shift in how organizations securely manage the identity of their employees, contractors and partners. At the same time, consumer expectations favoring simple, secure digital experiences are driving the adoption of new consumer identity technologies. Our platforms help organizations effectively harness the power of cloud, mobile and web technologies by securing users and connecting them with the applications and technology they use. Every day, thousands of organizations and millions of people use our platforms to securely access a wide range of cloud, mobile, web and Software-as-a-Service ("SaaS") applications, on-premises servers, application programming interfaces ("APIs"), IT infrastructure providers, and services from a multitude of devices. Employees and contractors sign into the Okta Platform to seamlessly and securely access the applications they need to do their most important work with more modern and secure experiences in the cloud and via mobile devices. Developers leverage our Okta Platform and Auth0 Platform to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core mission. Our approach to customer identity provides organizations with the scale, interoperability, extensibility and security they need to build applications with seamless and private experiences that serve a wide variety of users, from customers to citizens. As we add new customers, users, developers and integrations to our platforms, our business, customers, partners and users benefit from powerful network effects that increase the value and security of our solutions.
Given the growth trends in cloud adoption and the number of applications customers use and the movement to remote and hybrid workforces, identity is becoming the most critical layer of an organization’s security. As organizations shift from network-based security models to a Zero Trust security model focusing on adaptive and context-aware controls, identity has become the most reliable way to manage user access and protect digital assets. Our approach to identity allows our customers to simplify and efficiently scale their security infrastructures across internal IT systems and external customer-facing applications.
As of January 31, 2025, more than 19,650 customers across nearly every industry used our solutions to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises to small- and medium-sized businesses, universities, nonprofits and government agencies. We partner with leading application, infrastructure and security vendors, such as Amazon Web Services ("AWS"), CrowdStrike, Google, LexisNexis Risk Solutions, Microsoft, Netskope, Palo Alto Networks, Plaid, Proofpoint, Salesforce, ServiceNow, VMware, Workday, Yubico and Zscaler. We had over 7,000 integrations with cloud, mobile and web applications and IT infrastructure providers as of January 31, 2025, which, while not directly correlated to revenue, shows the breadth and acceptance of our platforms.
We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings. We focus on attracting and retaining our customers and increasing the value we provide to them over time. By retaining customers and increasing value, we increase their spending with us through expanding the number of users who access our Okta Platform and Auth0 Platform, and by selling additional product offerings. We sell our product offerings directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including resellers, system integrators, and other distribution partners.
Our Platforms
We offer independent and neutral cloud-based identity solutions that allow our customers to integrate with nearly any application, service or cloud that they choose through our secure, reliable, and scalable platforms. Our technological neutrality allows our customers to adopt the best technologies easily, and our two platforms are designed to securely connect users to the technology that they choose. Okta AI, a suite of AI-powered capabilities using our unique threat intelligence identity data to power real-time identity actions, is infused into several products available on our two platforms. We prioritize the compatibility of our platforms with public clouds, on-premises infrastructures and hybrid clouds.
4
Our platforms are used by organizations in two distinct and powerful ways. Customers manage and secure their employees, contractors and partners using what we call “workforce identity,” as supported by our Okta Platform. Customers can enable, manage and secure their customers’ identities using what we call “customer identity,” as supported by both our Okta Platform and Auth0 Platform.
Okta Platform
The Okta Platform simplifies the way an organization’s employees, contractors and partners connect to its applications and data from any device, while increasing efficiency and keeping IT environments secure. The Okta Platform can be used as the central system for an organization’s connectivity, access, authentication and identity lifecycle management needs spanning all of its users, technology and applications. Our customers use the Okta Platform to secure their workforces, to create solutions that make their partner networks more collaborative, and to provide more seamless and secure experiences for their end users. These features, combined with our technological neutrality, help our customers future-proof their environments. We enable our customers to easily deploy, manage and secure applications and devices, and to provision and support users across their IT environments, with a simple, intuitive, consumer-like user experience. Once deployed, we enable administrators to enforce contextual access management decisions based on conditions such as user identity, device, location, application identity, IP reputation and time of day, and maintain secure access throughout the duration of users’ sessions.
We enable organizations to provide their workforces with immediate and secure access to every application they need from any device they use, without requiring multiple credentials, which significantly enhances user productivity and IT efficiency. We offer our customers an additional security layer through our Adaptive Multi-Factor Authentication (“Adaptive MFA”), Device Access, and Identity Threat Protection with Okta AI product offerings. Our Universal Directory product offering also serves as a system of record to help our customers organize and manage their users. Our Lifecycle Management product offering enables customers to manage users’ access privileges through their entire lifecycle with a no-code approach that improves administrative efficiency and productivity. Our Workflows product offering enables the building of identity-related business processes with minimal or no-code. Okta Identity Governance, our unified identity access management and identity governance product offering, helps our customers improve their security and compliance posture while mitigating modern security risks and increasing efficiency. Our Privileged Access Management product offering provides unified access and governance for privileged resources and increases visibility, compliance and security without compromising user experience. Our Access Gateway product offering enables our customers to extend the Okta Platform to their existing on-premises applications. Our Identity Security Posture Management product offering proactively identifies vulnerabilities and security gaps before they can be exploited by providing consolidated visibility into identity posture across the Okta Platform and third-party solutions.
The Okta Platform enables our customers to automate and secure access across their ecosystem of employees, contractors and partners, increasing collaboration across their workforces.
Auth0 Platform
The Auth0 Platform enables companies, nonprofits and governmental agencies to transform their own customers’ or citizens’ experiences by empowering development teams to rapidly and securely build customer- and citizen-facing cloud, mobile or web applications. The Auth0 Platform primarily supports consumer and SaaS applications. It empowers application builders to innovate faster by removing the complexity from identity and making it simple, extensible and customizable. We enable organizations to integrate our powerful identity platform into their cloud, web and mobile applications. This makes it easier for them to authenticate, manage, scale and secure their applications through comprehensive APIs, software development kits and extensive developer tools, enabling rapid time to market for the business. Organizations are able to streamline user experience and improve security across all their applications, leading to increased customer acquisition, retention and loyalty.
The Auth0 Platform provides multiple enhanced security capabilities including bot detection, Adaptive MFA, fraud prevention, and account takeover attack protection while delivering a high level of security. In addition to security and authentication, Auth0 also supports authorization, including fine grained authorization. Our Auth for GenAI product offering enable developers to build chatbots and AI agents into their applications easily and securely.
5
Growth Strategy
Key elements of our growth strategy are to:
Execute with Our Platforms
•Deepen Relationships Within Our Existing Customer Base. We strive to further increase revenue from our existing customers by cross-selling and up-selling additional and new product offerings. We also believe we can expand our footprint by focusing on current customers that have deployed our Okta Platform and expanding those customers’ use of our Auth0 Platform, or vice versa.
•Drive Growth with Large Customers. To increase our market share, we intend to focus on growing our base of large customers using a land-and-expand sales model, with a focus on key markets by size of customers, as well as key verticals, including highly regulated sectors.
•Leverage Partner Ecosystem. We plan to further leverage the sales efforts of global system integrators, managed service providers, technology partners and other distribution partners for growth, scale and specialized expertise. Our Okta Elevate Partner Program is designed to incentivize partners to deliver and manage our solutions.
•Expand Our International Footprint. With 21% of our revenue generated outside of the United States in fiscal 2025, and our international revenue growing 14% from fiscal 2024 to fiscal 2025, we believe there is a significant opportunity to continue to grow our international business. We believe global demand for our product offerings will continue to be a long-term opportunity as organizations outside the United States fully embrace the transition to cloud computing, and larger international organizations take advantage of technology consolidation within their global locations.
Increase Our Opportunities
•Innovate and Extend Our Platforms with New Products. We intend to continue making significant investments in research and development, hiring top technical talent and maintaining an agile organization. By continuing to innovate, introduce new product offerings and extend our platforms, we believe that we can offer increasing value to our existing and potential customers. For example, investments in Okta AI led to newly launched products like Identity Threat Protection for the Okta Platform, Guide for the Auth0 Platform and the industry’s first real Universal Logout solution.
•Extend Our Accessible Market with New Use Cases. As technology and our customers’ needs evolve, we plan to use our platforms to help our customers address new challenges, regulatory requirements and use cases.
•Increasing Go-To-Market Specialization. We intend to further specialize the go-to-market organization to better meet the needs of the distinct buying centers. Okta sellers will focus engagement on IT and security buyer needs, including all workforce identity products, as well as Okta customer identity. Auth0 sellers will focus on meeting the unique needs of developers, which include highly technical customer identity customizations and flexible development models.
•Leverage Our Integrations. The Okta Integration Network is an extensive ecosystem, which includes over 7,000 integrations with cloud, mobile and web applications as well integrated solutions with IT infrastructure providers and security vendors. We continue to add new integrations as we expand the surface area of our identity platform. We view our investment in these partnerships as a force multiplier that enables us to build and promote complementary capabilities that benefit our customers.
•Expand our Developer Ecosystem. We want to empower every application developer to use our platforms to securely integrate identity into any application. We believe that our platforms enable developers to focus their time and attention on innovating within their core application capabilities while relying on our platforms for their identity-related requirements, leading to more secure and convenient experiences for their own customers.
•Leverage Our Unique Data Assets with Powerful Analytics. Our position at the intersection of people, devices, applications and infrastructure gives us unique access to powerful threat intelligence identity data, and the opportunity to provide differentiated insights based on that data, as well as predictive capabilities
6
based on that data to help keep customers more secure. We expect the value of our analytics to our customer base will increase as customers continue to connect more devices, applications and users to their networks and as we add more customers. We also expect that our analytics ability will enable our customers to use our data and third-party data from our partners, allowing customers to make more informed and secure access decisions. We do not currently derive direct revenue from our unique data assets, but we may explore opportunities for monetization in the future.
•Mergers and Acquisitions and Investments. From time to time, we evaluate opportunities to acquire or invest in emerging and adjacent technologies to complement our organic investments and improve our product offerings, services and customers’ experiences. We will continue to use these types of strategic levers as opportunities arise.
Our Product Offerings
Our portfolio of product offerings and services is used to manage and secure identities. Most of our product offerings can be used for both customer identity and workforce identity use cases, and we are continuously enhancing our product offerings and services. Our workforce identity product offerings are consumed through web and mobile interfaces and provide simple ways for IT organizations to manage identities for their employees, contractors and business partners. For customer identity, our APIs are also used by developers to embed our identity functionality into their own customer-facing mobile or web applications. We continuously improve our Okta Platform and Auth0 Platform by releasing and developing additional product offerings, features and services.
Okta Platform Product Offerings
Access Management
•Single Sign-on. When used to manage and secure identities for a customer’s workforce, Single Sign-On enables users to access all of their applications, whether in the cloud or on-premises, from any device, with a single entry of their user credentials. We combine secure access, modern protocols, flexible policies and a consumer-like user experience to permit organizations to easily allow customers or partners to sign in to their applications with their existing identity information. With Okta FastPass, we enable our customers to provide their users with a passwordless experience across any device and every major operating system. Single Sign-On also enables built-in reporting and analytics that provide real-time search functionalities across users, devices, applications and the associated access and usage activity.
•Adaptive MFA. Adaptive MFA is a comprehensive, but simple-to-use, product that provides an additional layer of security for an organization’s cloud, mobile and web applications and data. We offer an intelligent approach to security, built on contextual data. Adaptive MFA includes a policy framework that is integrated with a broad set of cloud and on-premises applications and network infrastructures. It offers adaptive, risk-based authentication that leverages data intelligence from across the Okta Platform network of thousands of organizations as well as from our partner ecosystem.
•API Access Management. API Access Management enables organizations to secure APIs as systems connect to each other. Access to these APIs is managed based on the user, which enables organizations to centrally maintain one set of permissions for any employee, partner or customer across every point of access. API Access Management reduces development time, boosts security, helps in achieving compliance and enables seamless end-user experiences by providing a unified portable service for authorizing secure and always available access to any API.
•Access Gateway. Access Gateway enables organizations to extend Okta Platform, which is a cloud-native platform, from the cloud to their existing on-premises applications so that they can harness the benefits of the platform to manage all of their critical systems, whether in the cloud, on-premises or hybrid. Extending the benefits of the Okta Platform to hybrid IT environments delivers a single point of management for our customers’ administrators and a single location from which end users can access their critical applications.
•Okta Device Access. Okta Device Access extends the Okta Platform's secure access management to the device login experience. Okta Device Access enables end users to securely log in to their devices with their Okta Platform credentials and meet MFA challenges from a set of strong factors, helping organizations to harden their security posture by protecting a user's device with the same experience that the Okta Platform provides for applications and resources.
7
•Universal Directory. Universal Directory provides a centralized, cloud-based system of record to store and secure user, application and device profiles for an organization. Users and profiles stored in the directory can be used with our Single Sign-On product to manage passwords and authentication, or can be used by developers to store and authenticate the users of their applications. When used for workforce identity, Universal Directory becomes a customer’s system of record for all of its employees, contractors and partners.
Security
•Identity Threat Protection with Okta AI. Identity Threat Protection helps safeguard organizations with native identity intelligence from the Okta Platform and signals from third-party tools integrated into an organization’s security stack. The Okta Platform’s AI-driven continuous risk and policy evaluations deliver real-time identity threat assessment and automated remediation.
•Identity Security Posture Management. Identity Security Posture Management (“ISPM”) helps organizations fortify their security measures and safeguard their digital assets with greater efficiency. ISPM highlights critical identity security issues like admin sprawl, MFA bypass, and local accounts and prioritizes them based on risk severity for effective remediation.
Identity Governance and Administration (“IGA”)
•Lifecycle Management. Lifecycle Management enables IT organizations or developers to manage a user's identity throughout its lifecycle, from onboarding to offboarding. It automates IT processes and ensures user accounts are created and deactivated at the appropriate times, including the workflow and policies needed to power those processes, and helps ensure compliance requirements are met as user roles evolve and access levels change.
•Okta Workflows. Designed to enable IT and security teams to move faster, more accurately and more cost effectively as they scale, Okta Workflows enables the building of identity-related business processes with minimal or no code, such as automating user onboarding and provisioning, creating just-in-time authorization for software development and IT processes, automating identity-centric security responses, and orchestrating customer data across backend systems.
•Okta Identity Governance. Okta Identity Governance provides a unified identity access management and identity governance solution focused on improving an organization’s security and compliance posture, helping customers to mitigate everyday security risks, and improve IT efficiency. Okta Identity Governance includes governance capabilities relating to access requests, access certifications and access reporting. Through these capabilities, Okta Identity Governance simplifies and automates the process of requesting and approving access to applications and resources.
Privileged Access Management
•Advanced Server Access. Advanced Server Access offers continuous, contextual access management to secure cloud infrastructure. Organizations can continuously manage and secure access to on-premises Windows and Linux servers and across leading Infrastructure-as-a-Service vendors, including AWS, Google Cloud Platform and Microsoft Azure. Advanced Server Access enables our customers to centralize access controls in a seamless manner to better mitigate the risk of credential theft, reuse, sprawl and abandoned administrative accounts.
•Okta Privileged Access. Okta Privileged Access enables organizations to reduce risk with unified access and governance management for on-premises and cloud privileged resources, for better visibility, compliance, and security for critical applications, resources and infrastructure requiring privileged access.
Auth0 Platform Product Offerings
•Universal Login. Universal Login is a standards-based login infrastructure with centralized feature management and configuration for websites and applications that can be integrated with a wide range of social media login credential providers, enterprise login services and customer-provided databases. Universal Login enables our customers to provide a consistent login experience across many different applications and devices.
8
•Attack Protection. Attack Protection is a suite of security capabilities that protect our customers from different types of malicious traffic, including bots, breached passwords, suspicious IP addresses and brute force attacks. Attack Protection enables our customers to minimize risks associated with the ever-growing volume of identity-targeted attacks.
•Adaptive MFA. Simple-to-use and adaptable MFA that minimizes friction to end users. When using Adaptive MFA, our customers leverage risk-assessment algorithms that present MFA challenges only to select authentication attempts that require additional validation.
•Passwordless. Passwordless authentication enables users to login without a password and supports a variety of different login methods, including advanced device biometrics such as passkeys.
•Machine to Machine. Machine to Machine provides standards-based authentication and authorization with non-interactive devices and applications.
•Private Cloud. Private Cloud is a deployment option that allows our customers to run a dedicated cloud instance of the Auth0 Platform. Private Cloud capability supports multiple cloud providers.
•Organizations. Organizations enable our customers to support a large number of partners or customers of their own with independent configurations, login experiences and security options.
•Actions and Extensibility. Actions and Extensibility allow our customers to create customized identity flows that address their unique requirements through a drag-and-drop interface to add pre-built partner integrations and their own custom logic across an authentication flow.
•Enterprise Connections. Enterprise Connections enable Enterprise Federation using pre-built integrations with commonly used enterprise identity systems.
•Fine Grained Authorization. Fine Grained Authorization helps customers manage complex authorization scenarios efficiently, and reduces latency and downtime as their systems and user bases grow.
•Auth for GenAI. A suite of features that enable developers to build chatbots and AI agents into their applications easily and securely.
Through our broad and deep product offerings that support a wide range of workforce and customer identity use cases, we deliver multiple critical business outcomes for our customers. These include boosting their cybersecurity posture, reducing IT spending, addressing regulations, reducing fraud, increasing new customer conversions, creating frictionless customer experiences, and helping technical teams deliver products to market faster.
Our Technology
We focus on engineering an intuitive and comprehensive platform to solve complex identity management and security challenges. Our cloud architecture is multi-tenant, encrypted and third-party validated. Our service also allows us to integrate into our customers’ on-premises components and hybrid configurations.
Differentiated Administration, User and Developer Experience
The Okta Platform and Auth0 Platform offer administrators and users a consistent, easy-to-use, consumer-like experience across our product offerings. Our technology integrates with industry-leading browsers and mobile applications to provide seamless access to nearly any web or native mobile application. We also heavily leverage operating system management and security technologies across desktops, laptops and mobile devices to provide a transparent, but secure experience for users across a range of devices. These integrations allow us to seamlessly deliver identity, access, security and management use cases that previously required significant custom development to achieve.
Robust Security
Security is essential for us and for our customers. Our approach to security spans day-to-day operational practices from the design and development of our software to how customer data is segmented and secured within our multi-tenant platform. The Okta Platform and its features are updated regularly, and along with continuous security testing, there are periodic security reviews that provide audited and verifiable security checkpoints to ensure the quality of our source code. A number of our Okta Platform product offerings have attained multiple
9
certifications, including SOC 2 Type II Attestations, CSA Star Level 2 Certification, ISO/IEC 27001:2022, ISO/IEC 27017:2015, ISO/IEC 27018:2019 and comply with many other international security frameworks. Certain Okta Platform offerings maintain multiple agency Federal Risk and Authorization Management Program ("FedRAMP") Authorities to Operate and are compliant to operate at Department of Defense Impact Level 4. Certain Okta Platform offerings maintain minimum security requirements in alignment with the Security Rule of the Health Insurance Portability and Accountability Act ("HIPAA"). The Okta Platform also supports FIPS 140-2 encryption requirements.
Additional information regarding our cybersecurity risk management strategy and governance is included in “Cybersecurity” under Part I, Item 1C of this Annual Report on Form 10-K. For additional information regarding the cybersecurity risks that we face, see “Risk Factors” included under Part I, Item 1A of this Annual Report on Form 10-K.
Scalability and Uptime
Our technical operations and engineering models are designed around the concept of an always-on, highly redundant and available platform that we seek to upgrade without customer disruption. Our product offerings and architecture were built entirely in and for the cloud with availability, resiliency and scalability at the center of the design. We have zero planned downtime, including during our maintenance windows.
Our proprietary architecture includes redundant, active-active-active availability zones with cross-continental disaster recovery regions, real-time database replication and geo-distributed storage. If one of our systems goes down, another is quickly promoted. Our architecture is designed to scale both vertically by increasing the size of the application tiers and horizontally by adding new geo-distributed cells.
The Okta Platform and Auth0 Platform are monitored not only at the infrastructure level, but also at the application and third-party integration level. Synthetic transaction monitoring allows our technical operations team to detect and resolve issues proactively.
Okta Integration Network and Auth0 Marketplace
The Okta Integration Network contains over 7,000 integrations with cloud, mobile and web applications, IoT devices and IT infrastructure providers, including AWS, Atlassian, DocuSign, Google, Microsoft Office 365, NetSuite, Oracle, Palo Alto Networks, Proofpoint, Salesforce, SAP, ServiceNow, Slack, Splunk, VMware, Workday, Zendesk and Zoom. Our patented technology allows our customers to seamlessly connect to any application or type of device that is already integrated into our network. In addition, customers can extend the benefits of the Okta Integration Network by creating their own integrations to both cloud and on-premises proprietary applications.
Similarly, the Auth0 Marketplace is a trusted catalog of integrations that enables application teams to easily assemble complete identity solutions. The Auth0 Marketplace connects customers with service providers and builders who solve integration use cases and implement integrations with the Auth0 Platform.
Our Customers
As of January 31, 2025, we had more than 19,650 customers, including more than 4,800 customers with an annual contract value greater than $100,000. Our customers span nearly all industry verticals and range from small organizations with fewer than 100 employees to companies in the Fortune 50, with up to hundreds of thousands of employees, some of which use our platforms to manage millions of their customers' identities.
10
Sales and Marketing
Sales
We sell directly to customers through our direct inside and field sales force and also indirectly through our extensive ecosystem of channel partners. We also offer a self-service approach for developers to sign up for free trials of our Auth0 Platform, which may transition to paid offerings. We often leverage our expansion sales model to generate incremental revenue, often within the term of the initial agreement, through the addition of new users and the sale of additional product offerings. In many instances, we find that initial customer success with our platforms results in key internal decision-makers expanding their deployments, for example, from initial use for workforce identity to expanded use for their customer identity needs. Furthermore, as our customers are successful in their businesses and increase headcount, the number of their customers or their monthly active users, we have the opportunity to share in their growth as the number of identities that we manage increases. Conversely, if our customers reduce the size of their workforce, then the number of identities that we manage, and therefore our revenue may potentially decrease.
Our sales organization is structured to address the specific needs of our target markets, and is divided by geography and customer size, and in some cases by industry vertical. We also employ specialization in our sales team when appropriate, such as our “hunter-farmer” sales model for the Americas small- and medium-sized business market, and our newly announced global go-to-market specialization strategy, which is intended to better align our sales team with the distinct needs of IT security buyers and application developers. Our direct sales force is supported by our sales engineers, security team, cloud architects, professional services team and other technical resources.
We benefit from an expansive partner ecosystem that helps drive additional sales. Nearly all of the leading cloud application providers are our partners, and many of them drive further customer acquisition for us through co-selling arrangements, building our offerings directly into their products, and product demonstrations running on our technology. We also partner with several of the large technology companies that are driving the movement to the cloud. In addition to these technology partners, we leverage our channel partners, including system integrators, traditional value-added resellers ("VARs") and Government VARs, to broaden the range of customers we reach.
Marketing
Our most valuable marketing features our customers and their successes and is informed by a deeply data-driven approach, giving us insights into the efficacy of our efforts. Our marketing efforts focus on promoting our industry-leading product lines, establishing our brand, generating awareness, creating sales leads and cultivating the Okta Communities.
A centerpiece of our marketing strategy is our annual customer conference, Oktane, which features customers sharing their success stories, new product and feature announcements, and hands-on product labs. We also host a number of other events where we engage with both existing customers and new prospects, as well as deliver product training.
Research and Development
Our research and development organization is responsible for the design, architecture, creation and quality of our platforms. The research and development organization also works closely with our technical operations team to ensure the successful deployment and monitoring of our platforms. We use test automation and application monitoring to ensure our services are always on.
Customer Support and Professional Services
Our product offerings are designed for ease of use and fast deployments. As part of our customer-first strategy, we are focused on customer success and offer several programs to help our customers maximize their success with our product offerings. These programs leverage the expertise and best practices that we have built while helping thousands of customers adopt and deploy our product offerings.
Customer Support and Training Services
We offer three tiers of support, each of which builds upon the previous tier. We provide 24/7 support for the highest support tiers as well as access to Customer Success and Technical Account Managers. We also provide on-
11
demand access to a robust online digital community and customer success hub, where our customers can find answers to common use cases, information about product features, and interact with our experts and industry peers.
Professional Services
Our professional services team provides assistance to customers in the deployment of our Okta Platform and Auth0 Platform and includes identity and security experts, customized deployment plans, SmartStart, which provides a quick path to implementation, and Okta Expert Assist, in which we provide our customers with recommendations and best practices designed to improve their security posture.
Okta Community
We have created the Okta Community, an online community available to all of our customers that enables them to connect with other customers and partners to ask questions and find answers.
Intellectual Property
We protect our intellectual property through a combination of trademarks, domain names, copyrights, trade secrets and patents, as well as contractual provisions and restrictions on access to our proprietary technology.
As of January 31, 2025, we had 74 issued patents in the United States and 81 issued patents granted outside of the United States that expire between 2030 and 2044 and cover various aspects of our product offerings.
We have registered “Okta” and "Auth0" as trademarks in many jurisdictions throughout the world to protect our brands. We also have filed other trademark applications pending in various jurisdictions throughout the world. We also have registered other trademarks in the United States including “The World’s Identity Company” and “Oktane".
We are the registered holder of a variety of domestic and international domain names that include “Okta,” "Auth0" and similar variations.
In addition to the protection provided by our intellectual property rights, we enter into confidentiality and proprietary rights or similar agreements with our employees, consultants and contractors. Our employees, consultants and contractors are also subject to invention assignment agreements. We further control the use of our proprietary technology and intellectual property through provisions in both general and product-specific terms of use.
Additional information regarding certain risks related to our intellectual property is included in “Risk Factors” under Part I, Item 1A of this Annual Report on Form 10-K.
Our Competitors
The markets for our product offerings are rapidly evolving, highly competitive and subject to shifting customer needs and frequent introductions of new competing technologies. As the markets in which we operate continue to mature and new technologies and competitors enter those markets, we expect competition to intensify. Our competitor categories include:
•Authentication providers;
•Identity governance providers;
•Multi-factor authentication providers;
•Infrastructure-as-a-service providers;
•Other customer identity and access management providers; and
•Solutions developed in-house by our potential customers.
We compete with both cloud-based and on-premises enterprise application software providers. We also compete against open-source technologies that customers can use to build their own identity solutions. Our competitors vary in size and in the breadth and scope of the products and services offered. However, certain of our
12
competitors have substantial competitive advantages, such as significantly greater financial, technical, sales and marketing, distribution, customer support or other resources, longer operating histories, greater resources to make strategic acquisitions, and greater name recognition than we have. Our principal competitor is Microsoft.
Due to the flexibility and breadth of our platforms, we can and often do co-exist alongside our competitors’ products within our customer base.
Principal competitive factors in our markets include flexibility, independence, product capabilities, total cost of ownership, time to value, scalability, user experience, number of pre-built integrations, customer satisfaction, global reach and ease of integration, management and use. We believe our product strategy, platform architecture, technology and independence as well as our company culture allow us to compete favorably on each of these factors.
We expect competition to increase as other established and emerging companies enter our markets, as customer requirements evolve, and as new products and technologies are introduced. We expect this to be particularly true as we are a cloud-based offering, and our competitors may also seek to acquire new offerings or repurpose their existing offerings to provide identity management solutions with subscription models. With the continuing merger and acquisition activity in the technology industry, particularly transactions involving security or identity and access management technologies, there is a greater likelihood that we will compete with other large technology companies in the future in both the workforce identity and customer identity markets.
Additional information regarding our competition is included in “Risk Factors” under Part I, Item 1A of this Annual Report on Form 10-K.
Human Capital Resources
Our core values—love our customers, always secure and always on, build and own it, and drive what’s next—inform and guide our human capital initiatives and objectives. In order to continue to innovate and drive customer success, it is crucial that we continue to attract, develop and retain exceptional talent. To that end, we strive to make our workplace one in which employees feel like they have opportunities to grow and develop in their careers. We support our employees with fair and competitive compensation, benefits and wellness programs, and initiatives that foster connections between and among our employees and their communities.
As of January 31, 2025, we had 5,914 employees, of which approximately 62% were in the United States and 38% were in our international locations. We have not experienced any work stoppages, and we consider our relations with our employees to be good. Our employee engagement program helps us understand employee sentiment on a wide range of topics throughout the employee lifecycle, providing insights that inform our decisions about company initiatives, employee programs, talent risks, management opportunities and more. In fiscal 2025, 86% of our eligible employees participated in our annual employee engagement survey.
Builder and Owner Culture
“Build and own it” is one of our core values. Our goal is to create a shared sense of ownership in achieving our company vision where career growth, competitive rewards, and purpose empower our employees to do great work. We want every employee to feel ownership of Okta.
Growth and Development
We invest significant resources to develop talent and actively foster a learning culture where employees are empowered to drive their personal and professional growth. We provide our employees with a wide range of learning and development opportunities, including in-person, virtual, social and self-directed learning, mentoring, coaching and external development. Our extensive onboarding and training programs prepare our employees at all levels for career progression and individual development. Our employee onboarding program helps our new hires get off to the right start, our manager development program helps to build a solid foundation for our people managers, and our technical training program brings our new technical employees up to speed on our product offerings.
Compensation, Benefits and Wellness
We provide robust compensation, benefits and wellness programs that help support the varying needs of our employees. In addition to market-competitive base pay, short-term bonus incentives and long-term equity
13
incentives, our total rewards program offers comprehensive employee benefits that may vary by country or region, including an employee stock purchase plan, a 401(k) plan in the United States with company matching contributions, comprehensive medical, dental and vision insurance, life and disability insurance, health savings accounts, charitable donation matching, flexible time off, volunteer time off, gender-neutral paid parental leave, fertility and adoption support, family care resources, mobile and internet reimbursement, mental health and lifestyle support programs, and a variety of other health and wellness resources.
We are committed to fair compensation and opportunity in our workplace. We conduct regular equal pay assessments to attempt to promote pay equity among all of our employees.
Flexible Work
We help our employees succeed by providing flexibility in where and how they work. We embrace a hybrid working approach that permits employees to work remotely or from one of our offices. We believe a hybrid approach can increase employee empowerment, satisfaction and productivity, drive efficiency and enable us to hire from a broader pool of talent.
Community and Social Impact
The mission of our social impact arm, Okta for Good, is to build a safely connected world where everyone can belong and thrive. We mobilize our people, products and financial resources in service of our communities.
Our employees are passionate about many causes and Okta for Good connects them with numerous giving and volunteering opportunities in service of our communities. We believe this fosters a more meaningful, fulfilling and enjoyable workplace. In addition, through Okta for Good we donate and discount access to our service for non-profit organizations. These organizations use Okta to make their teams more efficient and secure, allowing them to focus on their important missions. We also engage in philanthropic grantmaking via the Okta for Good Fund, a donor-advised fund held at Tides Foundation. Grantmaking focus areas include:
•Tech for Good;
•Digital Equity; and
•Climate Action.
Prior to our initial public offering ("IPO") in April 2017, we reserved 300,000 shares of our common stock to fund and support the operations of Okta for Good, all of which have been issued as of January 31, 2025. Ongoing philanthropic activities will be funded via cash contributions from Okta, Inc. Okta for Good is a part of our company and not a separate legal entity. Additional information can be found on the "Okta for Good" page of our website at www.okta.com.
Sustainability
We have an established sustainability program that aligns with our interest to have a positive impact on society and the environment. We believe we have a long-term responsibility to meaningfully participate in our society for the benefit of the environment and all of our stakeholders, including our stockholders, customers, employees, partners and communities. Our executive leadership team oversees the strategic direction of our sustainability strategy, while the nominating and corporate governance committee of our board of directors reviews the status of our sustainability programs and public disclosures. We have set public commitments related to certain environmental matters and implemented a renewable energy program to track our energy consumption and reduction efforts. Additional information on these and other sustainability initiatives, as well our public targets and goals, can be found on the “Responsibility” page of our website at www.okta.com.
Financial Information
The financial information required under this Item 1 is incorporated herein by reference to “Financial Statements and Supplementary Data” included in Part II, Item 8 of this Annual Report on Form 10-K. For financial information regarding our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included in Part II, Item 7 of this Annual Report on Form 10-K and our consolidated audited financial statements and related notes included elsewhere in this Annual Report on Form 10-K.
14
Corporate Information
We incorporated in 2009 as Saasure Inc., a California corporation. In 2010, we reincorporated as Okta, Inc., a Delaware corporation. Our principal executive offices are located at 100 First Street, Suite 600, San Francisco, California 94105, and our telephone number is (888) 722-7871. Our website address is www.okta.com.
Additional Information
Our investor relations website address is investor.okta.com. Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and Proxy Statements for our annual meetings of stockholders, including any exhibits and amendments to these filings, are available, free of charge, on our investor relations website after we file or furnish them with the SEC, and they are available on the SEC's website at www.sec.gov.
We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations website. Supplemental financial and other information can be accessed through the Company’s investor relations website. We also use our investor.okta.com website and okta.com/blog websites (including the Security Blog, Okta Developer Blog and Auth0 Developer Blog) as a means of disclosing material non-public information, announcing upcoming investor conferences and for complying with our disclosure obligations under Regulation FD. Accordingly, you should monitor our investor relations and okta.com/blog websites in addition to following our press releases, SEC filings and public conference calls and webcasts. Further corporate governance information, including our corporate governance guidelines and code of conduct, is also available on our investor relations website under the heading "Responsibility and Governance." Information contained on, or that can be accessed through, our websites is not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.
15
Item 1A. Risk Factors
A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks and uncertainties described below, as well as the other information in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The occurrence of any of the events or developments described below, or of additional risks and uncertainties not presently known to us or that we currently deem immaterial, could materially and adversely affect our business, results of operations, financial condition and growth prospects. In such an event, the market price of our Class A common stock could decline, and you could lose all or part of your investment.
Risk Factor Summary
This risk factor summary contains a high-level summary of risks associated with our business. It does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary. A summary of our risks includes, but is not limited to, the following:
•Adverse general economic, market and industry conditions and reductions in workforce identity and customer identity spending have, in the past, and may, in the future, reduce demand for our solutions, which could harm our revenue, results of operations and cash flows.
•We have experienced rapid growth in prior periods, and any failure to effectively manage future growth could harm our business and future prospects.
•If we fail to manage our growth effectively or fail to execute our business plan, we may not be able to maintain high levels of service and customer satisfaction or adequately address competitive challenges.
•We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
•We have a history of losses, and we may not be consistently profitable in the future.
•Our business depends on our ability to retain existing customers, and our revenues and results of operations could be adversely impacted if they do not renew their subscriptions or purchase additional licenses or subscriptions with us.
•If we are unable to grow our customer base, our revenue growth and profitability could be harmed.
•We may experience quarterly fluctuations in our results of operations due to a number of factors that make our future results difficult to predict and could cause our results of operations to fall below analyst or investor expectations.
•Interruptions or performance problems that impact the functionality of our technology, systems, or infrastructure could result in delays in the deployment of our platforms.
•In the past, we have experienced cybersecurity incidents that allowed unauthorized access to our systems or data or our customers’ data, harmed our reputation, created additional liability, and adversely impacted our financial results. We and our third-party service providers may experience similar incidents in the future which may also include disabling access to our service.
•We and our third-party service providers have, in the past, failed or been perceived to have failed to fully comply with the privacy or security provisions of our privacy policy, our contracts and/or legal or regulatory requirements, which could result in proceedings, actions or penalties against us. We may experience similar incidents in the future.
•If we are unable to ensure that our solutions integrate or interoperate with a variety of operating systems, platforms, services, software applications devices, mobile phones and other hardware form factors that are developed by others, our platforms may become less competitive and our results of operations may be harmed.
16
•Real or perceived errors, failures, vulnerabilities or bugs in our solutions, including deployment complexity, have, in the past and could, in the future, harm our business and results of operations.
•Because we generally recognize revenue from our subscriptions and support services over the term of the relevant service period, a decrease in sales during a reporting period may not be immediately reflected in our results of operations for that period.
•The stock price of our Class A common stock may be volatile or may decline.
•The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of our IPO, including our directors, executive officers, and their affiliates, who held in the aggregate 35.3% of the voting power of our capital stock as of January 31, 2025. This will limit or preclude your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval.
•Transactions relating to our convertible notes may affect the value of our Class A common stock.
•We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
Risks Related to Our Business and Industry
Adverse general economic, market and industry conditions and reductions in workforce identity and customer identity spending have, in the past, and may, in the future, reduce demand for our solutions, which could harm our revenue, results of operations and cash flows.
Our revenue, results of operations and cash flows depend on the overall demand for our solutions. Concerns about the inflation and interest rate environment, the instability of financial institutions, health epidemics, the systemic impact of a widespread recession (in the United States or internationally), energy costs, geopolitical issues, such as Russia’s invasion of Ukraine, or the availability and cost of credit have and could continue to lead to increased market volatility, decreased consumer confidence and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in spending on our platforms by our existing and prospective customers. These economic conditions can occur abruptly. Prolonged economic slowdowns may result in customers requesting us to renegotiate existing contracts on less advantageous terms to us than those currently in place or defaulting on payments due on existing contracts or not renewing at the end of the contract term. For example, rising interest rates in the United States have affected businesses across many industries, including ours, by increasing the costs of labor, employee healthcare and other components, which may further constrain our, our customers’ and prospective customers’ budgets. To the extent there is a sustained general economic downturn, and our platforms and services are perceived by customers or potential customers as costly, or too difficult to deploy or migrate to, our revenue may be disproportionately affected by delays or reductions in spending.
We have experienced rapid growth in prior periods, and any failure to effectively manage future growth could harm our business and future prospects.
Our prior revenue growth rates may not be indicative of our future growth or performance. We have experienced revenue growth rates of 43%, 22% and 15% during fiscal 2023, 2024 and 2025, respectively. Our revenue for any quarterly or annual period should not be relied upon as an indication of our future revenue or revenue growth for any future period, as we may not be able to sustain revenue growth consistent with recent history, or at all. Revenue growth depends on several factors, including pricing our platforms to attract new and retain existing customers; managing demand for our solutions; competing against larger companies and new market entrants; capitalizing on new acquisitions, technologies or growth opportunities; and other conditions described in these risk factors. If we are unable to grow our revenue, it will be difficult to maintain our profitability, or maintain or increase our cash flow on a consistent basis. We expect our operating expenses to increase in future periods as we continue to expand our business. If our revenue growth does not increase to offset these anticipated increases in our operating expenses, our business, financial position and results of operations will be harmed, and we may not be able to achieve or consistently maintain profitability. Additionally, the sales cycle for the evaluation and implementation of our platforms, which typically extends for multiple months for enterprise deals, may also cause us to experience a delay between increasing operating expenses and generating corresponding revenue, if any. We may not be able to prepare accurate internal financial forecasts or replace anticipated revenue that we lost as a result of such delays, and our results of operations in future reporting periods could differ materially from our
17
estimates and forecasts, or may not meet the expectations of our investors, which could cause our business to suffer and our stock price to decline.
If we fail to manage our growth effectively or fail to execute our business plan, we may not be able to maintain high levels of service and customer satisfaction or adequately address competitive challenges.
We have experienced rapid growth and organizational change, which has placed, and may continue to place, significant demands on our management and our operational and financial resources. In order to manage future growth and better align our organizational structure and resources with our business priorities, we may undertake restructuring plans from time to time. For example, in recent years we have announced restructuring plans intended to reduce operating expenses and improve profitability that involved reductions of our workforce. We have in the past encountered, and may in the future encounter, challenges in the execution of these restructuring efforts, such as adverse impacts on employee morale or attrition beyond the intended reductions, and these challenges could impact our ability to execute on our business initiatives, which could cause our restructuring efforts to not be as effective as anticipated and harm our financial results.
In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. As our customer base continues to grow, we will need to expand our account management, customer service and other personnel, and our network of independent software vendors (“ISVs”), system integrators and other channel partners, to provide personalized account management and customer service. If we are not able to continue to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be harmed.
We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The markets for our solutions are rapidly evolving, highly competitive, and subject to shifting customer needs and frequent introductions of new technologies. As the markets in which we operate continue to mature and new technologies and competitors enter such markets, we expect competition to intensify. We compete with both cloud-based and on-premise enterprise application software providers including, but not limited to: authentication providers; access and lifecycle management providers; multi-factor authentication providers; infrastructure-as-a-service providers; other customer identity and access management providers; and solutions developed in-house by our potential customers. Our principal competitor is Microsoft.
Many of our competitors have significantly greater financial, technical, sales and marketing, distribution, customer support or other resources, larger intellectual property portfolios, longer operating histories, greater resources to make strategic acquisitions, more established relationships with third-party service providers, and greater name recognition than we do. They may also have a larger customer base, many of which may prefer to purchase from the same competitor rather than replace their existing infrastructure with our solutions.
Some of our larger competitors have substantially broader product offerings, or greater resources to acquire new offerings or repurpose existing offerings to provide identity solutions with subscription models. As a result, they can leverage their relationships based on other solutions, or incorporate functionality into existing solutions, to gain business in a manner that discourages users from purchasing our solutions, including selling at zero or negative margins, bundling products or maintaining closed technology platforms. In addition, larger competitors, as well as new start-up companies that innovate, make significant investments in research and development and may invent similar or superior solutions that compete with our solutions. These competitive pressures or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses, and loss of market share, which could harm our business, results of operations and financial condition.
We have a history of losses, and we may not be consistently profitable in the future.
While we achieved profitability in fiscal 2025, we have incurred net losses of $355 million and $815 million in fiscal 2024 and 2023, respectively. We will need to generate and sustain increased revenue levels in future periods in order to become consistently profitable, and even if we do, we may not be able to maintain or increase our level of profitability. We may incur losses in the future for a number of reasons, including the risks described in these risk factors, an increase in operating expense, and other unknown risks. Any failure by us to sustain profitability on a consistent basis could cause the value of our common stock to decline.
18
Our business depends on our ability to retain existing customers, and our revenues and results of operations could be adversely impacted if they do not renew their subscriptions or purchase additional licenses or subscriptions with us.
Our ability to increase and maintain revenue growth depends, in part, on our ability to retain and expand our commercial relationships with our existing customers. This requires that our existing customers continue to use our platforms, either by purchasing additional subscriptions or by renewing their subscriptions when existing contract terms expire. Our customers have no obligation to renew their subscriptions after the expiration of their subscription period. They may decide not to renew their subscriptions with a similar contract period, at the same prices and terms, or with the same or a greater number of users. In the past, some of our customers have elected not to renew their agreements with us, and it is difficult to accurately predict long-term customer retention and expansion rates. Customer retention and expansion has, in the past, and may, in the future, decline or fluctuate as a result of a number of factors, such as customers’ satisfaction with our solutions; our prices and pricing plans, including as compared to those of competing software solutions; unfavorable macroeconomic conditions; reductions in customer spending levels; negative sentiment stemming from cybersecurity incidents; customer utilization rates; new offerings; and changes to the packaging of our product offerings. If existing customers do not purchase additional subscriptions or renew their subscriptions, renew on less favorable terms or fail to add more users, our revenue may decline or grow less quickly than anticipated, which would harm our future results of operations.
If we are unable to grow our customer base, our revenue growth and profitability could be harmed.
We aim to increase our revenue and achieve and maintain profitability by growing our customer base, particularly through sales to larger organizations. As our market matures and product offerings evolve, we believe that competitors will introduce lower cost or differentiated solutions that compete, or are perceived to compete, with our solutions. If prospective customers view the cost or features of competitors’ solutions as preferable to ours, or do not perceive our solutions to be of sufficiently high value and quality, we could fail to attract the number and types of new customers we are seeking. Prospective customers’ decisions to purchase our solutions depends on a variety of other factors, including those specified under the risk factor titled “Our business depends on our ability to retain existing customers, and our revenues and results of operations could be adversely impacted if they do not renew their subscriptions or purchase additional licenses or subscriptions with us,” and described elsewhere in these risk factors. Any failure to attract new customers could impede our success in selling new subscriptions and adversely impact our business, financial condition and results of operations.
We may experience quarterly fluctuations in our results of operations due to a number of factors that make our future results difficult to predict and could cause our results of operations to fall below analyst or investor expectations.
Our results of operations fluctuate from quarter to quarter as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including, but not limited to:
•fluctuations in demand for, or pricing of, our platforms, including as a result of macroeconomic conditions or competition;
•our ability to retain and increase sales to existing customers, attract new customers or otherwise increase the use of our platforms;
•the timing and success of introductions of new solutions by us or our competitors, or any other change in the competitive landscape of our market;
•security breaches of, technical difficulties with, or interruptions to, the delivery and use of our solutions, and any negative market perception or customer reactions related to, or arising from the disclosure of, such breaches, difficulties or interruptions;
•seasonal buying patterns for IT spending;
•the mix of revenue attributable to larger transactions as opposed to smaller transactions, and the associated volatility and timing of our transactions;
•changes in remaining performance obligations (“RPO”) due to seasonality, the timing of and compounding effects of renewals, invoice duration, size and timing, new business linearity between quarters and within a quarter, average contract term or fluctuations due to foreign currency movements, all of which may impact implied growth rates;
19
•errors in our forecasting of the demand for our solutions, which could lead to lower revenue, increased costs or both;
•increases in and timing of sales and marketing and other operating expenses that we may incur to grow our brand, expand our operations and remain competitive;
•our ability to comply with applicable laws and requirements, including data privacy and cybersecurity regimes;
•costs related to the acquisition of businesses, talent, technologies or intellectual property, including potentially significant amortization costs and possible write-downs;
•credit or other difficulties confronting our third-party service providers, including channel partners;
•costs related to litigation, including adverse judgments, settlements and other disputes;
•the impact of new accounting pronouncements and associated system implementations;
•changes in the legislative or regulatory environment;
•fluctuations in foreign currency exchange rates;
•expenses related to real estate, including our office leases, and other fixed expenses; and
•general economic, market and industry conditions in domestic or international markets, including the inflation and interest rate environment, geopolitical uncertainty and instability.
Any one or more of the factors above may result in significant fluctuations in our results of operations. You should not rely on our past results as an indicator of our future performance.
The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or other metrics for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our Class A common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.
Our ability to introduce new solutions is dependent on adequate research and development resources and, in part, on our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively and our business and results of operations may be harmed.
To remain competitive, we must continue to develop new solutions, applications and enhancements to our existing portfolio. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop solutions internally, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not have, in some cases, been acquired by larger companies that allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and development programs of our competitors would give an advantage to such competitors and may harm our business, results of operations and financial condition.
Even if we maintain adequate research and development resources, we may be unable to monetize newly developed solutions or features such that we can recoup our research and development expenditures. For example, if we develop a new feature but our competitors give an equivalent feature away for free, we may need to also include our newly developed feature for free as part of an existing product offering to remain competitive in the marketplace. Such a loss of anticipated revenue to offset our research and development expenditures may harm our business, results of operations and financial condition.
Future acquisitions, investments, partnerships or alliances could be difficult to identify and integrate, divert the attention of management personnel, disrupt our business, dilute stockholder value and harm our results of operations and financial condition.
20
We have in the past acquired, and we may in the future seek to acquire or invest in, businesses, products, teams or technologies that we believe could complement or expand our current platforms, enhance our technical capabilities, or otherwise offer growth opportunities. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating and pursuing suitable acquisitions, whether or not they are consummated. If we acquire additional businesses, we may not be able to successfully integrate and retain the acquired personnel; integrate the acquired operations and technologies; adequately test and assimilate the internal control processes of the acquired business in accordance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley Act”); or effectively manage the combined business. We may also be required to assume liabilities or incur unforeseen costs, such as those arising from the acquired company’s failure to comply with legal or regulatory requirements and litigation matters.
Any acquisition or strategic transaction we do consummate could fail to produce the benefits we hope to achieve, which could disrupt our own business or those of our partners and customers, or result in future impairment charges. In particular, from time to time we invest in private growth stage companies for strategic reasons and to support key business initiatives. All of our venture investments are subject to a risk of partial or total loss of investment capital, and we may not realize a return on these investments.
In addition, we have limited experience in acquiring other businesses. We may not be able to identify desirable acquisition targets, or we may not be successful in entering into an agreement with any particular target. Acquisitions could also result in dilutive issuances of equity securities, use of our available cash or the incurrence of debt, or in adverse tax consequences or unfavorable accounting treatment. If an acquired business fails to meet our expectations, our business, results of operations and financial condition could suffer.
Because our long-term success depends, in part, on our ability to expand the sales of our solutions to customers located outside of the United States, our business will be susceptible to risks associated with international operations.
We currently have sales personnel outside the United States and maintain offices outside the United States in the Americas, Asia-Pacific and Europe, and our international revenue was 21% of our total revenue in fiscal 2024 and fiscal 2025. Any international expansion efforts that we may undertake may not be successful. We may face challenges, including those not generally faced in the United States, such as managing and staffing international operations, and becoming familiar with varying technology standards, local laws and business practices. Conducting international operations also subjects us to, among other risks described in these risk factors:
•political, economic and social uncertainties, including macroeconomic conditions;
•unexpected changes in, or costs and liabilities related to, compliance with foreign legal and regulatory requirements, such as data privacy and cybersecurity regimes; intellectual property rights protections; and requirements relating to the localization of our solutions;
•restrictive governmental actions focusing on cross-border trade, including taxes, trade laws, tariffs, import and export restrictions or quotas, barriers, sanctions, custom duties or other trade restrictions; and
•difficulties in managing systems integrators and technology partners.
Establishing operations in international markets also requires significant management attention and financial resources, and we cannot guarantee that these investments will produce desired levels of revenue or profitability. If we fail to expand our operations successfully and in a timely manner, our business and results of operations will suffer.
If we fail to adapt to rapid technological change, our ability to remain competitive could be impaired.
The industry in which we compete is characterized by rapid technological change, frequent introductions of new solutions and evolving industry standards. Our ability to attract new customers and increase revenue from existing customers will depend in significant part on our ability to anticipate industry standards and trends. We must continue to enhance existing solutions, or introduce or acquire new solutions on a timely basis to keep pace with technological developments. The success of any enhancement or new solution depends on several factors, including the timely completion and market acceptance of the enhancement or new solution. Any new solution we develop or acquire might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue. If any of our competitors implements new technologies before we are able to implement them, those competitors may be able to provide more effective
21
solutions than ours at lower prices. Any delay or failure in the introduction of new or enhanced solutions that gain market acceptance and meet customer requirements could harm our business, results of operations and financial condition.
Our financial results may fluctuate due to increasing variability in our sales cycles.
We plan our expenses based on certain assumptions about the length and variability of our sales cycle. These assumptions are based upon historical trends for sales cycles and conversion rates associated with our existing customers. We are increasingly focused on sales to larger organizations, which often involve lengthy purchasing approval processes and less predictable sales cycles. The length of sales cycles may be further impacted by the current macroeconomic environment and by the discretionary nature of customer spending. Customers may also take prolonged evaluation periods of our platforms, or their features or functionality, and those of our competitors. As a result, it is difficult to predict exactly when, or even if, we will make a sale. If we are unable to close one or more of expected significant transactions in a particular period, or if such an expected transaction is delayed until a subsequent period, our results of operations for that period, and for any future periods in which revenue from such transaction would otherwise have been recognized, may be harmed.
Our growth depends, in part, on the success of our strategic relationships with third parties.
To grow our business, we expect to continue to depend on relationships with third parties, such as channel partners. Identifying partners, negotiating and maintaining relationships with them requires significant time and resources.
Our ability to compete in the marketplace depends, in part, on whether third parties successfully market, resell, implement or support our solutions for their customers. For example, some of our channel partners sell or provide integration and administration services for our competitors’ solutions. They may choose to devote greater resources to our competitors that are more effective in incentivizing them to favor their solutions over ours. In addition, acquisitions of such partners by our competitors could result in a decrease in the number of our current and potential customers, as these partners may no longer facilitate the adoption of our applications by potential customers. Some of our partners compete with certain of our solutions and may elect to no longer integrate with our platforms or sell our solutions.
Our growth also depends on our ability to incentivize third-party developers to adopt and build their applications using our APIs and solutions. We believe that these applications facilitate greater usage and customization of our solutions. If these third-party developers stop developing on or supporting our platforms, we will lose the benefit of network effects that have contributed to the growth in our number of customers.
If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to grow our revenue could be impaired, and our results of operations may suffer. Even if we are successful, we cannot ensure that these relationships will result in increased customer usage of our applications or increased revenue.
Various factors may cause implementation of our solutions to be delayed, inefficient or otherwise unsuccessful.
Our business depends upon the successful implementation of our solutions by our customers. Increasingly, we, as well as our customers, rely on our network of partners to deliver implementation services, and there may not be enough qualified implementation partners available to meet customer demand. Various other factors may cause implementations to be delayed, inefficient or otherwise unsuccessful, including significant costs to purchase, implement and enable our solutions; changes in our customers’ functional requirements; timeline delays; or deviation from recommended best practices. These and other circumstances may delay our ability to sell additional solutions or result in customers canceling or failing to renew their subscriptions before our solutions have been fully implemented. Unsuccessful, lengthy, or costly customer implementation and integration projects could result in claims from customers, harm to our reputation, and opportunities for competitors to displace our solutions, each of which could have an adverse effect on our business and results of operations.
A portion of our revenues are generated by sales to public sector entities, which are subject to a number of challenges and risks.
We rely on partners to resell our services to public sector entities, and we have made, and plan to continue to make, investments to support future sales opportunities in the public sector. The sale of our services to public sector entities is tied to budget cycles, and there are government requirements and authorizations that we may be required
22
to meet. Further, we may be subject to audits and investigations regarding our role as a subcontractor in government contracts, and violations could result in penalties and sanctions, including contract termination, refunding or forfeiting payments, fines, and suspension or debarment from future government business. Selling to these entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense. Public sector entities often require contract terms that differ from our standard arrangements and impose additional compliance requirements, require increased attention to pricing practices, or are otherwise time consuming and expensive to satisfy. For example, some of our public sector customers contract with us on the basis of our authorization under FedRAMP, which requires us to undertake additional actions and expenses to ensure compliance. Public sector entities may also have statutory, contractual, or other legal rights to terminate contracts with our partners for convenience, for lack of funding or due to a default, and any such termination may adversely impact our future results of operations. If we represent that we meet certain standards, authorizations (such as FedRAMP) or requirements and do not meet them, or if such authorizations are suspended or revoked, we could be subject to increased liability from our customers, investigation by regulators, or termination rights. Even if we do meet them, the additional costs associated with providing our service to public sector entities could harm our margins. Moreover, changes in underlying regulatory requirements could be an impediment to our ability to efficiently provide our service to government customers and to grow or maintain our customer base. Any of these risks related to contracting with, or as a subcontractor supporting, public sector entities could adversely impact our future sales and results of operations, or make them more difficult to predict.
If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may suffer.
We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future solutions, and is an important element in attracting new customers and retaining existing customers. Furthermore, we believe that the importance of brand recognition is likely to increase as competition in our market increases. Successful promotion of our brand will depend largely on the effectiveness of our marketing and sales efforts, and on our ability to provide reliable and useful solutions at competitive prices and that align with our customers’ needs. In the past, our efforts to build our brand have involved significant expenses and have not always attracted a sufficient number of new customers to be cost-effective.
As of fiscal 2026, we are further specializing our sales force to better align with our customers and evolving market demands, which will require us to invest significant financial and other resources. We may not achieve anticipated revenue growth if we are unable to hire and develop talented sales personnel, if our new sales personnel are unable to achieve desired productivity levels in a reasonable period of time or if we are unable to retain our existing sales personnel. If our marketing and sales efforts are unsuccessful and we fail to enhance our brand we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, results of operations and financial condition could suffer.
We may not set optimal prices for our solutions.
In the past, we have at times adjusted our prices either for individual customers in connection with long-term agreements or for a particular solution. We expect that we may need to change our pricing in future periods and potentially in response to the inflation and interest rate environment and increased costs. Further, as competitors introduce new solutions that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively internationally. In addition, if our mix of solutions sold changes, then we may need to, or choose to, revise our pricing. As a result, we may be required or choose to reduce our prices or change our pricing model, which could harm our business, results of operations and financial condition.
If we are not able to consistently generate cash flows or raise additional capital necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.
We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise additional equity or convertible debt financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and
23
cannot raise it on acceptable terms, or at all, we may not be able to effectively grow our business or respond to competitive pressures, which could harm our business, results of operations and financial condition.
We may be subject to liability claims if we breach our contracts and our insurance may be inadequate to cover our losses.
We are subject to numerous obligations in our contracts with our customers and partners. Despite the procedures, systems and internal controls we have implemented to comply with our contracts, we may breach these commitments, whether through a weakness in these procedures, systems and internal controls, negligence or the willful act of an employee or contractor. Our insurance policies, including our errors and omissions insurance, may be inadequate to compensate us for the potentially significant losses that may result from claims arising from breaches of our contracts, disruptions in our service, including those caused by cybersecurity incidents, failures or disruptions to our infrastructure, catastrophic events and disasters or otherwise. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management’s attention.
Evolving and complex scrutiny of sustainability matters may require us to incur additional costs or otherwise adversely impact our business.
Increased attention to environmental sustainability and social issues, as well as societal expectations regarding voluntary sustainability initiatives and disclosures, may result in increased costs (including but not limited to, increased costs related to compliance, stakeholder engagement and contracting), impact our reputation, or otherwise affect our business performance. We have undertaken certain sustainability-related initiatives, goals and commitments, which we have communicated on our website, in our SEC filings and elsewhere. We may undertake additional actions, including establishing certain sustainability goals or targets, to improve our sustainability profile and/or respond to demand from investors, regulators, customers and other stakeholders, both U.S.-based and internationally. However, such actions may be costly or subject to numerous conditions that are outside our control, and we cannot guarantee that such actions will have the desired effect. Our actual or perceived failure to achieve such goals or targets could negatively impact our reputation and impact our ability to compete as effectively to recruit or retain employees.
Risks Related to Intellectual Property, Infrastructure Technology, Data Privacy and Security
Interruptions or performance problems that impact the functionality of our technology, systems, or infrastructure could result in delays in the deployment of our platforms.
Our continued growth depends, in part, on the ability of our existing and potential customers to access our platforms 24 hours a day, seven days a week, without interruption or degradation of performance. System interruption and a lack of integration and redundancy in our information systems and infrastructure may adversely affect our ability to operate websites, process and fulfill transactions, respond to customer inquiries, and generally maintain cost-efficient operations. We have experienced in the past, and may experience in the future, disruptions, data loss or corruption, outages, and other performance problems with our infrastructure or service due to a variety of factors. These factors include, for example, infrastructure and functionality changes, human or software errors, capacity constraints, ransomware attacks that encrypt our data and render it inaccessible, or security-related incidents. In some instances, we may not be able to identify the cause or causes of these performance problems immediately, and it could take months, or even years, for such problems to become pronounced enough for us to detect or for our customers to detect and inform us. We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our solutions become more complex and our user traffic increases. If our platforms are unavailable or if our customers are unable to access our solutions or deploy them within a reasonable amount of time, or at all, our business would be harmed. Since our customers rely on our service to access and complete their work, any outage on our platforms would impair the ability of our customers to perform their work, which would negatively impact our brand, reputation and customer satisfaction.
Our platforms are accessed by a large number of customers, often at the same time, and we continue to expand the number of our customers and solutions available to our customers. While we rely on third-party information technology systems, broadband and other communications systems and service providers to assist in providing access to our platforms, maintaining our infrastructure, and distributing our solutions via the internet, we may not be able to scale our technology to accommodate increased capacity requirements, which may result in
24
interruptions or delays in service. If a service provider fails to provide sufficient capacity to support our platforms or otherwise experiences service outages, including intentionally blocking our internet traffic or all internet traffic, for example at the request of a national government intending to isolate its country’s network, such failure could interrupt our customers’ access to our service, which could adversely affect their perception of our platforms’ reliability and our revenues. Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our solutions. In the future, these services may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of these services could result in decreased functionality of our solutions until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls. We may also be unable to effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology.
Any of the above circumstances or events may harm our reputation, cause customers to terminate their agreements with us, impair our ability to obtain subscription renewals from existing customers, impair our ability to grow our customer base, result in the expenditure of significant financial, technical and engineering resources, subject us to financial penalties and liabilities under our service level agreements, and otherwise harm our business, results of operations and financial condition.
In the past, we have experienced cybersecurity incidents that allowed unauthorized access to our systems or data or our customers’ data, harmed our reputation, created additional liability, and adversely impacted our financial results. We and our third-party service providers may experience similar incidents in the future which may also include disabling access to our service.
Increasingly, companies, including Okta, Inc., are subject to a wide variety of attacks on their systems and networks on an ongoing basis. In addition to threats from traditional computer “hackers,” malicious code (such as malware, viruses, worms and ransomware), employee or contractor theft or misuse, password spraying, phishing and denial-of-service attacks, we and our third-party service providers now also face threats from sophisticated nation-state actors and organized crime groups who engage in attacks (including advanced persistent threat intrusions) that add to the risks to our systems (including those hosted on AWS’ or other cloud services providers’ systems), internal networks, our customers’ systems and the information that we and they store and process. For example, like other companies, we have experienced an increase in cybersecurity attacks and have had to expend increasing amounts of human and financial capital to respond. We expect that these cybersecurity attacks will continue and that the scope and sophistication of these efforts will increase in future periods. Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks. As a provider of independent and neutral cloud-based identity solutions that form a part of our customers’ security software supply chain, we pose an attractive target for such attacks. The security measures we have integrated into our internal systems and platforms, which are designed to detect unauthorized activity and prevent or minimize security breaches, may not function as expected and have not in the past been, and may not in the future be, sufficient to protect our internal networks and platforms against certain attacks. In addition, techniques used to sabotage or to obtain unauthorized access to networks in which data is stored or through which data is transmitted change frequently, become more complex over time. As a result, we and our third-party service providers have in the past been, and may in the future be, unable to anticipate these techniques or implement adequate preventative measures quickly enough to prevent either an electronic intrusion into our systems or services or a compromise of customer data, employee data or other protected information.
Our customers’ use of our technology to access business systems and store data concerning, among others, their employees, contractors, partners and customers is essential to their use of our platforms, which stores, transmits and processes customers’ proprietary information and users’ personal data experienced and likely will in the future experience attacks targeting such customer data. When such breaches occur, as a result of third-party action, technology limitations, employee or contractor error, malfeasance or otherwise, and if the confidentiality, integrity or availability of our customers’ data or systems is disrupted, we could incur significant liability to our customers and to individuals or businesses whose information was being stored by our customers, and our platforms may be perceived as less desirable, which could negatively affect our business and damage our reputation. Techniques used to obtain unauthorized access to, or to sabotage, systems change frequently and generally are not recognized until launched against a target. As a result, we, our third-party service providers and our customers have not in the past been, and may not in the future be, able to anticipate these techniques or to implement adequate preventive measures. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot ensure the integrity or security of measures they take to protect customer information and prevent data loss.
25
In addition, security breaches impacting our platforms have in certain cases resulted in and could in the future result in a risk of loss or unauthorized disclosure or theft of this information, or the denial of access to this information, which, in turn, could lead to enforcement actions, litigation, regulatory or governmental audits, investigations and possible liability, and increased requests by individuals regarding their personal data. Security breaches could also damage our relationships with and ability to attract customers and partners, and trigger service availability, indemnification and other contractual obligations. For example, our customers have in the past published public criticisms of our security practices in connection with security incidents, and these postings harm our reputation and brand. Security incidents may also cause us to incur significant investigation, mitigation, remediation, notification and other expenses. Furthermore, as a well-known provider of identity and security solutions that form a part of our customers’ security software supply chain, any such breach, including a breach of our customers’ systems, could compromise systems secured by our solutions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ systems, and the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, which could subject us to liability and cause us financial harm. Our disclosures concerning security incidents also may become the subject of litigation, and our disclosures concerning the January 2022 compromise, for example, have become the subject of lawsuits, as discussed in Item 3, “Legal Proceedings” below. While we have taken a number of remediation steps, there is no guarantee that our preventative and mitigation actions with respect to this incident and others like it will fully eliminate the risk of a malicious compromise of our or our customers’ systems.
We have experienced cybersecurity incidents resulting from our use of and oversight over third-party service providers and could experience such incidents in the future. These incidents have, in the past, and may, in the future, result from our configuration of such providers’ products or from cybersecurity attacks on such providers of the same type that could affect our own systems. While we have implemented security measures and configuration policies that seek to protect data stored with our third-party service providers, such measures and policies have not in the past been, and may not in the future be, sufficient to protect our data or our customers’ data. For example, the January 2022 compromise of one of our third-party service providers by a threat actor, even though not material and not a breach of our platforms, nonetheless was widely publicized and focused attention on the security of our systems and the systems of our third-party service providers. In addition, in October 2023, a threat actor gained unauthorized access to and stole information from inside our customer support system, which was hosted by a third-party service provider.
While we maintain cybersecurity insurance, our insurance may be insufficient to cover all liabilities incurred in these incidents, and any incidents may result in loss of, or increased costs of, our cybersecurity insurance. These breaches, or any perceived breach, of our systems, our customers’ systems, our service providers’ systems, or other systems or networks secured by our platforms, whether or not any such breach is due to a vulnerability in our platforms, may also undermine confidence in our platforms or our industry and result in damage to our reputation and brand, negative publicity, loss of ISVs and other channel partners, customers and sales, increased costs to remedy any problem, costly litigation and other liability. In addition, a breach of the security measures of one of our key ISVs or other channel partners or a security software supply chain attack even many levels removed could result in the exfiltration of confidential corporate information or other data that may provide additional avenues of attack. For example, an exploitation in an open source library that is imported and used in another framework that is used by a software product used by Okta, Inc. could introduce an avenue of attack into our platforms. If a high profile security breach occurs with respect to a comparable cloud technology provider, our customers and potential customers may lose trust in the security of the cloud business model generally, which could adversely impact our ability to retain existing customers or attract new ones, potentially causing a negative impact on our business. Any of these negative outcomes could adversely impact market acceptance of our solutions and could harm our business, results of operations and financial condition.
Third parties have induced and may continue to fraudulently induce employees, contractors, customers or our customers’ users into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our applications, internal networks, electronic systems and/or physical facilities in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platforms, interruptions or malfunctions in our operations, account lockouts, and, ultimately, harm to our future business prospects and revenue. We may be required to expend significant capital and financial resources to protect against such threats or to alleviate problems caused by breaches in security.
We and our third-party service providers have, in the past, failed or been perceived to have failed to fully comply with the privacy or security provisions of our privacy policy, our contracts and/or legal or
26
regulatory requirements, which could result in proceedings, actions or penalties against us. We may experience similar incidents in the future.
Our customers’ storage and use of data concerning, among others, their employees, contractors, partners and customers is essential to their use of our platforms. We have implemented various features intended to enable our customers to better comply with applicable privacy and security requirements in their collection and use of data within our online service, but these features have, in the past, not ensured and may, in the future, not ensure our customers’ compliance and may not be effective against all potential privacy or related regulatory concerns.
Many jurisdictions have enacted or are considering enacting or revising privacy and/or data security legislation, including laws and regulations applying to the collection, use, storage, transfer, disclosure and/or processing of personal data. The costs of compliance with, and other burdens imposed by, such laws and regulations that are applicable to the operations of our customers may limit the use and adoption of our service and reduce overall demand for it. These privacy and data security related laws and regulations are evolving and may result in increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. In addition, we are subject to certain contractual obligations regarding the collection, use, storage, transfer, disclosure and/or processing of personal data. Although we are working to comply with those federal, state and foreign laws and regulations, industry standards, contractual obligations and other legal obligations that apply to us, those laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another, other requirements or legal obligations, our practices or the features of our platforms.
We also expect that there will continue to be new proposed laws, regulations, self-regulatory and industry standards concerning privacy, data protection, digital services, and information security in the United States, China, the European Union, India and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. In the United States, the Federal Trade Commission and state regulators enforce a variety of data privacy issues, such as promises made in privacy policies or failures to appropriately protect information about individuals, as unfair or deceptive acts or practices in or affecting commerce in violation of the Federal Trade Commission Act or similar state laws. On the U.S. state level, over a dozen states have adopted new or modified privacy and security laws. These laws create a patchwork of legislation and regulation that impose heightened transparency obligations about data collection, use, and sharing practices, add restrictions on the “sale” or “sharing” or transfer of personal information to third parties for purposes such as advertising or analytics, create new data privacy rights for consumers including the ability to limit the use of personal information for advertising, and carry significant enforcement penalties for non-compliance, including monetary and injunctive relief. This patchwork may also give rise to conflicts or differing views of personal privacy rights. For example, certain state laws may be more stringent or broader in scope, or offer greater individual rights, with respect to personal data than federal, international or other state laws, and such laws may differ from each other, all of which may complicate compliance efforts. We may expend significant resources attempting to comply with conflicting and overlapping state privacy regulations, and the cost and complexity of complying with such regulations could adversely affect our business or increase our potential liability if we fail to comply. This influx of state privacy regimes indicates a trend toward more stringent privacy legislation in the United States, including a potential federal privacy law, which could also increase our potential liability and adversely affect our business. In Europe, the General Data Protection Regulation 2016/679 (the “GDPR”) imposes a strict data protection compliance regime in relation to the collection and processing of personal data, and various European and other foreign laws also restrict the use of cookies, tracking technologies, and certain marketing activities.
Future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our applications, restrict our business operations, or increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. Such laws and regulations may require companies to implement privacy and security policies, permit users to exercise various data rights, inform individuals of security breaches that affect their personal data, and, in some cases, obtain individuals’ consent to use personal data for certain purposes. If we, or the third parties on which we rely, fail to comply with federal, state and international data privacy laws and regulations our ability to successfully operate our business and pursue our business goals could be harmed. Additionally, plaintiffs have become increasingly more active in bringing privacy-related claims against companies. Some of these claims allow for the recovery of statutory damages on a per violation basis, and, if viable, carry the potential for significant statutory damages, depending on the volume of data and the number of violations.
27
With respect to cybersecurity in the United States, the development of rules and guidance pursuant to various executive orders may apply to us, including, for example, pursuant to Executive Order 14028 for “critical software.” While the rules and guidance coming from the Order are still being developed, we are likely to be categorized as a provider of critical software, which may increase our compliance costs and delay or prevent our ability to execute contracts with customers, including in particular with government entities.
Any failure or perceived failure by us or our third-party service providers to comply with federal, state or foreign laws or regulations, industry standards, contractual obligations or other legal obligations, compliance frameworks with which Okta, Inc. has contractually committed to comply, or any actual or suspected privacy or security incident, even if unfounded, whether or not resulting in unauthorized access to, or acquisition, release or transfer of personal data or other data, may result in investigations and enforcement actions and prosecutions, private litigation (including class action lawsuits), fines, penalties and censure, claims for damages by customers and other affected individuals, or adverse publicity and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.
We publicly post our privacy policies and practices concerning our processing, use and disclosure of the personal data provided to us by our website visitors and by our customers, and other individuals with whom we interact. Our publication of our privacy policies and other statements we publish that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be unfair, deceptive, or misrepresentative of our practices.
If our platforms are perceived to cause, or are otherwise unfavorably associated with, violations of privacy or data security requirements, it may subject us or our customers to public criticism and potential legal liability. Existing and potential privacy laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, solutions and services such as ours. Public concerns regarding personal data processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platforms. This, in turn, may reduce the value of our service, and slow or eliminate the growth of our business, or cause our business to contract.
Privacy is a key issue for Okta, Inc. and for our customers. We have attained multiple privacy certifications, such as the Privacy Recognition for Processors, and the European Union Cloud Code of Conduct, Level 2. If we fail to maintain our privacy certifications, or if we fail to seek expansion of their applicability to acquired and/or newly-developed solutions, we may fail to meet our contractual commitments and we may fail to retain our existing customers or attract new customers, and our business, results of operations and financial condition could suffer.
We may face particular privacy, data security and data protection risks due to stringent data protection and privacy laws and increased scrutiny over data transfers.
We are subject to global data protection laws and regulations (“Data Protection Laws”) that may impact how we do business with customers. Data Protection Laws, such as those applicable in the European Union, Canada and certain of its provinces, United Kingdom, Asia, and certain states in the United States, have enhanced data protection obligations for companies that handle personal data. Obligations include, for example, expanded disclosures about how personal data is to be used, individual rights in relation to personal data, limitations on retention of personal data, mandatory data breach notification requirements and strict obligations on service providers, and restrictions on online marketing and the use of cookies and tracking technologies.
In addition, increasing numbers of Data Protection Laws restrict transfers of personal data outside of their country of origin to countries deemed to lack adequate privacy protections. These types of transfers must be supported by a transfer mechanism that we may be required to implement, and in many jurisdictions there is significant legal uncertainty around the validity and sufficiency of data transfer mechanisms, and evolving legal and regulatory expectations could impose additional obligations or require expenditure of additional resources to comply with the Data Protection Laws.
Data Protection Laws are rapidly expanding and evolving, and many have extraterritorial effect, which may increase our compliance costs and expose us to greater enforcement risk. In addition, we may be or become subject to data localization laws, which require personal data, or certain subcategories of personal data, to be stored in the jurisdiction of origin. These regulations may deter customers from using cloud-based services such as ours and may inhibit our ability to expand into those markets or prohibit us from continuing to offer services in those markets without significant additional costs.
28
This regulatory environment applicable to the handling of personal data, and our actions taken in response, may cause us to assume additional liabilities or incur additional costs and could result in our business, results of operations and financial condition being harmed. We and our customers may face a risk of enforcement actions by an increasing number of global data protection authorities in countries where data protection laws apply to us and with which we may not be able to comply. Any such enforcement actions could result in substantial costs and diversion of resources, distract management and technical personnel and negatively affect our business, results of operations and financial condition.
Non-compliance with these obligations can trigger significant fines and other penalties. Regulatory bodies can also issue orders to cease or change data processing, enforcement notices and/or assessment notices (for a compulsory audit), and civil claims (including class actions) for compensation or damages. In addition to fines, some U.S. states allow a private right of action. Given the breadth and depth of changes in data protection obligations, complying with these requirements has caused us to expend significant resources, which is likely to continue into the near future as we respond to new interpretations and enforcement actions.
In addition, new laws are continually being passed and new case law and regulatory guidance means Data Protection Laws are constantly evolving. For example, India recently passed a comprehensive data protection law that will apply new privacy rules for the first time in that country. In addition, the number of U.S. states with comprehensive Data Protection Laws significantly increased in 2024. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions. We could incur substantial expense in complying with any new obligations, be required to make significant changes to our business operations or to the development of new or existing solutions, and we may not be able to comply with some of these regulatory developments, all of which may adversely affect our revenues and our business overall.
If we fail to maintain our security attestations and certifications, our business, results of operations and financial condition may suffer.
Security is essential for us and for our customers. A number of our Okta Platform product offerings have attained multiple certifications, including SOC 2 Type II Attestations, CSA Star Level 2 Certification, ISO/IEC 27001:2022, ISO/IEC 27017:2015, ISO/IEC 27018:2019 and comply with many other international frameworks. Certain Okta Platform offerings maintain multiple agency FedRAMP Authorities to Operate and are compliant to operate at Department of Defense Impact Level 4. Certain Okta Platform offerings maintain minimum security requirements in alignment with the Security Rule of HIPAA. The Okta Platform also supports FIPS 140-2 encryption requirements. If we fail to maintain our security attestations and certifications, or if we fail to seek expansion of their applicability to acquired and/or newly-developed products, we may fail to meet our contractual commitments and we may fail to retain our existing customers or attract new customers, and our business, results of operations and financial condition could suffer.
We provide service level commitments under our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service, which could harm our business, results of operations and financial condition.
Our customer agreements contain service level commitments, under which we guarantee specified availability of our platforms. Any failure of or disruption to our infrastructure could make our platforms unavailable to our customers. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our platforms, we have been, and could in the future be, contractually obligated to provide affected customers with service credits for future subscriptions. Our revenue, other results of operations and financial condition could be harmed if we suffer unscheduled downtime that exceeds the service level commitments under our agreements with our customers, and any extended service outages could adversely affect our business and reputation as customers may elect not to renew and we could lose future sales.
If we are unable to ensure that our solutions integrate or interoperate with a variety of operating systems, platforms, services, software applications devices, mobile phones and other hardware form factors that are developed by others, our platforms may become less competitive and our results of operations may be harmed.
The number of people who access the internet through mobile devices and access cloud-based software applications through mobile devices, including smartphones and handheld tablets or laptop computers, has increased significantly in the past several years and is expected to continue to increase. While we have created mobile applications and mobile versions of our solutions that are accessible on third-party application stores, if
29
these mobile applications and solutions do not perform well, our business may suffer. Third-party application stores may also impose new requirements, including, for example, updates to their terms of access or policies on how we or our channel partners must collect, use, and share data. Compliance with any such requirements could be costly or burdensome, and could prevent us from timely updating our current mobile applications or distributing new mobile applications. If we fail to comply with these requirements, we could lose access to, or be required to remove our mobile applications from, third-party application stores.
In addition, our solutions interoperate with servers, mobile devices and software applications predominantly through the use of protocols, many of which are created and maintained by third parties. As a result, we depend on the interoperability of our solutions with such third-party services, mobile devices and mobile operating systems, as well as cloud-enabled hardware, software, networking, browsers, database technologies and protocols that we do not control. Past and future changes in such technologies that degrade the functionality of our solutions or give preferential treatment to competitive services have, in the past, and could, in the future, adversely affect adoption and usage of our platforms. Any change in our customers’ preference for cloud-based identity management or any shift towards on-premises systems could also adversely affect adoption and usage of our platforms. Also, we may not be successful in developing or maintaining relationships with key participants in the mobile industry or in developing solutions that operate effectively with a range of operating systems, networks, devices, browsers, protocols and standards. In addition, we may face different fraud, security and regulatory risks from transactions sent from mobile devices than we do from personal computers. If we are unable to effectively anticipate and manage these risks, or if it is difficult for our customers to access and use our platforms, our business, results of operations and financial condition may be harmed.
Our success also depends on the willingness of third-party developers and technology providers to build applications and provide integrations that are complementary to our service. Without the development of these applications and integrations, both current and potential customers may not find our service sufficiently attractive, and our business, results of operations and financial condition could suffer.
Interruptions or delays in the services provided by third-party data centers or internet service providers have, in the past, and could, in the future, impair the delivery of our platforms and our business could suffer.
We rely on a number of third-party service providers to operate our services. For example, we host our platforms using AWS data centers and other third-party cloud infrastructure services. Our operations depend on protecting the virtual cloud infrastructure hosted in AWS or other cloud services by maintaining its configuration, architecture and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Service interruptions from such infrastructure providers have caused, and could in the future cause, outages on our platforms. Our solutions use resources operated by us in these locations. Although we have disaster recovery plans that use multiple virtual data center locations, any incident affecting their infrastructure, including events beyond our control, could negatively affect our platforms, harm our reputation, and expose us to liability. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the third-party services we use.
We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our solutions.
We rely on technologies from third parties to operate critical functions of our business, including cloud infrastructure services and customer relationship management services. Our business would be disrupted if any of the third-party software or services we use, or functional equivalents, were unavailable due to defects in the software or services from those third parties, or because they are no longer available on commercially reasonable terms or prices. In each case, we would be required to either seek licenses to software or services from other parties and redesign our solutions to function with such software or services or develop substitutes ourselves, which would result in increased costs and could result in delays in launches or releases of new solutions until equivalent technology can be identified, licensed or developed, and integrated into our solutions. Furthermore, we might be forced to limit the features available in our current or future solutions. These delays and feature limitations, if they occur, could harm our business, results of operations and financial condition.
Real or perceived errors, failures, vulnerabilities or bugs in our solutions, including deployment complexity, have, in the past and could, in the future, harm our business and results of operations.
Errors, failures, vulnerabilities or bugs have, in the past and may, in the future, occur in our solutions, especially when updates are deployed or new solutions are rolled out, maintenance patches are applied, or
30
infrastructure, architectural or configuration changes are made. In the past, such issues have caused outages for our customers. Our platforms are often used in connection with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of our solutions, or other aspects of the computing environment into which our solutions are deployed. In addition, deployment of our solutions into complicated, large-scale computing environments may expose errors, failures, vulnerabilities or bugs in our solutions. Any such errors, failures, vulnerabilities or bugs may not be found until after they are deployed to our customers.
We are committed to increasing our transparency with our customers and the public about our solutions and technology. This transparency, which may be more than is expected of companies in our industry, could lead to us publicly disclosing information that we would not otherwise be legally required to disclose, such as errors, failures, vulnerabilities or bugs in our solutions and technology. As a result, we could experience negative publicity that could harm our business. Any real or perceived errors, failures, vulnerabilities or bugs in our solutions, or delays in or difficulties implementing our solutions, could also result in: loss, compromise, corruption or other unavailability of customer data; disruptions to our solutions or our customers’ products, systems, networks, and operations; loss of business and new customers; loss of or delay in market acceptance of our solutions; a decrease in customer satisfaction or adoption rates; loss of competitive position; or claims by customers for losses sustained by them, all of which could harm our business, results of operations, and financial condition.
Issues in the development and use of artificial intelligence (“AI”), combined with an uncertain regulatory environment, may result in reputational harm, liability, or other adverse consequences to our business operations.
We use internally developed and third-party developed machine learning and AI technologies in our offerings and business, and we are making investments in expanding our AI capabilities in our portfolio, including ongoing deployment and improvement of existing machine learning and AI technologies, as well as developing new product features using AI technologies, including, for example, generative AI. AI technologies are complex and rapidly evolving, and we face significant competition from other companies as well as an evolving regulatory landscape. For example, in the European Union, the Artificial Intelligence Act establishes obligations on the use of AI based on the type of AI and its potential risks to society. Additionally, in the United States, federal and state legislatures and agencies are introducing legal frameworks and rules governing AI. The introduction of AI technologies into new or existing solutions may result in new or enhanced governmental or regulatory scrutiny, litigation, confidentiality or security risks, ethical concerns, or other complications that could adversely affect our business, reputation, or financial results. For example, even if permitted by our privacy policy and contractual rights, our use of data in novel AI applications may, in time, expand beyond customer expectations. The intellectual property ownership and license rights, including copyright, surrounding AI technologies has not been fully addressed by courts or national or local laws or regulations, and the use or adoption of third-party AI technologies into our solutions may result in exposure to claims of copyright infringement or other intellectual property misappropriation. Uncertainty around new and emerging AI technologies, such as generative AI, may require additional investment in the development and maintenance of proprietary datasets and machine learning models, development of new approaches and processes to provide attribution or remuneration to creators of training data, and development of appropriate protections and safeguards for handling the use of customer data with AI technologies, which may be costly and could impact our expenses as we continue to expand generative AI into our product offerings. AI technologies, including generative AI, may create content that appears correct but is factually inaccurate or flawed. Our customers or others may rely on or use this flawed content to their detriment, which may expose us to brand or reputational harm, competitive harm, and/or legal liability. The use of AI technologies presents emerging ethical and social issues, and if we enable or offer solutions that draw scrutiny or controversy due to their perceived or actual impact on customers or on society as a whole, we may experience brand or reputational harm, competitive harm, and/or legal liability.
If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.
Our success is dependent, in part, upon protecting our proprietary information and technology. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws and contractual restrictions to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our solutions and use information that we regard as proprietary to create solutions that compete with ours. Some contract provisions protecting against unauthorized use, copying, transfer and disclosure of our solutions may be unenforceable under the laws of certain jurisdictions and foreign countries. Further, the laws of
31
some countries do not protect proprietary rights to the same extent as the laws of the United States, and mechanisms for enforcement of intellectual property rights in some foreign countries may be inadequate. To the extent we expand our international activities, our exposure to unauthorized copying and use of our solutions and proprietary information may increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our technology and intellectual property.
We rely in part on trade secrets, proprietary know-how and other confidential information to maintain our competitive position. Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our solutions and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our solutions.
To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our solutions, impair the functionality of our solutions, delay introductions of new solutions, result in our substituting inferior or more costly technologies into our solutions, or injure our reputation. In addition, we may be required to license additional technology from third parties to develop and market new solutions, and we cannot ensure that we can license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.
We have in the past, and may in the future be subject to infringement claims, which could result in significant damage awards that could harm our results of operations.
There is considerable patent and other intellectual property development activity in our industry, and we expect that software companies will increasingly be subject to infringement claims as the number of solutions and competitors grows, and the functionality of solutions in different industry segments overlaps. In addition, the patent portfolios of many of our competitors are larger than ours, and this disparity may increase the risk that our competitors may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. Other companies have claimed in the past, and may claim in the future, that we infringe upon their intellectual property rights. A claim may also be made relating to technology that we acquire or license from third parties. Further, we may be unaware of the intellectual property rights of others that may cover some or all of our technology.
Any claim of infringement, regardless of its merit or our defenses, could subject us to a number of risks described elsewhere in these risk factors, including those discussed under the title, “If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.”
We use open source software in our platforms, which could negatively affect our ability to offer our solutions and subject us to litigation or other actions.
We use open source software in our solutions and expect to use more open source software in the future. From time to time, there have been claims challenging the ownership of open source software against companies that incorporate open source software into their products. However, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our solutions. In addition, if we were to combine our proprietary software with open source software in a certain manner, we could, under certain of the open source licenses, be required to release the source code of our proprietary software to the public, which could open security risks as well as risks to exposing some of our trade secrets. This would allow our competitors to create similar solutions with less development effort and time. If we inappropriately use open source software, or if the license
32
terms for open source software that we use change, we may be required to re-engineer our solutions, incur additional costs, discontinue the sale of some or all of our solutions or take other remedial actions. Some open source software may include generative AI software or other software that incorporates or relies on generative AI or other AI technologies. The use of such software may expose us to risks as the intellectual property ownership and license rights, including copyright, of generative AI software and tools, has not been fully interpreted by U.S. courts or been fully addressed by federal or state regulation.
In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software. In addition, many of the risks associated with usage of open source software, such as security issues, potential loss of trade secret protection, and the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that all of our use of open source software is in a manner that is consistent with our current policies and procedures, or will not subject us to liability.
Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.
Our agreements with customers and other third parties include provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from the use of our platforms or other acts or omissions. From time to time, customers also require us to indemnify or otherwise be liable to them for breach of confidentiality, violation of applicable law, or failure to implement adequate security measures with respect to their data stored, transmitted, or accessed using our platforms. The term of these contractual provisions often survives termination or expiration of the applicable agreement. Although we normally contractually limit our liability with respect to such obligations, the existence of such a dispute may have adverse effects on our customer relationship and reputation and we may still incur substantial liability or large indemnity payments. This could significantly increase our operating expenses, require us to restrict our business activities, and limit our ability to deliver certain solutions, all of which could require significant time, effort and expense, harm our reputation and customer relationships, and negatively affect our business.
Risks Related to Legal, Accounting and Tax Matters
Because we generally recognize revenue from our subscriptions and support services over the term of the relevant service period, a decrease in sales during a reporting period may not be immediately reflected in our results of operations for that period.
We generally recognize revenue from subscriptions and related support services revenue ratably over the relevant service period. Net new revenue from new subscriptions, upsells and renewals entered into during a period can generally be expected to generate revenue for the duration of the service period. As a result, most of the revenue we report in each period is derived from the recognition of deferred revenue relating to subscriptions and support services contracts entered into during previous periods. Consequently, a decrease in new or renewed subscriptions in any single reporting period will have a limited impact on our revenue for that period, but will negatively affect our revenue in future periods. In addition, our ability to adjust our cost structure in the event of a decrease in new or renewed subscriptions may be limited.
Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from customers is generally recognized over the applicable service period. Additionally, due to the complexity of certain of our customer contracts, the actual revenue recognition treatment required under relevant accounting principles generally accepted in the United States (“GAAP”) will depend on contract-specific terms and may result in greater variability in revenue from period to period.
In addition, a decrease in new subscriptions or renewals in a reporting period may not have an immediate impact on billings for that period.
33
We face exposure to foreign currency exchange rate fluctuations.
Today, a vast majority of our customer contracts are denominated in U.S. dollars. Over time, however, an increasing portion of our international customer contracts may be denominated in local currencies. In addition, the majority of our international costs are denominated in local currencies. As a result, fluctuations in the value of the U.S. dollar and foreign currencies may affect our results of operations when translated into U.S. dollars. We do not currently engage in currency hedging activities to limit the risk of exchange rate fluctuations. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.
We are subject to anti-corruption, anti-bribery and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.
We are subject to anti-corruption and anti-bribery and similar laws, such as the U.S. Foreign Corrupt Practices Act of 1977, as amended (the “FCPA”), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery and anti-money laundering laws in countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly and prohibit companies and their employees and agents from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. As we increase our international sales and business, our risks under these laws may increase.
In addition, we use channel partners to sell our solutions and conduct business on our behalf. We or such partners may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and under certain circumstances we could be held liable for the corrupt or other illegal activities of such partners, and our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities.
Noncompliance with the FCPA, other applicable anti-corruption laws, or anti-money laundering laws could subject us to investigations, whistleblower complaints, sanctions, settlements, prosecution, and other enforcement actions within the U.S. and internationally, which could have a material adverse effect on our reputation, business, results of operations, and financial condition.
We are subject to governmental export controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.
Our business activities are subject to various restrictions under U.S. export controls and trade and economic sanctions laws, which include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities and also require authorization for the export of encryption items. In addition, various countries regulate the import of certain encryption technology, including through import and licensing requirements, and have enacted laws that could limit our ability to distribute our service or could limit our customers’ ability to implement our service in those countries. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and monetary penalties. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed, and may result in the delay or loss of sales opportunities. Although we take precautions to prevent our solutions from being provided in violation of such laws, our solutions may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. This could result in negative consequences to us, including government investigations, penalties and harm to our reputation.
Our international operations may give rise to potentially adverse tax consequences.
We are expanding our international operations and staff to better support our growth into certain international markets. Our corporate structure and associated transfer pricing policies anticipate future growth into certain international markets. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our
34
business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions, which are generally required to be computed on an arm’s-length basis pursuant to intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced net cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.
Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our solutions and harm our business.
New income, sales, use, value-added or other transaction level taxes, tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could adversely impact our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. These events could require us or our customers to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our customers to pay fines and/or penalties and interest for past amounts deemed to be due. If we raise our prices to offset the costs of these additional taxes, existing and potential future customers may elect not to purchase our solutions in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our compliance, operating and other costs, as well as the costs of our solutions to our customers. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could harm our business and financial performance. For example, various legislative and regulatory actions and proposals, such as in the United States, the Organisation for Economic Co-operation and Development and the EU, have increasingly focused on future tax reform and contemplate changes to long-standing tax principles, which could adversely affect our liquidity and results of operations.
As a multinational organization, we may be subject to taxation in certain jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents, which could harm our liquidity and results of operations. In addition, the authorities in these jurisdictions could review our tax returns and impose additional tax, interest and penalties, and the authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries, any of which could harm us and our results of operations.
Our business may be subject to additional obligations to collect and remit sales tax and other taxes, and we may be subject to tax liability for past sales. Any successful action by state, foreign or other authorities to collect additional or past sales tax could harm our business.
State, foreign and local taxing jurisdictions have differing rules and regulations governing sales, use and other indirect taxes (including digital services taxes), and these rules and regulations are subject to varying interpretations that may change over time. In particular, the applicability of certain sales, value-added and digital services taxes to our platforms in various jurisdictions is unclear. It is possible that we could face tax audits and that our liability for these taxes could exceed our estimates as tax authorities could still assert that we are obligated to collect additional amounts as taxes from our customers and remit those taxes to those authorities. We could also be subject to audits in states and international jurisdictions for which we have not accrued tax liabilities. A successful assertion that we should be collecting additional sales or other taxes on our solutions and services in jurisdictions where we have not historically done so and do not accrue for such taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our solutions or otherwise harm our business, results of operations and financial condition.
We file sales tax returns in certain states within the United States as required by law and certain customer contracts for a portion of the solutions that we provide. We do not collect sales or other similar taxes in other states and many of such states do not apply sales or similar taxes to the vast majority of the solutions that we provide. However, one or more states or foreign authorities could seek to impose additional sales, use or other tax collection and record-keeping obligations on us or may determine that such taxes should have, but have not been, paid by us. Liability for past taxes may also include substantial interest and penalty charges. Any successful action by state, foreign or other authorities to compel us to collect and remit sales tax, use tax or other taxes, either retroactively, prospectively or both, could harm our business, results of operations and financial condition.
35
Our ability to use our U.S. net operating loss carry-forwards and certain other tax attributes may be limited.
Under Section 382 of the Internal Revenue Code of 1986, as amended, if a corporation undergoes an “ownership change,” generally defined as a greater than 50% change (by value) in its equity ownership over a three-year period, the corporation’s ability to use its pre-change net operating loss carry-forwards and other pre-change tax attributes, such as research tax credits and distributed interest deduction carryover, to offset its post-change income may be limited. We have experienced ownership changes in the past and any such ownership change in the future could result in increased future tax liability. In addition, we may experience ownership changes in the future as a result of subsequent shifts in our stock ownership. As a result, if we earn net taxable income, our ability to use our pre-change net operating loss carry-forwards to offset U.S. federal taxable income may be subject to limitations, which could potentially result in increased future tax liability to us.
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. To satisfy this obligation, we expend significant resources, including accounting-related costs and significant management oversight. If any of these new or improved controls and systems do not perform as expected, we may experience material weaknesses or significant deficiencies in our controls. Our controls may also become inadequate because of changes in conditions in our business. We may discover any such weaknesses or deficiencies in the future and be required to restate our financial statements for prior periods.
Ineffective internal controls over financial reporting could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in our periodic reports that are filed with the SEC. For example, investors could lose confidence in our reported financial and other information; we could fail to satisfy our SEC, Nasdaq other reporting obligations, or become subject to sanctions or investigations by regulators; and our the price of our Class A common stock could decline.
Changes in existing financial accounting standards or practices, or taxation rules or practices, may harm our results of operations.
Changes in existing accounting or taxation rules or practices, new accounting pronouncements or taxation rules, or varying interpretations of current accounting pronouncements or taxation practice could harm our results of operations or the manner in which we conduct our business. Further, such changes could potentially affect our reporting of transactions completed before such changes are effective.
GAAP are subject to interpretation by the Financial Accounting Standards Board (“FASB”), the SEC and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results, and could affect the reporting of transactions completed before the announcement of a change. Adoption of such new standards and any difficulties in implementation of changes in accounting principles, including the ability to modify our accounting systems, could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.
If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.
The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include, but are not limited to those referenced in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our
36
results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our Class A common stock.
Risks Related to Ownership of Our Class A Common Stock
The stock price of our Class A common stock may be volatile or may decline.
The trading price of our Class A common stock has been, and in the future, may be, subject to substantial volatility and wide fluctuations. For example, from February 1, 2024 through January 31, 2025, the trading price of our Class A common stock has ranged from $70.56 per share to $114.50 per share. The market price of our Class A common stock fluctuates significantly in response to numerous factors, many of which are beyond our control, including, but not limited to, the factors described elsewhere in these risk factors, as well as:
•overall performance of the equity markets and/or publicly-listed technology companies;
•volatility in the market prices and trading volumes of technology and high-growth companies generally, or those in our industry in particular;
•actual or anticipated fluctuations in our revenue or other financial or operating metrics;
•our ability to meet or exceed forward-looking guidance we have given, our ability to give forward-looking guidance consistent with past practices, and changes to or withdrawal of previous guidance or long-range targets;
•failure of securities analysts to initiate or maintain coverage of us, changes in financial estimates and/or recommendations by any securities analysts who follow our company;
•our failure to meet the estimates or the expectations of securities analysts or investors;
•actions and investment positions taken by institutional and other stockholders, including activist investors;
•recruitment or departure of key personnel;
•rumors and market speculation involving us or other companies in our industry;
•announcements by us or our competitors of significant innovations, acquisitions, strategic partnerships, joint ventures, or capital commitments; and
•sales of additional shares of our Class A common stock by us, our directors, our officers or our stockholders.
In addition, stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. Stock prices of many companies, including technology companies and high-growth, unprofitable companies in particular, have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have instituted securities class action litigation following periods of market volatility. Our involvement in securities litigation has, in the past, and could, in the future, subject us to substantial costs, divert resources and the attention of management from our business, and harm our business.
The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of our IPO, including our directors, executive officers, and their affiliates, who held in the aggregate 35.3% of the voting power of our capital stock as of January 31, 2025. This will limit or preclude your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval.
Our Class B common stock has ten votes per share and our Class A common stock has one vote per share. As of January 31, 2025, our directors, executive officers and their affiliates held in the aggregate 35.3% of the voting power of our capital stock, taking into account shares of our common stock subject to options that are currently exercisable or exercisable within 60 days of January 31, 2025 and RSUs that are releasable within 60 days of January 31, 2025. Because of the ten-to-one voting ratio between our Class B and Class A common stock, the
37
holders of our Class B common stock collectively could continue to control nearly a majority of the combined voting power of our common stock and be able to effectively control all matters submitted to our stockholders for approval until April 12, 2027, the date that is the ten-year anniversary of the closing of our IPO. This concentrated control may limit or preclude your ability to influence corporate matters for the foreseeable future, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. In addition, this may prevent or discourage unsolicited acquisition proposals or offers for our capital stock that you may feel are in your best interest as one of our stockholders.
Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, subject to limited exceptions, such as certain transfers effected for estate planning purposes. The conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who have retained their shares.
Sales of a substantial number of shares of our Class A common stock in the public markets, or the perception that sales might occur, could cause the market price of our Class A common stock to decline.
Sales of a substantial number of shares of our Class A common stock into the public market, particularly sales by our directors, executive officers, and principal stockholders, or the perception that these sales might occur, could cause the market price of our Class A common stock to decline.
In addition, we have options outstanding that, if fully exercised, would result in the issuance of shares of our Class A and Class B common stock. We also have restricted stock units (“RSUs”) outstanding that, if vested and settled, would result in the issuance of shares of Class A common stock. All of the shares of Class A and Class B common stock issuable upon the exercise of stock options and vesting of RSUs and the shares reserved for future issuance under our equity incentive plans, are registered for public resale under the Securities Act of 1933, as amended (“Securities Act”). Accordingly, these shares will be able to be freely sold in the public market upon issuance, subject to applicable vesting requirements.
Furthermore, a substantial number of shares of our Class A common stock is reserved for issuance upon the exercise of the Notes (as defined below). If we elect to satisfy our conversion obligation on the Notes solely in shares of our Class A common stock upon conversion of the Notes, we will be required to deliver the shares of our Class A common stock, together with cash for any fractional share, on the second business day following the relevant conversion date.
If securities or industry analysts do not publish or cease publishing research, or publish inaccurate or unfavorable research, about our business, the price of our Class A common stock and trading volume could decline.
The trading market for our Class A common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If industry analysts do not publish or cease publishing research on our company, the trading price for our Class A common stock would be negatively affected. If one or more of the analysts who cover us downgrade our Class A common stock or publish inaccurate or unfavorable research about our business, our Class A common stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our Class A common stock could decrease, which might cause our Class A common stock price and trading volume to decline.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the operation of our business and for general corporate purposes. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their Class A common
38
stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current board of directors, and limit the market price of our Class A common stock.
Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:
•provide that our board is classified into three classes of directors with staggered three-year terms;
•permit our board to establish the number of directors and fill any vacancies and newly-created directorships;
•require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws;
•authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;
•provide that only the Chairperson of our board, our Chief Executive Officer, or a majority of our board of directors are authorized to call a special meeting of stockholders;
•provide for a dual class common stock structure in which holders of our Class B common stock have the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Class A and Class B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets;
•prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;
•provide that our board is expressly authorized to make, alter or repeal our bylaws; and
•advance notice requirements for nominations for election to our board or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.
Moreover, Section 203 of the Delaware General Corporation Law may discourage, delay, or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations, and other transactions between us and holders of 15% or more of our common stock.
Our amended and restated bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit stockholders’ ability to obtain a favorable judicial forum for disputes with us.
Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware will be the exclusive forum for:
•any derivative action or proceeding brought on our behalf;
•any action asserting a breach of fiduciary duty;
•any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; or
•any action asserting a claim against us that is governed by the internal affairs doctrine.
This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision contained in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur
39
additional costs associated with resolving such action in other jurisdictions, which could harm our business, results of operations and financial condition.
Risks Related to our Outstanding Convertible Notes
Servicing our debt may require a significant amount of cash. We may not have sufficient cash flow from our business to pay our indebtedness.
We have issued convertible notes due in 2025 (“2025 Notes”) and 2026 (“2026 Notes” and together with the 2025 Notes, the “Notes”). Our ability to make scheduled payments of the principal of, to pay interest on or to refinance our indebtedness, including the Notes, depends on our future performance, which is subject to economic, financial, competitive and other factors beyond our control. Our business may not generate cash flow from operations in the future sufficient to service our debt and make necessary capital expenditures. If we are unable to generate such cash flow, we may be required to adopt one or more alternatives, such as selling assets, restructuring debt or obtaining additional debt financing or equity capital on terms that may be onerous or highly dilutive. Our ability to refinance or raise any future indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. In addition, any of our future debt agreements may contain restrictive covenants that may prohibit us from adopting any of these alternatives. Our failure to comply with these covenants could result in an event of default which, if not cured or waived, could result in the acceleration of our debt.
We may not have the ability to raise the funds necessary for cash settlement upon conversion of the Notes or to repurchase the Notes for cash upon a fundamental change, and our future debt may contain limitations on our ability to pay cash upon conversion of the Notes or to repurchase the Notes.
Holders of the Notes have the right to require us to repurchase their Notes upon the occurrence of a fundamental change (as defined in the indentures governing their respective Notes) at a repurchase price equal to 100% of the principal amount of the Notes to be repurchased, plus accrued and unpaid interest, if any. Upon conversion of the Notes, unless we elect to deliver solely shares of our Class A common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the Notes being converted. We may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of Notes surrendered or Notes being converted. In addition, our ability to repurchase the Notes or to pay cash upon conversions of the Notes may be limited by law, by regulatory authority or by agreements governing our future indebtedness. Our failure to repurchase Notes at a time when the repurchase is required by the indenture governing such notes or to pay any cash payable on future conversions of the Notes as required by such indenture would constitute a default under such indenture. A default under the indenture governing the Notes or the fundamental change itself could also lead to a default under agreements governing our future indebtedness. If the repayment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Notes or make cash payments upon conversions.
In addition, our indebtedness, combined with our other financial obligations and contractual commitments, could have other important consequences. For example, it could:
•make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry and competitive conditions and adverse changes in government regulation;
•limit our flexibility in planning for, or reacting to, changes in our business and our industry;
•place us at a disadvantage compared to our competitors who have less debt;
•limit our ability to borrow additional amounts to fund acquisitions, for working capital and for other general corporate purposes; and
•make an acquisition of our company less attractive or more difficult.
Any of these factors could harm our business, results of operations and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase.
40
The conversion features of the Notes, if triggered, may adversely affect our financial condition and results of operations.
In the event the conditional conversion features of the 2025 Notes and the 2026 Notes are triggered, holders of the Notes will be entitled to convert the Notes, as applicable, at any time during specified periods at their option. If one or more holders elect to convert their Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our Class A common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. The conditional conversion features of the 2025 Notes were triggered as of January 31, 2021 and the 2025 Notes were convertible at the option of the holders between February 1, 2021 and April 30, 2021; however, as of January 31, 2025, the conditions allowing holders of the 2025 Notes to convert were not met. From the date of issuance through January 31, 2025, the conditions allowing holders of the 2026 Notes to convert were not met.
In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the Notes as a current rather than long-term liability, which would result in a material reduction of our net working capital and could limit our ability to raise future capital. As of January 31, 2025, the 2025 Notes have been classified as a current liability on our balance sheet due to their upcoming maturity on September 1, 2025.
Transactions relating to our Notes may affect the value of our Class A common stock.
The conversion of some or all of the Notes would dilute the ownership interests of existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our Class A common stock upon any conversion of such Notes. Our 2025 Notes and 2026 Notes may become in the future convertible at the option of their holders under certain circumstances. If holders of our Notes elect to convert their notes, we may settle our conversion obligation by delivering to them a significant number of shares of our Class A common stock, which would cause dilution to our existing stockholders. We have in the past, and may in the future, engage in exchanges, repurchase, or induce conversions of the Notes. Holders of the Notes that participate in any of these exchanges, repurchases, or induced conversions may enter into or unwind various derivatives with respect to our Class A common stock or sell shares of our Class A common stock in the open market to hedge their exposure in connection with these transactions. These activities could decrease (or reduce the size of any increase in) the market price of our Class A common stock or the Notes, or dilute the ownership interests of our stockholders. In addition, the market price of our Class A common stock is likely to be affected by short sales of our Class A common stock or the entry into or unwind of economically equivalent derivative transactions with respect to our Class A common stock by investors that do not participate in the exchange transactions and by the hedging activity of the counterparties to our capped call transactions ("Capped Calls") or their respective affiliates.
In addition, in connection with the issuance of the 2025 Notes and 2026 Notes, we entered into Capped Calls with certain financial institutions (the “Option Counterparties”). The Capped Calls are generally expected to reduce potential dilution to our Class A common stock upon any conversion or settlement of the 2025 Notes and 2026 Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted 2025 Notes and 2026 Notes, as the case may be, with such reduction and/or offset subject to a cap. If we unwind the Capped Calls in connection with Note repurchases or otherwise, we would lose the anti-dilutive impact of any unwound Capped Calls.
From time to time, the Option Counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivative transactions with respect to our Class A common stock and/or purchasing or selling our Class A common stock or other securities of ours in secondary market transactions prior to the maturity of the Notes. This activity could cause a decrease in the market price of our Class A common stock.
General Risk Factors
We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.
Our success depends largely upon the continued services of our executive officers and other key employees. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and they could terminate their employment with us at any time. The loss of one or more of our executive officers or key employees, and any failure to have in place and
41
execute an effective succession plan for key executives, could harm our business. In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel in the San Francisco Bay Area, where our headquarters is located, and in other locations where we maintain offices, is intense, especially for engineers experienced in designing and developing software and SaaS applications and experienced sales professionals. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications, and may not be able to fill positions in the desired regions, or at all. Our efforts to attract new personnel may be compounded by intensified restriction on travel, changes to immigration policy or the availability of work visas. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.
Catastrophic events may disrupt our business.
Natural disasters or other catastrophic events may cause damage or disruption to our operations, international commerce and the global economy, and thus could harm our business. We have a large employee presence in San Francisco, California, and the west coast of the United States contains active earthquake and wildfire zones which have the potential to disrupt our business. Communications systems and infrastructure could be damaged or interrupted at any time due to a major catastrophic event such as an earthquake, hurricane, fire or flood; power loss or a telecommunications failure; an unauthorized or malicious act such as a cyber-attack, war or terrorist attack; a health epidemic, or similar events or disruptions. Such events could result in reputational harm, delays in our application development, breaches of data security and loss of critical data. While we have backup systems for certain aspects of our operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, the insurance we maintain may be insufficient to compensate for losses from a major interruption.
Item 1B. Unresolved Staff Comments
None.
Item 1C. Cybersecurity
Cybersecurity risk management is an important part of our overall risk management efforts. Okta, Inc., like other companies, is subject to a wide variety of cybersecurity attacks on its systems, networks and data on an ongoing basis and with increasing sophistication. Given the evolving cybersecurity threat landscape facing us and our third-party service providers, we remain committed to protecting our systems, internal networks and our customers’ systems, and the information that we and they store and process.
We have an established cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of Okta, Inc.'s critical systems, internal networks, and information. This program implements policies, processes and controls to respond to cybersecurity threats and mitigate business impacts. Our board of directors (the “board”) has delegated to the cybersecurity risk committee of the board (the “cybersecurity risk committee”) oversight responsibility of the cybersecurity risk management program, which includes a cybersecurity incident response plan.
We devote significant resources, including human and financial capital, to create security measures, configuration policies and response plans to address cybersecurity threats. However, as a well-known provider of identity and security solutions, Okta, Inc. is a particularly attractive target to threat actors. For additional information related to these risks, see “Risk Factors” included under Part I, Item 1A of this Annual Report on Form 10-K. In the past we have experienced cybersecurity incidents, and cannot anticipate when or the extent to which cybersecurity incidents will materially affect us or our customers’ use of our platforms in the future. To date we have not identified any prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Despite our efforts, we cannot eliminate all risks related to cybersecurity threats or incidents. There can be no assurance that Okta, Inc.’s cybersecurity risk management program and processes will be fully implemented. Even if implemented, they may not be complied with or may not effectively protect our systems and information or those of our customers.
Cybersecurity Risk Management and Strategy
Cybersecurity is a top priority for Okta, Inc. Our cybersecurity strategy is to develop a consistent framework of security controls that can apply to all business functions. To execute on this strategy, we integrate cybersecurity risk management into our broader enterprise risk management program. We also take a cross-functional approach to cybersecurity risk management by engaging teams across the business, including security, technical operations,
42
engineering, IT, customer support, legal and communications, to implement shared processes for identifying, assessing, and managing key cybersecurity risks.
We design and assess our cybersecurity risk management program against the National Institute of Standards and Technology Cybersecurity Framework (the “NIST Framework”). This does not imply that Okta, Inc.'s cybersecurity risk management program satisfies any particular specifications or requirements, only that we use the NIST Framework to guide our efforts to improve our security posture. Certain of our Okta Platform product offerings have attained multiple security certifications, the details of which are described in "Our Technology" under Part I, Item I of this Annual Report on Form 10-K.
Our cybersecurity risk management program consists of technical and organizational safeguards aimed at protecting the confidentiality of our systems and platforms. From time to time, management will engage external consultants and advisors to perform independent assessments and testing of the cybersecurity risk management program, or otherwise assist with aspects of the program and security controls.
Key features of our cybersecurity risk management program include:
•Designated security governance, risk and compliance team. Our security governance, risk and compliance team is responsible for maintaining Okta, Inc.’s cybersecurity risk management framework and risk assessments, and for tracking risk mitigation efforts. This team, together with our enterprise risk management team, monitors and regularly reports on our cybersecurity risk profile. Our internal audit team partners with these teams to provide input on the overall effectiveness of Okta, Inc.’s security risk governance and management processes.
•Risk assessments. We periodically perform security risk assessments to stay informed about relevant security risks. Functional teams across the business assess risks associated with their specific activities, following an established framework with supervision by the security governance, risk and compliance team. Okta, Inc. has a management-level risk oversight committee, led by internal audit and security risk management personnel, that meets quarterly with other internal business leaders to review the results of these security risk assessments and evaluate the adequacy of any proposed mitigation plans.
•Incident response planning. Our cybersecurity incident response plan outlines the processes and procedures for responding to, remediating and resolving a security incident, and defines the roles and responsibilities of company personnel and third-party service providers who may assist in responding to such incidents. In fiscal 2025, we conducted tabletop exercises involving multiple operational teams, as well as an executive preparedness simulation with members of our management team, to educate personnel on their roles in response scenarios.
•Security awareness training. We require our employees and contractors to complete general cybersecurity awareness training at least annually. These training sessions advise on employee responsibilities and relevant policies designed to protect us, our information systems and data, as well as our customers’ systems and data. From time to time we may also require supplemental cybersecurity training for certain members of our workforce depending on their job responsibilities.
•Third-party risk management. We require high risk third-party vendors, suppliers and service providers to undergo a cybersecurity risk assessment prior to contracting with Okta, Inc. Certain third parties are monitored and reassessed on an ongoing basis, depending on their level of risk or in the event of changes to their products or services.
Cybersecurity Governance
Our board oversees Okta, Inc.’s enterprise risk management program, of which cybersecurity is an important component. To facilitate the board’s supervision of cybersecurity matters, the board formed the cybersecurity risk committee. Among other responsibilities, the cybersecurity risk committee provides oversight over the effectiveness of Okta, Inc.'s cybersecurity program.
The cybersecurity risk committee receives regular updates on our cybersecurity program from our chief security officer (the “CSO”). In addition, management updates the cybersecurity risk committee, as appropriate, regarding cybersecurity incidents. Our cybersecurity risk committee reports to the board on its activities. In addition to receiving reports from the cybersecurity risk committee, our board periodically receives cyber risk management program briefings directly from the CSO. Additionally, the audit committee of the board (the "audit committee")
receives regular cybersecurity updates as part of the audit committee’s oversight over our enterprise risk management program.
Our management team, including the CSO, is responsible for assessing and managing our risks from cybersecurity threats. The CSO partners with the security, technical operations, legal, internal audit, engineering and product development teams to supervise both our cybersecurity program and our retained third-party cybersecurity consultants, and to stay informed on security at Okta, Inc. and the overall security landscape. Our current CSO brings over 20 years of cybersecurity and risk management experience to his work at Okta, Inc., having held numerous security leadership positions in highly-regulated industries such as finance. His experience delivering cybersecurity at scale extends internationally, and includes security and risk management roles at companies in Australia, the United Kingdom and the United States. The Okta, Inc. security team includes individuals with experience across a broad range of cybersecurity areas, including product security; cloud security; infrastructure security; security monitoring and incident response; identity and access management; vulnerability management; and governance, risk and compliance.
Okta, Inc.'s management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security and technical personnel; threat intelligence and other information obtained from governmental, public or private sources, including third-party consultants engaged by us; and alerts and reports produced by security tools deployed in our technical environment.
Item 2. Properties
Our corporate headquarters is located in San Francisco, California, where we currently lease approximately 285,996 square feet under a lease, as amended, that expires in October 2028. We are entitled to two five-year options to extend this lease, subject to certain requirements. We sublease approximately 111,168 square feet of space under this lease to third parties.
We also lease space in various locations in the Americas, Europe and Asia-Pacific.
We believe that our facilities are suitable to meet our current needs. We intend to add new facilities, as necessary, as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate any such growth.
Item 3. Legal Proceedings
The information set forth under “Legal Matters” in Note 10 to our consolidated financial statements "Commitments and Contingencies" is incorporated by reference herein.
Item 4. Mine Safety Disclosures
Not Applicable.
Part II
Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information and Holders
Our Class A common stock has been listed on the Nasdaq Global Select Market under the symbol "OKTA" since April 7, 2017. Prior to that date, there was no public trading market for our Class A common stock. Our Class B common stock is not listed or traded on any stock exchange.
As of February 27, 2025, we had 56 holders of record of our Class A common stock and 15 holders of record of our Class B common stock. The actual number of Class A beneficial stockholders is substantially greater than the number of holders of record because a large portion of our Class A common stock is held in street name by brokers and other nominees.
Dividend Policy
We have never declared or paid cash dividends on our capital stock. We currently intend to retain any future earnings for use in the operation of our business and do not intend to declare or pay any cash dividends in the foreseeable future. Any further determination to pay dividends on our capital stock will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors considers relevant.
45
Stock Performance Graph
This performance graph shall not be deemed "soliciting material" or to be "filed" with the Securities and Exchange Commission ("SEC") for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Okta, Inc. under the Securities Act of 1933, as amended ("Securities Act") or the Exchange Act.
The following graph shows a five-year comparison of cumulative total return (equal to dividends plus stock appreciation) for our Class A common stock, the Standard & Poor’s 500 Index ("S&P 500 Index") and Standard & Poor's Information Technology Index ("S&P 500 Information Technology Index"). All values assume a $100 initial investment, and data for the S&P 500 Index and S&P 500 Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our Class A common stock.
| Company/Index | 1/31/2020 | 1/31/2021 | 1/31/2022 | 1/31/2023 | 1/31/2024 | 1/31/2025 | ||||||||||||||||||||||||||||||||
| Okta | $ | 100 | $ | 202 | $ | 155 | $ | 57 | $ | 65 | $ | 74 | ||||||||||||||||||||||||||
| S&P 500 Index | 100 | 117 | 145 | 133 | 160 | 203 | ||||||||||||||||||||||||||||||||
| S&P 500 Information Technology Index | 100 | 137 | 173 | 146 | 219 | 280 | ||||||||||||||||||||||||||||||||
Securities Authorized for Issuance under Equity Compensation Plans
The information required by this item with respect to our equity compensation plans is incorporated by reference to our 2025 Annual Report to Stockholders, which includes our Proxy Statement for the 2025 Annual Meeting of Stockholders to be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Unregistered Sales of Equity Securities
None.
Issuer Purchases of Equity Securities
None.
Item 6. [Reserved]
46
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS
Item 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our consolidated financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. Amounts reported in millions are rounded based on the amounts in thousands. As a result, the sum of the components reported in millions may not equal the total amount reported in millions due to rounding. In addition, percentages presented may not add to their respective totals or recalculate due to rounding. In addition to historical financial information, the following discussion contains forward-looking statements that are based upon current plans, expectations and beliefs that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth under the section titled “Risk Factors” under Part I, Item 1A of this Annual Report on Form 10-K. Our fiscal year ends January 31. References to fiscal 2025, for example, refer to the fiscal year ended January 31, 2025.
Overview
Okta, Inc. is the leading independent identity partner. Our Okta Platform and Auth0 Platform, enable our customers to securely connect the right people to the right technologies and services at the right time. Every day, thousands of organizations and millions of people use our platforms to securely access a wide range of cloud, mobile, web and Software-as-a-Service ("SaaS") applications, on-premises servers, application programming interfaces, IT infrastructure providers and services from a multitude of devices. Employees and contractors sign into the Okta Platform to seamlessly and securely access the applications they need to do their most important work with more modern and secure experiences in the cloud and via mobile devices. Developers leverage our Okta Platform and Auth0 Platform to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core mission.
Given the growth trends in cloud adoption and the number of applications customers use and the movement to remote and hybrid workforces, identity is becoming the most critical layer of an organization’s security. As organizations shift from network-based security models to a Zero Trust security model focusing on adaptive and context-aware controls, identity has become the most reliable way to manage user access and protect digital assets. Our approach to identity allows our customers to simplify and efficiently scale their security infrastructures across internal IT systems and external customer facing applications.
As of January 31, 2025, more than 19,650 customers across nearly every industry used our solutions to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises, to small and medium-sized businesses, universities, non-profits and government agencies. We also partner with leading application, IT infrastructure and security vendors through our Okta Integration Network. As of January 31, 2025, we had over 7,000 integrations with these cloud, mobile and web applications and IT infrastructure and security vendors.
We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings. We focus on attracting and retaining our customers and increasing the value we provide to them over time. By retaining customers and increasing value, we increase their spending with us through expanding the number of users who access our Okta Platform and Auth0 Platform, and by selling additional product offerings. We sell our product offerings directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including resellers, system integrators and other distribution partners. Our subscription fees include the use of our service and our technical support and management of our platforms. We base subscription fees primarily on the solutions used and the number of users on our platforms. We typically invoice customers in advance in annual installments for subscriptions to our platforms.
Our revenue is relatively predictable as a result of our subscription-based business model, which constituted approximately 98% of total revenue for fiscal 2025. Future growth may be impacted by longer sales cycles, which we have experienced, which in turn, could result in delays in deals closing, creating near-term headwinds for cash flow, remaining performance obligations (“RPO”) and billings growth as well as potential future impacts on revenue growth and other key metrics on a trailing basis.
47
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Impact of Cybersecurity Incidents
In the past we have experienced cybersecurity incidents, such as the January 2022 incident involving one of our third-party service providers and the October 2023 incident where a threat actor gained unauthorized access to and stole information from our third-party customer support system, that harmed our reputation and customer relations, adversely impacted our financial results and may create additional liabilities. While we expect the impact of these security incidents to adversely affect our future financial performance, we cannot predict the extent of such impact with certainty. Due to the nature of our business, the announcement of any security incidents, even if not significant, could have these impacts.
Impact of Current Economic Conditions
Worldwide economic and political uncertainties and negative trends, including financial and credit market fluctuations, tariffs and increasing trade protectionism, changes in government spending levels, uncertainty in the banking sector, rising interest rates, inflation and other impacts from the macroeconomic environment have, and could continue to, adversely affect our business operations or financial results. As we continue to monitor the direct and indirect impacts of these circumstances, the broader implications of these macroeconomic and political events on our business, results of operations and overall financial position remain uncertain. See the section titled “Risk Factors'' included under Part I, Item 1A above for further discussion of the possible impact of these factors and other risks on our business.
Financial Information and Segments
We operate our business as one reportable segment. For fiscal 2025, 2024 and 2023, our revenue was $2,610 million, $2,263 million and $1,858 million, respectively, representing a growth rate of 15% and 22% in fiscal 2025 and 2024, respectively. For fiscal 2025, we generated net income of $28 million, and for fiscal 2024 and 2023, we generated net losses of $355 million and $815 million, respectively. Our accumulated deficit as of January 31, 2025 was $2,802 million.
Key Business Metrics
We review a number of operating and financial metrics, including the following key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans, and make strategic decisions.
| As of January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
Number of total customers | 19,650 | 18,950 | 17,600 | ||||||||||||||
| Customers with annual contract value ("ACV") above $100,000 | 4,800 | 4,485 | 3,930 | ||||||||||||||
| Dollar-based net retention rate for the trailing 12 months ended | 107 | % | 111 | % | 120 | % | |||||||||||
| Current remaining performance obligations | $ | 2,248 | $ | 1,952 | $ | 1,684 | |||||||||||
| Remaining performance obligations | $ | 4,215 | $ | 3,385 | $ | 3,007 | |||||||||||
Total Customers and Number of Customers with Annual Contract Value Above $100,000
As of January 31, 2025, we had over 19,650 customers on our platforms. Increasing awareness of our platforms and capabilities, coupled with the mainstream adoption of cloud technology, has expanded the diversity of our customer base to include organizations of all sizes across all industries. Beginning in the first quarter of fiscal 2026, we will no longer provide the number of total customers as a business metric on which to evaluate the strength of our business.
The number of customers who have greater than $100,000 in ACV with us was 4,800, 4,485 and 3,930 as of January 31, 2025, 2024 and 2023, respectively. We expect this trend to continue as larger enterprises recognize the value of our platforms and replace their legacy identity access management infrastructure. We define a customer as a separate and distinct buying entity, such as a company, an educational or government institution, or a distinct business unit of a large company that has an active contract with us or one of our partners to access our platforms.
48
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
For purposes of determining our customer count, we do not include customers that use our platforms under self-service arrangements only.
Dollar-Based Net Retention Rate
Part of our ability to generate revenue is dependent upon our ability to maintain our relationships with our customers and to increase their utilization of our platforms. We believe we can achieve these goals by focusing on delivering value and functionality that enables us to both retain our existing customers and expand the number of users and solutions used within an existing customer. One way that we assess our performance in this area by measuring our Dollar-Based Net Retention Rate. Our Dollar-Based Net Retention Rate measures our ability to increase revenue across our existing customer base through expansion of users and solutions associated with a customer as offset by churn and contraction in the number of users and/or solutions associated with a customer.
Our Dollar-Based Net Retention Rate is based upon our ACV which is calculated based on the terms of that customer’s contract and represents the total contracted annual subscription amount as of that period end. We calculate our Dollar-Based Net Retention Rate as of a period end by starting with the ACV from all customers as of twelve months prior to such period end ("Prior Period ACV"). We then calculate the ACV from these same customers as of the current period end ("Current Period ACV"). Current Period ACV includes any upsells and is net of contraction or churn over the trailing twelve months but excludes ACV from new customers in the current period. We then divide the Current Period ACV by the Prior Period ACV to arrive at our Dollar-Based Net Retention Rate. Our Dollar-Based Net Retention Rate is inclusive of ACV from self-service customers.
Our Dollar-Based Net Retention Rate is primarily attributable to our healthy gross retention, an expansion of users and upselling additional solutions within our existing customers. Larger enterprises often implement a limited initial deployment of our platforms before increasing their deployment on a broader scale. The decrease in our Dollar-Based Net Retention Rate as of January 31, 2025, compared to January 31, 2024, was primarily a result of the macroeconomic environment, with overall ACV from existing customers increasing at a slower rate in the current period.
Remaining Performance Obligations ("RPO")
RPO represent all future, non-cancelable, contracted revenue under our subscription contracts with customers that has not yet been recognized, inclusive of deferred revenue that has been invoiced and non-cancelable amounts that will be invoiced and recognized as revenue in future periods. Current RPO represents the portion of RPO expected to be recognized during the next 12 months. RPO fluctuates due to a number of factors, including the timing, duration and dollar amount of customer contracts and fluctuations in foreign currency exchange rates.
Components of Results of Operations
Revenue
Subscription Revenue. Subscription revenue primarily consists of fees for access to and usage of our cloud-based platforms and related support. Subscription revenue is driven primarily by the number of customers, the number of users per customer and the solutions used. We typically invoice customers in advance in annual installments for subscriptions to our platforms.
Professional Services and Other. Professional services revenue includes fees from assisting customers in implementing and optimizing the use of our solutions. These services include application configuration, system integration and training services.
We generally invoice customers as the work is performed for time-and-materials arrangements, and up front for fixed fee arrangements. Professional services revenue is recognized as the services are performed.
Overhead Allocation and Employee Compensation Costs
We allocate shared costs, such as facilities costs (including rent, utilities and depreciation on assets shared by all departments), certain information technology costs, security costs and recruiting costs to all departments based on headcount. As such, allocated shared costs are reflected in each of the cost of revenue and operating
49
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
expense categories. Employee compensation costs reflected in each of the cost of revenue and operating expense categories include salaries, bonuses, compensation related taxes, benefits and stock-based compensation. Additionally included in the sales and marketing expense category are sales commissions and related taxes.
Cost of Revenue and Gross Margin
Cost of Subscription. Cost of subscription primarily consists of expenses related to hosting our services and providing support. These expenses include employee-related costs associated with our cloud-based infrastructure, our product security organization and our customer support organization, third-party hosting fees, software and maintenance costs, outside services associated with the delivery of our subscription services, amortization expense associated with capitalized internal-use software and acquired developed technology and allocated overhead.
We intend to continue to invest additional resources in our platform infrastructure, our platforms support organizations and security posture. We will continue to invest in technology innovation and we anticipate that costs qualifying for capitalization of internal-use software costs and related amortization may fluctuate over time. We expect our investment in technology to expand the capability of our platform, enabling us to improve our gross margin over time. The level and timing of investment in these areas could affect our cost of subscription revenue in the future.
Cost of Professional Services and Other. Cost of professional services consists primarily of employee-related costs for our professional services delivery team, travel-related costs, allocated overhead and costs of outside services associated with supplementing our professional services delivery team. The cost of providing professional services has historically been higher than the associated revenue we generate.
Gross Margin. Gross margin is gross profit expressed as a percentage of total revenue. Our gross margin may fluctuate from period to period as a result of the timing and amount of investments to expand our hosting capacity and our continued efforts to build platform support and professional services teams.
Operating Expenses
Research and Development. Research and development expenses consist primarily of employee compensation costs and allocated overhead. We believe that continued investment in our platforms is important for our growth.
Sales and Marketing. Sales and marketing expenses consist primarily of employee compensation costs, costs of general marketing and promotional activities, travel-related expenses, amortization expense associated with acquired customer relationships and trade names and allocated overhead. Commissions earned by our sales force that are considered incremental and recoverable costs of obtaining a contract with a customer are deferred and then amortized on a straight-line basis over a period of benefit that we have determined to be generally five years.
General and Administrative. General and administrative expenses consist primarily of employee compensation costs for finance, accounting, legal, information technology and human resources personnel. In addition, general and administrative expenses include acquisition and integration-related costs, non-personnel costs, such as legal, accounting and other professional fees, charitable contributions, and all other supporting corporate expenses, such as information technology, not allocated to other departments.
Restructuring and Other Charges. Restructuring and other charges consist primarily of personnel costs, such as notice period, employee severance payments and termination benefits. In addition, restructuring and other charges include certain lease impairment charges.
Interest and Other, Net
Interest and other, net consists of interest expense, which primarily includes amortization of debt issuance costs and contractual interest expense for our convertible senior notes, interest income from our investment holdings, gains on early extinguishment of debt and gains and losses from our strategic investments.
Provision for Income Taxes
Our provision for income taxes consists of federal and state income taxes in the United States and income taxes in certain foreign jurisdictions where we operate.
50
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Results of Operations
The following table sets forth our results of operations for the periods presented:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Revenue | |||||||||||||||||
| Subscription | $ | 2,556 | $ | 2,205 | $ | 1,794 | |||||||||||
| Professional services and other | 54 | 58 | 64 | ||||||||||||||
| Total revenue | 2,610 | 2,263 | 1,858 | ||||||||||||||
| Cost of revenue | |||||||||||||||||
Subscription(1) | 549 | 502 | 464 | ||||||||||||||
Professional services and other(1) | 69 | 79 | 82 | ||||||||||||||
| Total cost of revenue | 618 | 581 | 546 | ||||||||||||||
| Gross profit | 1,992 | 1,682 | 1,312 | ||||||||||||||
| Operating expenses | |||||||||||||||||
Research and development(1) | 642 | 656 | 620 | ||||||||||||||
Sales and marketing(1) | 965 | 1,036 | 1,066 | ||||||||||||||
General and administrative(1) | 448 | 450 | 409 | ||||||||||||||
| Restructuring and other charges | 11 | 56 | 29 | ||||||||||||||
| Total operating expenses | 2,066 | 2,198 | 2,124 | ||||||||||||||
| Operating loss | (74) | (516) | (812) | ||||||||||||||
| Interest expense | (5) | (8) | (11) | ||||||||||||||
| Interest income and other, net | 106 | 81 | 22 | ||||||||||||||
Gain on early extinguishment of debt | 19 | 106 | — | ||||||||||||||
| Interest and other, net | 120 | 179 | 11 | ||||||||||||||
Income (loss) before provision for income taxes | 46 | (337) | (801) | ||||||||||||||
Provision for income taxes | 18 | 18 | 14 | ||||||||||||||
Net income (loss) | $ | 28 | $ | (355) | $ | (815) | |||||||||||
(1) Includes stock-based compensation expense as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Cost of subscription revenue | $ | 82 | $ | 75 | $ | 69 | |||||||||||
| Cost of professional services and other revenue | 12 | 15 | 14 | ||||||||||||||
| Research and development | 216 | 277 | 275 | ||||||||||||||
| Sales and marketing | 131 | 156 | 159 | ||||||||||||||
| General and administrative | 124 | 161 | 160 | ||||||||||||||
| Total stock-based compensation expense | $ | 565 | $ | 684 | $ | 677 | |||||||||||
51
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
The following table sets forth our results of operations for the periods presented as a percentage of our total revenue:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| Revenue | |||||||||||||||||
| Subscription | 98 | % | 97 | % | 97 | % | |||||||||||
| Professional services and other | 2 | 3 | 3 | ||||||||||||||
| Total revenue | 100 | 100 | 100 | ||||||||||||||
| Cost of revenue | |||||||||||||||||
| Subscription | 21 | 22 | 25 | ||||||||||||||
| Professional services and other | 3 | 4 | 4 | ||||||||||||||
| Total cost of revenue | 24 | 26 | 29 | ||||||||||||||
| Gross profit | 76 | 74 | 71 | ||||||||||||||
| Operating expenses | |||||||||||||||||
| Research and development | 25 | 29 | 33 | ||||||||||||||
| Sales and marketing | 37 | 46 | 58 | ||||||||||||||
| General and administrative | 17 | 20 | 22 | ||||||||||||||
| Restructuring and other charges | — | 2 | 2 | ||||||||||||||
| Total operating expenses | 79 | 97 | 115 | ||||||||||||||
| Operating loss | (3) | (23) | (44) | ||||||||||||||
| Interest expense | — | — | (1) | ||||||||||||||
| Interest income and other, net | 4 | 4 | 2 | ||||||||||||||
Gain on early extinguishment of debt | 1 | 4 | — | ||||||||||||||
| Interest and other, net | 5 | 8 | 1 | ||||||||||||||
| Income (loss) before provision for income taxes | 2 | (15) | (43) | ||||||||||||||
| Provision for income taxes | 1 | 1 | 1 | ||||||||||||||
| Net income (loss) | 1 | % | (16) | % | (44) | % | |||||||||||
52
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
A discussion regarding our financial condition and results of operations for fiscal 2025 compared to fiscal 2024 is presented below. A discussion regarding our financial condition and results of operations for fiscal 2024 compared to fiscal 2023 can be found under Item 7 in our Annual Report on Form 10-K for fiscal 2024, filed with the SEC on March 1, 2024, which is available free of charge on the SEC’s website at www.sec.gov and our Investor Relations website at investor.okta.com.
Comparison of the Years Ended January 31, 2025 and 2024
Revenue
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| Revenue: | |||||||||||||||||||||||
| Subscription | $ | 2,556 | $ | 2,205 | $ | 351 | 16 | % | |||||||||||||||
| Professional services and other | 54 | 58 | (4) | (7) | |||||||||||||||||||
| Total revenue | $ | 2,610 | $ | 2,263 | $ | 347 | 15 | % | |||||||||||||||
| Percentage of revenue: | |||||||||||||||||||||||
| Subscription | 98 | % | 97 | % | |||||||||||||||||||
| Professional services and other | 2 | 3 | |||||||||||||||||||||
| Total | 100 | % | 100 | % | |||||||||||||||||||
For fiscal 2025, the increase in subscription revenue was primarily due to an increase in users and sales of additional solutions to existing customers and the addition of new customers. The increase in revenue was attributable to increased revenue from existing customers as reflected in our Dollar-Based Net Retention Rate of 107% as of January 31, 2025 and an increase in the number of customers as detailed in our Key Business Metrics.
For fiscal 2025, the decrease in professional services and other revenue was due to lower bookings associated with professional services.
Cost of Revenue, Gross Profit and Gross Margin
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| Cost of revenue: | |||||||||||||||||||||||
| Subscription | $ | 549 | $ | 502 | $ | 47 | 9 | % | |||||||||||||||
| Professional services and other | 69 | 79 | (10) | (12) | |||||||||||||||||||
| Total cost of revenue | $ | 618 | $ | 581 | $ | 37 | 6 | % | |||||||||||||||
| Gross profit | $ | 1,992 | $ | 1,682 | $ | 310 | 18 | % | |||||||||||||||
| Gross margin: | |||||||||||||||||||||||
| Subscription | 79 | % | 77 | % | |||||||||||||||||||
| Professional services and other | (29) | (36) | |||||||||||||||||||||
| Total gross margin | 76 | % | 74 | % | |||||||||||||||||||
For fiscal 2025, cost of subscription revenue increased primarily due to an increase of $15 million in labor costs and an increase in stock-based compensation of $7 million as we expanded our headcount. Additionally, third-party hosting costs increased by $8 million as we expanded capacity to support our growth, while software and consulting costs increased by $7 million and $4 million, respectively.
Our gross margin for subscription revenue improved from 77% to 79% during fiscal 2025. The increase was primarily driven by improved spend efficiency resulting in lower relative cost of subscription revenue.
For fiscal 2025, cost of professional services and other revenue decreased due to a reduction in labor costs of $7 million and a decrease in stock-based compensation of $3 million, driven by lower headcount.
53
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Our gross margin for professional services and other revenue improved to (29)% during fiscal 2025 from (36)% during fiscal 2024 primarily due to improved spend efficiency resulting in lower relative cost of professional services and other.
Operating Expenses
Research and Development Expenses
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| Research and development | $ | 642 | $ | 656 | $ | (14) | (2) | % | |||||||||||||||
| Percentage of revenue | 25 | % | 29 | % | |||||||||||||||||||
For fiscal 2025, research and development expenses decreased due to a reduction in stock-based compensation expense of $61 million, offset by increases in labor costs of $28 million, hosting fees of $6 million and software costs of $2 million. The decrease in research and development as a percentage of total revenue was primarily driven by improved spend efficiency.
Sales and Marketing Expenses
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| Sales and marketing | $ | 965 | $ | 1,036 | $ | (71) | (7) | % | |||||||||||||||
| Percentage of revenue | 37 | % | 46 | % | |||||||||||||||||||
For fiscal 2025, sales and marketing expenses decreased primarily due to a reduction in labor costs of $34 million and a decrease in stock-based compensation expense of $25 million, driven by lower headcount. The decrease in sales and marketing as a percentage of total revenue was primarily driven by improved spend efficiency. We expect our sales and marketing expenses will continue to be our largest operating expense category for the foreseeable future. We expect sales and marketing expenses as a percentage of total revenue to decrease as our total revenue grows.
General and Administrative Expenses
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| General and administrative | $ | 448 | $ | 450 | $ | (2) | — | % | |||||||||||||||
| Percentage of revenue | 17 | % | 20 | % | |||||||||||||||||||
For fiscal 2025, general and administrative expenses decreased primarily due to a reduction in stock-based compensation expense of $37 million, offset by increases in consulting costs of $12 million, labor costs of $9 million, and software costs of $6 million. The decrease in general and administrative as a percentage of total revenue was primarily driven by improved spend efficiency. We expect general and administrative expenses as a percentage of total revenue to decrease as our total revenue grows.
54
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Restructuring and Other Charges
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| Restructuring and other charges | $ | 11 | $ | 56 | $ | (45) | (80) | % | |||||||||||||||
| Percentage of revenue | — | % | 2 | % | |||||||||||||||||||
For fiscal 2025, restructuring and other charges decreased primarily due to the absence of lease impairments along with a smaller overall restructuring plan implemented in fiscal 2025 compared to fiscal 2024.
Interest and Other, Net
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
| Interest expense | $ | (5) | $ | (8) | $ | 3 | (30) | % | |||||||||||||||
| Interest income and other, net | 106 | 81 | 25 | 31 | |||||||||||||||||||
Gain on early extinguishment of debt | 19 | 106 | (87) | (82) | |||||||||||||||||||
| Interest and other, net | $ | 120 | $ | 179 | $ | (59) | (33) | % | |||||||||||||||
For fiscal 2025, interest and other, net decreased primarily due to a decrease in gains on early extinguishment of debt related to repurchases of the convertible senior notes offset by an increase in interest income from our short-term investments.
Provision for Income Taxes
| Year Ended January 31, | |||||||||||||||||||||||
| 2025 | 2024 | $ Change | % Change | ||||||||||||||||||||
| (dollars in millions) | |||||||||||||||||||||||
Provision for income taxes | $ | 18 | $ | 18 | $ | — | — | % | |||||||||||||||
For fiscal 2025, income tax expense resulted primarily from income in profitable foreign jurisdictions, federal and state taxes resulting from limitations on tax attribute utilization, offset by the impact of tax windfalls from stock-based compensation in the United States.
For fiscal 2024, income tax expense resulted primarily from income in profitable foreign jurisdictions, federal and state taxes resulting from tax attribution utilization limitations, and the tax impact of shortfalls from stock-based compensation in the United Kingdom.
The Tax Cuts and Jobs Act of 2017 requires taxpayers to capitalize and amortize research and development expenses over five years for U.S. activities and 15 years for foreign activities, per IRC Section 174, instead of deducting them in the year they were incurred. Starting in fiscal 2023, this change has increased our U.S. federal and state cash taxes. This impact is expected to continue in future years as our capitalized research and development expenses continue to increase.
The Organization for Economic Cooperation and Development ("OECD") and many countries have proposed to reallocate some portion of profits of large multinational companies with global revenues exceeding EUR 20 billion to markets where sales arise ("Pillar One"), as well as enacted a global minimum tax rate of at least 15% for multinationals with global revenues exceeding EUR 750 million ("Pillar Two"), with additional countries considering or intending to adopt these proposals. In December 2022, the Council of the European Union ("EU") formally adopted the EU Minimum Tax Directive, which would require member states to adopt Pillar Two into their domestic law. The directive requires the rules to initially become effective for fiscal years starting on or after December 31, 2023. Certain jurisdictions in which we operate have enacted Pillar Two legislation, with other countries considering changes to their tax laws to adopt the OECD's proposals. The enactment of Pillar Two legislation is not expected to
55
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
have a material adverse effect on our effective tax rate, financial position, results of operations and cash flows. We will continue to monitor and reflect the impact of such legislative changes in future financial statements as appropriate.
We periodically evaluate the realizability of our deferred tax assets based on all available evidence, both positive and negative. The realization of the net deferred tax assets is dependent on our ability to generate sufficient future taxable income during the periods prior to the expiration of tax attributes to fully utilize these assets. Given our current and anticipated future earnings, we may release a significant portion of our valuation allowance if there is sufficient positive evidence that outweighs the negative evidence. The release of the valuation allowance would result in the recognition of certain deferred tax assets and a corresponding decrease to income tax expense for the period the release is recorded. However, the exact timing and amount of any potential valuation allowance released is uncertain. As of January 31, 2025 we continue to maintain a full valuation allowance on our deferred tax assets in the United States.
Liquidity and Capital Resources
As of January 31, 2025, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $2,523 million, which were held for working capital and general corporate purposes, including potential future acquisition activity. Our cash equivalents and investments consisted primarily of U.S. treasury securities, money market funds, corporate debt securities and certificates of deposit. Historically, we have generated significant operating losses and both positive and negative cash flows from operations as reflected in our accumulated deficit and consolidated statements of cash flows.
Recent macroeconomic events, including rising interest rates, global inflation and bank failures, have led to further economic uncertainty in the global economy. To mitigate risk, our cash and cash equivalents are distributed across large financial institutions. In addition, we have policy restrictions in place on the types of securities that can be purchased as part of our available-for-sale securities portfolio. These restrictions take credit quality, liquidity and diversification into consideration among other criteria. We continue to monitor the impacts of this situation; however, there can be no assurances that conditions in the banking sector and in global financial markets will not worsen and/or adversely affect us.
Effective the first quarter of fiscal 2025, we satisfy employee payroll tax withholding due upon the vesting of share-based compensation awards with our own funds under the "net share settlement" approach. Previously, payroll tax withholding was satisfied via the sale of shares of our common stock in the open market. The net share settlement approach reduces our equity dilution rate by covering such withholding tax obligations from existing cash reserves and impacts future liquidity. The cash outflow to cover these tax obligations is classified as a financing activity in the statement of cash flows.
In September 2019, we completed our private offering of the 2025 Notes due on September 1, 2025 and received aggregate gross proceeds of $1,060 million. The interest rate on the 2025 Notes is fixed at 0.125% per year and is payable semi-annually in arrears on March 1 and September 1 of each year, beginning on March 1, 2020. In connection with the 2025 Notes, we used a portion of the proceeds to enter into capped call transactions ("2025 Capped Calls") with respect to our Class A common stock. As of January 31, 2025, the 2025 Notes are classified as current liabilities due to their upcoming maturity on September 1, 2025, and we currently intend to settle the principal amount of the 2025 Notes in cash.
In June 2020, we completed our private offering of the 2026 Notes due on June 15, 2026 and received aggregate gross proceeds of $1,150 million. The interest rate on the 2026 Notes is fixed at 0.375% per year and is payable semi-annually in arrears on June 15 and December 15 of each year, beginning on December 15, 2020. In connection with the 2026 Notes, we used a portion of the proceeds to enter into capped call transactions ("2026 Capped Calls") with respect to our Class A common stock.
In the ordinary course of our business, we may, at any time and from time to time, seek to extinguish our outstanding Notes through cash purchases and/or exchanges for equity, in open-market purchases, privately negotiated transactions or otherwise. Such extinguishments, if any, will be conducted on such terms and at such prices as we may determine, and will depend on our evaluation of the prevailing market conditions, trading price of the 2025 Notes and 2026 Notes (collectively, "the Notes"), our liquidity requirements, legal and contractual restrictions and other factors. During fiscal 2025, we repurchased $42 million principal amount of the 2025 Notes for
56
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
$40 million in cash, and $258 million principal amount of the 2026 Notes for $240 million in cash, which resulted in an aggregate gain on early extinguishment of debt of $19 million. During fiscal 2024, we repurchased $508 million principal amount of the 2025 Notes for $462 million in cash, and $542 million principal amount of the 2026 Notes for $475 million in cash, which resulted in an aggregate gain on early extinguishment of debt of $106 million. The 2025 Capped Calls and 2026 Capped Calls remained outstanding notwithstanding such repurchase. We may, however, elect to terminate the 2025 Capped Calls or 2026 Capped Calls, in full or in part. In connection with any such termination, the option counterparties or their respective affiliates are expected to modify their hedge positions, which activity could affect the market price of our Class A common stock or the trading price of the Notes that remain outstanding. See Note 8 to our consolidated financial statements “Convertible Senior Notes, Net” and the section titled “Transactions relating to our Notes may affect the value of our Class A common stock” in “Risk Factors” included under Part I, Item 1A of this Annual Report on Form 10-K for additional information.
On February 1, 2024, we completed the acquisition of Spera Cybersecurity, Inc. and its subsidiary ("Spera"), an identity security platform provider. The acquisition date cash consideration was $58 million. Of this amount, $12 million was transferred to an escrow fund as partial security for any purchase price adjustments and indemnification obligations, and will be paid to the former Spera stockholders following the 18-month anniversary of the closing date (less any such adjustments or indemnification obligations). See Note 16 to our consolidated financial statements "Business Combinations" for additional information.
We believe our existing cash and cash equivalents, our investments and cash provided by sales of our solutions will be sufficient to meet our short-term and long-term projected working capital and capital expenditure needs for the foreseeable future. Our future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, billing frequency, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the expansion of our international operations, the introduction of new and enhanced product offerings, and the continuing market adoption of our platforms. We continue to assess our capital structure and evaluate the merits of deploying available cash. We may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies this could reduce our ability to compete successfully and harm our results of operations.
A significant majority of our customers pay in advance for annual subscriptions. Therefore, a substantial source of our cash is from our deferred revenue, which is included on our consolidated balance sheet as a liability. Deferred revenue consists of the unearned portion of billed fees for our subscriptions, which is recognized as revenue in accordance with our revenue recognition policy. As of January 31, 2025, we had deferred revenue of $1,718 million, of which $1,691 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met.
57
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Cash Flows
The following table summarizes our cash flows for the periods indicated:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Net cash provided by operating activities | $ | 750 | $ | 512 | $ | 86 | |||||||||||
Net cash provided by (used in) investing activities | (314) | 441 | (130) | ||||||||||||||
| Net cash provided by (used in) financing activities | (359) | (883) | 48 | ||||||||||||||
| Effects of changes in foreign currency exchange rates on cash, cash equivalents and restricted cash | (4) | 1 | (6) | ||||||||||||||
Net increase (decrease) in cash, cash equivalents and restricted cash | $ | 73 | $ | 71 | $ | (2) | |||||||||||
Operating Activities
Our largest source of operating cash is cash collections from our customers for subscription and professional services. Our primary uses of cash from operating activities are for employee-related expenditures, marketing expenses and third-party hosting costs.
During fiscal 2025, cash provided by operating activities was $750 million, an increase of $238 million compared to fiscal 2024. The increase was primarily attributable to an increase in cash received from customers and improved spend efficiency.
Investing Activities
During fiscal 2025, cash used in investing activities was $314 million, compared to cash provided by investing activities of $441 million during fiscal 2024. The change was primarily attributable to a decrease in proceeds from maturities and sales of available-for-sale securities and an increase in payments for business acquisitions and purchases of securities available-for-sale and other.
Financing Activities
During fiscal 2025, cash used in financing activities was $359 million, a decrease of $524 million compared to fiscal 2024. The decrease was primarily attributable to lower volume of payments made for repurchases of the Notes offset by the taxes paid related to net share settlement of equity awards during fiscal 2025.
Material Cash Requirements
Contractual Obligations
The following table represents the Company’s known short-term (i.e., the next twelve months) and long-term (i.e., beyond the next twelve months) obligations as of January 31, 2025:
| Short-term | Long-term | Total | ||||||||||||||||||
| (dollars in millions) | ||||||||||||||||||||
Convertible Senior Notes:(1) | ||||||||||||||||||||
| Principal payments | $ | 510 | $ | 350 | $ | 860 | ||||||||||||||
| Interest payments | 2 | 1 | 3 | |||||||||||||||||
Operating leases(2) | 34 | 102 | 136 | |||||||||||||||||
Purchase obligations(3) | 336 | 210 | 546 | |||||||||||||||||
| Total contractual obligations | $ | 882 | $ | 663 | $ | 1,545 | ||||||||||||||
(1) See Note 8 to our consolidated financial statements "Convertible Senior Notes, Net" for additional information.
(2) See Note 9 to our consolidated financial statements "Leases" for additional information.
(3) Purchase obligations primarily relate to data center hosting facilities, and other sales and marketing obligations.
58
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Indemnification Agreements
In the ordinary course of business, we enter into agreements of varying scope and terms pursuant to which we agree to indemnify customers, vendors, lessors, business partners and other parties with respect to certain matters, including, but not limited to, losses arising out of the breach of such agreements, services to be provided by us or from intellectual property infringement claims made by third parties. In addition, we have entered into indemnification agreements with our directors and certain officers and employees that will require us, among other things, to indemnify them against certain liabilities that may arise by reason of their status or service as directors, officers or employees. No material demands have been made upon us to provide indemnification under such agreements and there are no claims that we are aware of that could have a material effect on our consolidated balance sheets, consolidated statements of operations and comprehensive loss, or consolidated statements of cash flows.
Critical Accounting Estimates
We prepare our consolidated financial statements in accordance with accounting principles generally accepted in the United States of America. In the preparation of these consolidated financial statements, we are required to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, costs and expenses, and related disclosures. To the extent that there are material differences between these estimates and actual results, our financial condition or results of operations would be affected. We base our estimates on past experience and other assumptions that we believe are reasonable under the circumstances, and we evaluate these estimates on an ongoing basis. We refer to accounting estimates of this type as critical accounting estimates, which we discuss below.
Income Taxes
Income taxes are accounted for using the liability method. Under this method, deferred tax assets and liabilities are recognized for the expected future tax consequences of temporary differences between the financial reporting and tax basis of assets and liabilities, as well as for operating loss and tax credit carryforwards. Deferred tax assets and liabilities are measured using enacted tax rates that are expected to apply to taxable income for the years in which those tax assets and liabilities are expected to be realized or settled.
Valuation allowances are established when necessary to reduce deferred tax assets to the amounts that are more likely than not expected to be realized based on the weighting of positive and negative evidence. Future realization of deferred tax assets ultimately depends on the existence of sufficient taxable income of the appropriate character, within the carry-back or carry-forward periods available under the applicable tax law. In assessing the need for a valuation allowance, we consider available evidence, including past operating results, estimates of future taxable income, and the feasibility of tax planning strategies. Our judgment regarding future estimates may change due to many factors, including future market conditions and the ability to successfully execute our business plans and tax planning strategies. Should there be a change in the ability to recover deferred tax assets, our provision for income taxes would increase or decrease in the period in which the assessment is changed.
Our tax positions are subject to income tax audits by multiple tax jurisdictions throughout the world. We recognize the tax benefit of an uncertain tax position only if it is more likely than not that the position is sustainable upon examination by the taxing authority, based on the technical merits. Significant judgment is required in determining the technical merits of an uncertain tax position, such as taking into account current tax laws, our interpretation of current tax laws and possible outcomes of current and future audits conducted by foreign and domestic tax authorities. We adjust these reserves in light of changing facts and circumstances, such as the closing of a tax audit or the refinement of an estimate. To the extent the final tax outcome of these matters is different than the amounts recorded, such differences may impact the provision for income taxes in the period in which such determination is made.
Business Combinations
When we acquire a business, the purchase price is allocated to the acquired assets, including separately identifiable intangible assets, and assumed liabilities at their respective estimated fair values. Any residual purchase price is recorded as goodwill. The allocation of the purchase price requires management to make significant
59
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
estimates in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets. These estimates can include, but are not limited to:
•future expected cash flows from subscription contracts, professional services contracts, other customer contracts and acquired developed technologies;
•person hours required in recreating certain acquired technologies;
•historical and expected customer attrition rates and anticipated growth in revenue from acquired customers;
•royalty rates applied to acquired developed technology platforms and other intangible assets;
•obsolescence curves and other useful life assumptions, such as the period of time and intended use of acquired intangible assets in our product offerings;
•discount rates;
•uncertain tax positions and tax-related valuation allowances; and
•fair value of assumed equity awards.
These estimates are inherently uncertain and unpredictable, and unanticipated events and circumstances may occur that may affect the accuracy or validity of such assumptions, estimates or actual results.
If the initial accounting for a business combination is not complete following the acquisition date, we report provisional amounts for the known assets, liabilities, equity interests, or items of consideration for which the accounting is incomplete at the end of the financial reporting period. Provisional accounting is inherently subjective and judgmental. The objective of the measurement period is to provide a reasonable period of time to obtain the information necessary to complete all aspects of business combination accounting with a high level of confidence. During the measurement period, which may be up to one year from the acquisition date, adjustments to the reported provisional amounts may be recorded for which the accounting was incomplete, with the corresponding offset to goodwill. Should the accounting for a business combination be incomplete by the end of a reporting period that falls within the measurement period, we report provisional amounts in our financial statements, disclosing them as provisional, and any material measurement period adjustments are identified as such. Additional assets acquired or liabilities assumed in an acquisition that were not recognized at the acquisition date might be identified during the measurement period. Upon the conclusion of the measurement period or final determination of the fair value of assets acquired or liabilities assumed, whichever comes first, no further adjustments are made.
Loss Contingencies
We evaluate contingent liabilities, including threatened or pending litigation, and make provisions for such liabilities when it is both probable that a loss has been incurred and its amount can be reasonably estimated. Because of uncertainties inherent in litigation, we base our estimate and accrue the liabilities, if any, on the information available at the time of our assessment. Significant judgment is required to determine both the probability and the estimated amount of loss given such legal proceedings are inherently unpredictable and subject to significant uncertainties, some of which are beyond our control. Developments in these matters could affect the amount of any liability we may accrue. As additional information becomes available, we may revise our estimates. Any revisions in the estimates of potential liabilities could have a material impact on our operating results and financial position. Further, until the final resolution of any such matter, there may be a loss exposure in excess of the liability recognized and such amount could be significant.
Revenue Recognition
We derive our revenues primarily from subscription fees and professional services fees. A description of our revenue recognition policies is included in Note 2 to our consolidated financial statements "Summary of Significant Accounting Policies."
60
OKTA, INC.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS (continued)
Our contracts with customers often contain multiple performance obligations. For these contracts, we account for individual performance obligations separately if they are distinct. The transaction price of the contract is allocated to the separate performance obligations on a relative standalone selling price ("SSP") basis. Evaluating customer contracts with multiple performance obligations and complex terms may require significant judgment in identifying the distinct performance obligations.
Recent Accounting Pronouncements
See Note 2 to our consolidated financial statements “Summary of Significant Accounting Policies — Accounting Pronouncements Recently Adopted and Recent Accounting Pronouncements Not Yet Adopted" for more information.
61
Item 7A. Quantitative and Qualitative Disclosures about Market Risk
Foreign Currency Exchange Risk
The functional currencies of our foreign subsidiaries are the respective local currencies. Most of our sales are denominated in U.S. dollars, and therefore our revenue is not currently subject to significant foreign currency risk. Our operating expenses are denominated in the currencies of the countries in which our operations are located, which are primarily in the United States, the United Kingdom, Canada and Australia. Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative financial instruments. During fiscal 2025, 2024 and 2023, a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have had a material impact on our consolidated financial statements.
Interest Rate Risk
We had cash, cash equivalents and short-term investments totaling $2,523 million as of January 31, 2025, of which $2,362 million was invested in U.S. treasury securities, money market funds, corporate debt securities and certificates of deposit. Our cash and cash equivalents are held for working capital and general corporate purposes, including potential future acquisition activity. Our short-term investments are made for capital preservation purposes. We do not enter into investments for trading or speculative purposes.
Our cash equivalents and our investment portfolio are subject to market risk due to changes in interest rates. Fixed rate securities may have their market value adversely affected due to a rise in interest rates. Due in part to these factors, our future investment income may fall short of our expectations due to changes in interest rates or we may suffer losses in principal if we are forced to sell securities that decline in market value due to changes in interest rates. However, because we classify our short-term investments as “available-for-sale,” no gains are recognized due to changes in interest rates. As losses due to changes in interest rates are generally not considered to be credit related changes, no losses in such securities are recognized due to changes in interest rates unless we intend to sell, it is more likely than not that we will be required to sell, we sell prior to maturity, or we otherwise determine that all or a portion of the decline in fair value are due to credit related factors.
As of January 31, 2025, a hypothetical 10% relative change in interest rates would not have had a material impact on the value of our cash equivalents or investment portfolio. Fluctuations in the value of our cash equivalents and investment portfolio caused by a change in interest rates (gains or losses on the carrying value) are recorded in other comprehensive income (loss), and are realized only if we sell the underlying securities prior to maturity.
Convertible Senior Notes
In September 2019, we issued the 2025 Notes due September 1, 2025 with a principal amount of $1,060 million. Concurrently with the issuance of the 2025 Notes, we entered into separate capped call transactions. The 2025 Capped Calls were completed to reduce the potential dilution from the conversion of the 2025 Notes. As of January 31, 2025, $510 million principal amount of the 2025 Notes remain outstanding. As of January 31, 2025, the 2025 Notes are classified as current liabilities due to their upcoming maturity on September 1, 2025.
In June 2020, we issued the 2026 Notes due June 15, 2026 with a principal amount of $1,150 million. Concurrently with the issuance of the 2026 Notes, we entered into separate capped call transactions. The 2026 Capped Calls were completed to reduce the potential dilution from the conversion of the 2026 Notes. As of January 31, 2025, $350 million principal amount of the 2026 Notes remain outstanding.
The 2025 Notes and 2026 Notes have a fixed annual interest rate of 0.125% and 0.375%, respectively; accordingly, we do not have economic interest rate exposure on the Notes. However, the fair value of the Notes is exposed to interest rate risk. Generally, the fair market value of the Notes will increase as interest rates fall and decrease as interest rates rise. In addition, the fair value of the Notes fluctuates when the market price of our common stock fluctuates. The fair value was determined based on the quoted bid price of the Notes in an over-the-counter market on the last trading day of the reporting period. See Note 8 to our consolidated financial statements "Convertible Senior Notes, Net" for additional information. Changes in the interest rate environment upon maturity of this fixed rate debt could have an effect on our future cash flows and earnings, depending on whether the debt is replaced with other fixed rate debt, variable rate debt or equity.
62
Item 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
| Page | |||||
63
Report of Independent Registered Public Accounting Firm
To the Stockholders and the Board of Directors of Okta, Inc.
Opinion on the Financial Statements
We have audited the accompanying consolidated balance sheets of Okta, Inc. (the Company) as of January 31, 2025 and 2024, the related consolidated statements of operations, comprehensive income (loss), stockholders' equity and cash flows for each of the three years in the period ended January 31, 2025, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at January 31, 2025 and 2024, and the results of its operations and its cash flows for each of the three years in the period ended January 31, 2025, in conformity with U.S. generally accepted accounting principles.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of January 31, 2025, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework), and our report dated March 5, 2025 expressed an unqualified opinion thereon.
Basis for Opinion
These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
Critical Audit Matter
The critical audit matter communicated below is a matter arising from the current period audit of the financial statements that was communicated or required to be communicated to the audit committee and that: (1) relates to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of the critical audit matter does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matter below, providing a separate opinion on the critical audit matter or on the accounts or disclosures to which it relates.
64
Revenue recognition – Identifying and evaluating terms and conditions in contracts | ||||||||
Description of the Matter | As explained in Note 2 to the consolidated financial statements, the Company derives revenue from subscription fees and professional services fees. The Company’s arrangements are generally non-cancelable and non-refundable. In addition, the arrangements do not provide customers with the right to take possession of the software and, as a result, are accounted for as service arrangements. Subscription revenue, which includes support, is recognized on a straight-line basis over the non-cancelable contractual term of the arrangement, generally beginning on the date that the Company’s service is made available to the customer. Revenue for the Company’s professional services is recognized as services are performed in proportion to their pattern of transfer. Auditing the Company’s accounting for revenue recognition was challenging, specifically related to the appropriate identification and evaluation of non-standard terms and conditions for significant arrangements that involve negotiation of otherwise standard terms with the customer. For example, certain non-standard terms and conditions required judgment to identify the distinct performance obligations. | |||||||
How We Addressed the Matter in Our Audit | We obtained an understanding, evaluated the design and tested the operating effectiveness of the Company’s internal controls over the identification and evaluation of terms and conditions in contracts that impact revenue recognition, including the identification of performance obligations. Among other procedures, on a sample basis, we tested the completeness and accuracy of management’s identification and evaluation of the non-standard terms and conditions in contracts. Further, we selected a sample of significant contractual arrangements that may involve negotiation of standard terms to test that management had properly assessed the impact of any non-standard terms on the identified performance obligations. Additionally, to verify completeness of non-standard terms and conditions, we obtained confirmations of terms and conditions for a sample of arrangements with customers. | |||||||
/s/ Ernst & Young LLP
We have served as the Company’s auditor since 2013.
San Jose, California
March 5, 2025
65
Report of Independent Registered Public Accounting Firm
To the Stockholders and the Board of Directors of Okta, Inc.
Opinion on Internal Control Over Financial Reporting
We have audited Okta, Inc.’s internal control over financial reporting as of January 31, 2025, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Okta, Inc. (the Company) maintained, in all material respects, effective internal control over financial reporting as of January 31, 2025, based on the COSO criteria.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of January 31, 2025 and 2024, the related consolidated statements of operations, comprehensive income (loss), stockholders' equity and cash flows for each of the three years in the period ended January 31, 2025, and the related notes and our report dated March 5, 2025 expressed an unqualified opinion thereon.
Basis for Opinion
The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects.
Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
Definition and Limitations of Internal Control Over Financial Reporting
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
/s/ Ernst & Young LLP
San Jose, California
March 5, 2025
66
OKTA, INC.
CONSOLIDATED BALANCE SHEETS
(dollars in millions, shares in thousands, except per share data)
| As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
| Assets | |||||||||||
| Current assets: | |||||||||||
| Cash and cash equivalents | $ | 409 | $ | 334 | |||||||
| Short-term investments | 2,114 | 1,868 | |||||||||
Accounts receivable, net of allowances of $4 and $6, respectively | 621 | 559 | |||||||||
| Deferred commissions | 140 | 113 | |||||||||
| Prepaid expenses and other current assets | 132 | 106 | |||||||||
| Total current assets | 3,416 | 2,980 | |||||||||
| Property and equipment, net | 43 | 48 | |||||||||
| Operating lease right-of-use assets | 74 | 83 | |||||||||
| Deferred commissions, noncurrent | 267 | 242 | |||||||||
| Intangible assets, net | 138 | 182 | |||||||||
| Goodwill | 5,448 | 5,406 | |||||||||
| Other assets | 51 | 48 | |||||||||
| Total assets | $ | 9,437 | $ | 8,989 | |||||||
| Liabilities and stockholders’ equity | |||||||||||
| Current liabilities: | |||||||||||
| Accounts payable | $ | 13 | $ | 12 | |||||||
| Accrued expenses and other current liabilities | 103 | 115 | |||||||||
| Accrued compensation | 207 | 167 | |||||||||
| Convertible senior notes, net | 509 | — | |||||||||
| Deferred revenue | 1,691 | 1,488 | |||||||||
| Total current liabilities | 2,523 | 1,782 | |||||||||
| Convertible senior notes, net, noncurrent | 349 | 1,154 | |||||||||
| Operating lease liabilities, noncurrent | 94 | 112 | |||||||||
| Deferred revenue, noncurrent | 27 | 23 | |||||||||
| Other liabilities, noncurrent | 39 | 30 | |||||||||
| Total liabilities | 3,032 | 3,101 | |||||||||
Commitments and contingencies (Note 10) | |||||||||||
| Stockholders’ equity: | |||||||||||
Preferred stock, par value $0.0001 per share; 100,000 shares authorized, no shares issued and outstanding as of January 31, 2025 and 2024. | — | — | |||||||||
Class A common stock, par value $0.0001 per share; 1,000,000 shares authorized; 165,650 and 159,835 shares issued and outstanding as of January 31, 2025 and 2024, respectively. | — | — | |||||||||
Class B common stock, par value $0.0001 per share; 120,000 shares authorized; 7,809 and 7,291 shares issued and outstanding as of January 31, 2025 and 2024, respectively. | — | — | |||||||||
| Additional paid-in capital | 9,219 | 8,724 | |||||||||
| Accumulated other comprehensive loss | (12) | (6) | |||||||||
| Accumulated deficit | (2,802) | (2,830) | |||||||||
| Total stockholders’ equity | 6,405 | 5,888 | |||||||||
| Total liabilities and stockholders’ equity | $ | 9,437 | $ | 8,989 | |||||||
See Notes to Consolidated Financial Statements.
67
OKTA, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(dollars in millions, shares in thousands, except per share data)
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| Revenue | |||||||||||||||||
| Subscription | $ | 2,556 | $ | 2,205 | $ | 1,794 | |||||||||||
| Professional services and other | 54 | 58 | 64 | ||||||||||||||
| Total revenue | 2,610 | 2,263 | 1,858 | ||||||||||||||
| Cost of revenue | |||||||||||||||||
| Subscription | 549 | 502 | 464 | ||||||||||||||
| Professional services and other | 69 | 79 | 82 | ||||||||||||||
| Total cost of revenue | 618 | 581 | 546 | ||||||||||||||
| Gross profit | 1,992 | 1,682 | 1,312 | ||||||||||||||
| Operating expenses | |||||||||||||||||
| Research and development | 642 | 656 | 620 | ||||||||||||||
| Sales and marketing | 965 | 1,036 | 1,066 | ||||||||||||||
| General and administrative | 448 | 450 | 409 | ||||||||||||||
| Restructuring and other charges | 11 | 56 | 29 | ||||||||||||||
| Total operating expenses | 2,066 | 2,198 | 2,124 | ||||||||||||||
| Operating loss | (74) | (516) | (812) | ||||||||||||||
| Interest expense | (5) | (8) | (11) | ||||||||||||||
| Interest income and other, net | 106 | 81 | 22 | ||||||||||||||
Gain on early extinguishment of debt | 19 | 106 | — | ||||||||||||||
| Interest and other, net | 120 | 179 | 11 | ||||||||||||||
Income (loss) before provision for income taxes | 46 | (337) | (801) | ||||||||||||||
Provision for income taxes | 18 | 18 | 14 | ||||||||||||||
Net income (loss) | $ | 28 | $ | (355) | $ | (815) | |||||||||||
| Net income (loss) per share, basic | $ | 0.16 | $ | (2.17) | $ | (5.16) | |||||||||||
| Net income (loss) per share, diluted | $ | 0.06 | $ | (2.17) | $ | (5.16) | |||||||||||
| Weighted-average shares used to compute net income (loss) per share, basic | 169,569 | 163,634 | 158,023 | ||||||||||||||
| Weighted-average shares used to compute net income (loss) per share, diluted | 175,086 | 163,634 | 158,023 | ||||||||||||||
See Notes to Consolidated Financial Statements.
68
OKTA, INC.
CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME (LOSS)
(in millions)
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
Net income (loss) | $ | 28 | $ | (355) | $ | (815) | |||||||||||
| Other comprehensive income (loss): | |||||||||||||||||
| Net change in unrealized gains or losses on available-for-sale securities | — | 26 | (12) | ||||||||||||||
| Foreign currency translation adjustments | (6) | 1 | (9) | ||||||||||||||
| Other comprehensive income (loss) | (6) | 27 | (21) | ||||||||||||||
Comprehensive income (loss) | $ | 22 | $ | (328) | $ | (836) | |||||||||||
See Notes to Consolidated Financial Statements.
69
OKTA, INC.
CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY
(dollars in millions, shares in thousands)
Class A Common Stock | Class B Common Stock | Additional Paid-in Capital | Accumulated Other Comprehensive Loss | Accumulated Deficit | Total Stockholders’ Equity | |||||||||||||||||||||||||||||||||||||||||||||
Shares | Amount | Shares | Amount | |||||||||||||||||||||||||||||||||||||||||||||||
| Balances as of January 31, 2022 | 149,624 | $ | — | 6,978 | $ | — | $ | 7,750 | $ | (12) | $ | (1,816) | $ | 5,922 | ||||||||||||||||||||||||||||||||||||
| — | — | — | — | (528) | — | 156 | (372) | |||||||||||||||||||||||||||||||||||||||||||
Issuance of common stock, net | 4,040 | — | 451 | — | 52 | — | — | 52 | ||||||||||||||||||||||||||||||||||||||||||
| Conversion of Class B common stock to Class A common stock | 129 | — | (129) | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||
| Settlement of convertible senior notes | 356 | — | — | — | 17 | — | — | 17 | ||||||||||||||||||||||||||||||||||||||||||
| Proceeds from hedges related to convertible senior notes | (140) | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation | — | — | — | — | 683 | — | — | 683 | ||||||||||||||||||||||||||||||||||||||||||
| Other comprehensive loss | — | — | — | — | — | (21) | — | (21) | ||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | (815) | (815) | ||||||||||||||||||||||||||||||||||||||||||
| Balances as of January 31, 2023 | 154,009 | $ | — | 7,300 | $ | — | $ | 7,974 | $ | (33) | $ | (2,475) | $ | 5,466 | ||||||||||||||||||||||||||||||||||||
Issuance of common stock, net | 5,850 | — | — | — | 67 | — | — | 67 | ||||||||||||||||||||||||||||||||||||||||||
| Conversion of Class B common stock to Class A common stock | 9 | — | (9) | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||
| Proceeds from hedges related to convertible senior notes | (33) | — | — | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation | — | — | — | — | 690 | — | — | 690 | ||||||||||||||||||||||||||||||||||||||||||
Settlement of warrants | — | — | — | — | (7) | — | — | (7) | ||||||||||||||||||||||||||||||||||||||||||
Other comprehensive income | — | — | — | — | — | 27 | — | 27 | ||||||||||||||||||||||||||||||||||||||||||
| Net loss | — | — | — | — | — | — | (355) | (355) | ||||||||||||||||||||||||||||||||||||||||||
Balances as of January 31, 2024 | 159,835 | $ | — | 7,291 | $ | — | $ | 8,724 | $ | (6) | $ | (2,830) | $ | 5,888 | ||||||||||||||||||||||||||||||||||||
Issuance of common stock, net | 5,710 | — | 623 | — | 74 | — | — | 74 | ||||||||||||||||||||||||||||||||||||||||||
Taxes withheld related to net share settlement of equity awards | — | — | — | — | (149) | — | — | (149) | ||||||||||||||||||||||||||||||||||||||||||
| Conversion of Class B common stock to Class A common stock | 105 | — | (105) | — | — | — | — | — | ||||||||||||||||||||||||||||||||||||||||||
| Stock-based compensation | — | — | — | — | 570 | — | — | 570 | ||||||||||||||||||||||||||||||||||||||||||
Other comprehensive loss | — | — | — | — | — | (6) | — | (6) | ||||||||||||||||||||||||||||||||||||||||||
Net income | — | — | — | — | — | — | 28 | 28 | ||||||||||||||||||||||||||||||||||||||||||
Balances as of January 31, 2025 | 165,650 | $ | — | 7,809 | $ | — | $ | 9,219 | $ | (12) | $ | (2,802) | $ | 6,405 | ||||||||||||||||||||||||||||||||||||
See Notes to Consolidated Financial Statements.
70
OKTA, INC.
CONSOLIDATED STATEMENTS OF CASH FLOWS
(in millions)
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| Cash flows from operating activities: | |||||||||||||||||
Net income (loss) | $ | 28 | $ | (355) | $ | (815) | |||||||||||
Adjustments to reconcile net income (loss) to net cash provided by operating activities: | |||||||||||||||||
| Stock-based compensation | 565 | 684 | 677 | ||||||||||||||
| Depreciation, amortization and accretion | 88 | 84 | 114 | ||||||||||||||
| Amortization of deferred commissions | 130 | 104 | 84 | ||||||||||||||
| Deferred income taxes | 2 | 6 | 7 | ||||||||||||||
| Lease impairment charges | — | 28 | 14 | ||||||||||||||
Gain on early extinguishment of debt | (19) | (106) | — | ||||||||||||||
| Other, net | 9 | 13 | 12 | ||||||||||||||
| Changes in operating assets and liabilities: | |||||||||||||||||
| Accounts receivable | (63) | (79) | (87) | ||||||||||||||
| Deferred commissions | (186) | (158) | (122) | ||||||||||||||
| Prepaid expenses and other assets | (37) | (32) | (13) | ||||||||||||||
| Operating lease right-of-use assets | 20 | 23 | 27 | ||||||||||||||
| Accounts payable | 1 | — | (6) | ||||||||||||||
| Accrued compensation | 41 | 68 | (44) | ||||||||||||||
| Accrued expenses and other liabilities | (3) | 21 | 8 | ||||||||||||||
| Operating lease liabilities | (33) | (39) | (34) | ||||||||||||||
| Deferred revenue | 207 | 250 | 264 | ||||||||||||||
| Net cash provided by operating activities | 750 | 512 | 86 | ||||||||||||||
| Cash flows from investing activities: | |||||||||||||||||
Capitalized software | (12) | (15) | (9) | ||||||||||||||
| Purchases of property and equipment | (8) | (8) | (12) | ||||||||||||||
Purchases of securities available-for-sale and other | (1,812) | (1,709) | (1,411) | ||||||||||||||
Proceeds from maturities and redemption of securities available-for-sale | 1,571 | 2,134 | 1,308 | ||||||||||||||
Proceeds from sales of securities available-for-sale and other | 3 | 62 | — | ||||||||||||||
| Payments for business acquisitions, net of cash acquired | (56) | (22) | (4) | ||||||||||||||
Purchases of intangible assets | — | (1) | (2) | ||||||||||||||
Net cash provided by (used in) investing activities | (314) | 441 | (130) | ||||||||||||||
| Cash flows from financing activities: | |||||||||||||||||
Payments for repurchases of convertible senior notes | (280) | (937) | — | ||||||||||||||
| Taxes paid related to net share settlement of equity awards | (148) | — | — | ||||||||||||||
| Payments for warrants related to convertible senior notes | — | (7) | — | ||||||||||||||
Proceeds from stock option exercises | 27 | 15 | 17 | ||||||||||||||
| Proceeds from shares issued in connection with employee stock purchase plan | 42 | 46 | 31 | ||||||||||||||
Net cash provided by (used in) financing activities | (359) | (883) | 48 | ||||||||||||||
| Effects of changes in foreign currency exchange rates on cash, cash equivalents and restricted cash | (4) | 1 | (6) | ||||||||||||||
Net increase (decrease) in cash, cash equivalents and restricted cash | 73 | 71 | (2) | ||||||||||||||
| Cash, cash equivalents and restricted cash at beginning of year | 342 | 271 | 273 | ||||||||||||||
| Cash, cash equivalents and restricted cash at end of year | $ | 415 | $ | 342 | $ | 271 | |||||||||||
71
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| Supplementary cash flow disclosure: | |||||||||||||||||
| Cash paid during the period for: | |||||||||||||||||
| Interest | $ | 3 | $ | 5 | $ | 6 | |||||||||||
| Income taxes | 19 | 14 | 8 | ||||||||||||||
| Non-cash investing and financing activities: | |||||||||||||||||
| Issuance of common stock for repurchases and conversions of convertible senior notes | — | — | 47 | ||||||||||||||
| Benefit from exercise of hedges related to convertible senior notes | — | 2 | 18 | ||||||||||||||
| Operating lease right-of-use assets exchanged for lease liabilities | 9 | 11 | 11 | ||||||||||||||
| Reconciliation of cash, cash equivalents, and restricted cash within the consolidated balance sheets to the amounts shown in the statements of cash flows above: | |||||||||||||||||
| Cash and cash equivalents | $ | 409 | $ | 334 | $ | 264 | |||||||||||
| Restricted cash, current included in prepaid expenses and other current assets | 1 | 2 | — | ||||||||||||||
| Restricted cash, noncurrent included in other assets | 5 | 6 | 7 | ||||||||||||||
| Total cash, cash equivalents and restricted cash | $ | 415 | $ | 342 | $ | 271 | |||||||||||
See Notes to Consolidated Financial Statements.
72
1. Overview and Basis of Presentation
Description of Business
Okta, Inc. (the “Company”) is the leading independent identity partner. The Company’s Okta Platform and Auth0 Platform enable customers to securely connect the right people to the right technologies and services at the right time. Employees and contractors sign into the Okta Platform to seamlessly and securely access the applications they need to do their most important work with more modern and secure experiences in the cloud and via mobile devices. Developers leverage the Okta Platform and Auth0 Platform to securely and efficiently embed identity into the software they build, allowing them to innovate and focus on their core mission. The Company is headquartered in San Francisco, California.
Basis of Presentation and Principles of Consolidation
The accompanying consolidated financial statements, which include the accounts of the Company and its wholly owned subsidiaries, have been prepared in conformity with accounting principles generally accepted in the United States of America ("GAAP"). All intercompany balances and transactions have been eliminated in consolidation.
The Company’s fiscal year ends on January 31. References to fiscal 2025, for example, refer to the fiscal year ended January 31, 2025.
Certain prior period amounts have been reclassified to conform to the current period presentation.
Segments
The Company conducts business globally and is managed, operated and organized by major functional departments that operate on a consolidated basis. As a result, the Company operates as one reportable segment. The Company employs a SaaS business model and generates revenue primarily by selling multi-year subscriptions to its cloud-based offerings.
The Company’s chief operating decision maker ("CODM") is the chief executive officer. The CODM utilizes consolidated GAAP and non-GAAP measures of profit and loss to evaluate the Company's overall performance and inform resource allocation to support strategic priorities and capital allocation needs. The profit and loss measure most consistent with GAAP used by the CODM is consolidated net income (loss).
The CODM is regularly provided with budgeted expense information and consolidated expense data. Accordingly, significant segment expenses are inherently reflected in the consolidated financial statements and related notes.
Use of Estimates
The preparation of consolidated financial statements in conformity with GAAP requires estimates, judgments and assumptions that affect the reported amounts of assets and liabilities, disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenue and expenses during the reporting period. Estimates are based on historical experience and on other assumptions that management believes are reasonable under the circumstances. Actual results could vary from those estimates. The Company’s most significant estimates include the valuation of deferred income tax assets, uncertain tax positions, assets and liabilities acquired in business combinations, and loss contingencies related to litigation.
Foreign Currency
The functional currencies of the Company’s foreign subsidiaries are the respective local currencies. Translation adjustments arising from the use of differing exchange rates from period to period are included in accumulated other comprehensive loss within the consolidated statements of stockholders’ equity. Foreign currency transaction gains and losses are included in interest and other, net in the consolidated statements of operations and were not material in fiscal 2025, 2024 or 2023. All assets and liabilities denominated in a foreign currency are translated into U.S. dollars at the exchange rate on the balance sheet date. Revenue and expenses are translated at the average exchange rate during the period.
73
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
2. Summary of Significant Accounting Policies
Revenue Recognition
Revenue is derived from subscription fees (which include support fees) and professional services fees. The Company sells subscriptions to its platforms through arrangements that are generally to five years in length. The arrangements are generally non-cancellable and non-refundable. Furthermore, if a customer reduces the contracted usage or service level, the customer has no right of refund. The subscription arrangements do not provide customers with the right to take possession of the software supporting the platforms and, as a result, are accounted for as service arrangements. This revenue recognition policy is consistent for sales generated directly with customers and sales generated indirectly through channel partners.
Revenue recognition is determined through the following steps:
•Identification of the contract, or contracts, with a customer;
•Identification of the performance obligations in the contract;
•Determination of the transaction price;
•Allocation of the transaction price to the performance obligations in the contract; and
•Recognition of revenue when, or as, the performance obligations are satisfied.
The Company recognizes revenue net of any applicable value added or sales tax.
Subscription Revenue
Subscription revenue, which includes support, is recognized on a straight-line basis over the non-cancellable contractual term of the arrangement, generally beginning on the date that the Company’s service is made available to the customer.
Professional Services Revenue
Professional services principally consist of customer-specific requests for application integrations, user interface enhancements and other customer-specific requests. Revenue for professional services is recognized as services are performed in proportion to their pattern of transfer.
Contracts with Multiple Performance Obligations
Some of the Company’s contracts with customers contain multiple performance obligations. For these contracts, the Company accounts for individual performance obligations separately if they are distinct. The transaction price is allocated to the separate performance obligations on a relative standalone selling price ("SSP") basis.
The Company determines SSP based on observable, if available, prices for those related services when sold separately. When such observable prices are not available, the Company determines SSP based on overarching pricing objectives and strategies, taking into consideration market conditions and other factors, including customer size, volume purchased, market and industry conditions, product-specific factors and historical sales of the deliverables. Pricing objectives, market conditions or other factors may change in the future resulting in changes to standalone selling prices that could impact the timing or amount of revenue recognition.
Deferred Revenue
Deferred revenue consists primarily of payments received and accounts receivable recorded in advance of revenue recognition under the Company’s subscription and support services and professional services arrangements. The Company primarily invoices its customers for its subscription services arrangements annually in advance. The Company’s payment terms generally provide that customers pay the invoiced portion of the total arrangement fee within 30 days of the invoice date. Amounts anticipated to be recognized within one year of the balance sheet date are recorded as deferred revenue, current; the remaining portion is recorded as deferred revenue, noncurrent in the consolidated balance sheets.
74
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
Deferred Commissions
Sales commissions earned by the Company’s sales force are generally considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions for new revenue contracts, including incremental sales to existing customers, are deferred and then amortized on a straight-line basis over a period of benefit, which is determined to be generally five years. The Company determined the period of benefit by taking into consideration the terms of its customer contracts, its technology and other factors. Sales commissions for renewal contracts are deferred and then amortized on a straight-line basis over the contractual term.
Sales commissions capitalized as contract costs totaled $186 million and $158 million in fiscal 2025 and 2024, respectively. Amortization of contract costs totaled $130 million, $104 million and $84 million in fiscal 2025, 2024 and 2023, respectively. Amortization expense is included in sales and marketing expenses in the accompanying consolidated statements of operations.
Cost of Revenue
Costs of revenue primarily consist of costs related to providing the Company’s cloud-based platforms to its customers, including third-party hosting fees, amortization of capitalized internal-use software and finite-lived purchased developed technology, customer support, other employee-related expenses for security, technical operations and professional services staff, and allocated overhead costs.
Research and Development
Research and development expense incurred in the normal course of business is expensed as incurred.
Software Development Costs
Qualifying internally-developed software development costs, including the associated stock-based compensation expenses, are capitalized during the application development stage, as long as management has authorized and committed to funding the project, it is probable the project will be completed and the software will be used to perform the function intended. Capitalization of such costs ceases once the project is substantially complete and ready for its intended use. Capitalized software development costs are included in Intangible assets, net on the consolidated balance sheets and are amortized on a straight-line basis over an expected useful life of 3 years.
Advertising Expenses
Advertising costs are expensed as incurred. Advertising expense was $68 million, $65 million, and $77 million in fiscal 2025, 2024 and 2023, respectively.
Restructuring and Other Charges
Restructuring generally includes significant actions involving employee-related severance charges, facilities consolidation and contract termination costs. Employee-related severance charges are largely based upon substantive severance plans, while some are mandated requirements in certain foreign jurisdictions. Severance costs generally include severance payments, outplacement services, health insurance coverage and legal costs. These charges are reflected in the period when both the actions are probable, at the balance sheet date, and the amounts are reasonably estimable. Right-of-use asset impairments are recognized on the date the premises have been vacated or the Company have ceased-use of the leased facilities.
Actual results may differ from the Company's estimates and assumptions. Restructuring liabilities are classified in accrued expenses and other current liabilities in the consolidated balance sheets.
Stock-Based Compensation
The Company's equity incentive plans provide for granting stock options, restricted stock units ("RSUs"), restricted stock awards to employees, consultants, officers and directors and RSUs with market-based vesting conditions to certain executives. In addition, the Company offers an employee stock purchase program ("ESPP") to eligible employees.
Stock-based compensation expense related to stock awards (including stock options, RSUs, market-based RSUs, and ESPP) is measured based on the fair value of the awards granted and recognized as an expense over the requisite service period.
75
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
The fair value of each option and ESPP awards are estimated on the grant date using the Black-Scholes option pricing model which requires the use of various assumptions, including the expected term of the award, the expected volatility of the price of the underlying common stock, risk-free interest rates, and expected dividend yield of the underlying common stock. Stock-based compensation expense is recognized following the straight-line attribution method over the requisite service period for options, and over the offering period for ESPP awards. The expected term of the Company’s stock options, which were last granted to employees in fiscal 2022, was determined utilizing the simplified method due to lack of historical exercise data. The expected volatility was determined using a weighted-average of the historical volatility measures of a group of guideline companies and the Company's own historical volatility. The risk-free interest rate was based on the U.S. Treasury yield in effect at the time of grant for a period consistent with the expected term of the award. The expected dividend was assumed to be zero as the Company has never declared or paid any cash dividends and do not currently intend to declare dividends in the foreseeable future.
The fair value of each RSU award is based on the fair value of the underlying common stock as of the grant date. Stock-based compensation expense is recognized on a straight-line basis over the requisite service period, generally to four years.
The fair value of each market-based RSU award is measured using a Monte Carlo simulation valuation model which requires the use of various assumptions, including the stock price volatility and risk-free interest rate as of the valuation date corresponding to the length of time remaining in the performance period. Stock-based compensation expense for awards with market conditions is recognized over the requisite service period using the accelerated attribution method and is not reversed if the market condition is not met.
The assumptions used to determine the fair value of the stock awards represent management's best estimates. These estimates involve inherent uncertainties and the application of management's judgment. Forfeitures are accounted for as they occur.
Income Taxes
Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial statement carrying amounts of assets and liabilities and their respective tax basis. Deferred tax assets are also recognized for operating losses and tax credit carry forwards. Valuation allowances are recorded to reduce deferred tax assets when it is more likely than not that a tax benefit will not be realized. Management considers all positive and negative evidence in evaluating the Company’s ability to realize its deferred tax assets, for example its historical results and forecasts of future ability to realize its deferred tax assets, including forecasts of future taxable income by jurisdiction. Deferred tax assets and liabilities are measured using enacted tax rates applicable in the years in which they are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax law is recognized in the provision for income taxes in the period that includes the enactment date.
The Company does not provide for income taxes on undistributed earnings of subsidiaries that are intended to be indefinitely reinvested. Where the Company does not intend to indefinitely reinvest subsidiary earnings, income and withholding taxes, as applicable, are provided on such undistributed earnings.
The calculation of tax liabilities involves dealing with uncertainties in the application of complex tax regulations. The Company determines if the weight of available evidence indicates that it is more likely than not that a tax position will be sustained on tax audit, assuming that all issues are audited and resolution of any related appeals or litigation processes are considered. The tax benefit is then measured as the largest amount that is more than 50% likely to be realized upon ultimate settlement. The reserves for uncertain tax positions are adjusted as facts and circumstances change, for example on closing of a tax audit, expiration of statutes of limitation on potential assessments or refinement of an estimate. To the extent that the final outcome of these matters is different than the amounts recorded, such differences will impact the provision for income taxes in the period in which such a determination is made. The provisions for income taxes include the impact of reserves for uncertain tax positions, along with the related interest and penalties.
Cash, Cash Equivalents and Restricted Cash
Cash and cash equivalents consist of cash on hand and highly liquid investments with original maturities of three months or less from the date of purchase. Cash equivalents generally consist of investments in money market
76
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
funds. The fair market value of cash equivalents approximated their carrying value as of January 31, 2025 and 2024.
As of January 31, 2025 and 2024, the Company's restricted cash balance was $6 million and $8 million, respectively, primarily related to letters of credit for its facility lease agreements.
Short-Term Investments
The Company’s short-term investments comprise of U.S. treasury securities, corporate debt securities and certificates of deposit. The Company determines the appropriate classification of its short-term investments at the time of purchase and reevaluates such designation at each balance sheet date. The Company has classified and accounted for its short-term investments as available-for-sale securities as the Company may sell these securities at any time for use in its current operations or for other purposes, even prior to maturity. As a result, short-term investments, including securities with stated maturities beyond twelve months, are classified within current assets in the consolidated balance sheets.
Available-for-sale securities are recorded at fair value each reporting period and are periodically evaluated for impairment. For unrealized losses in securities that the Company intends to hold and will not more likely than not be required to sell before recovery, the Company further evaluates whether declines in fair value below amortized cost are due to credit or non-credit related factors.
The Company considers credit related impairments to be changes in value that are driven by a change in the creditor’s ability to meet its payment obligations, and records an allowance and recognizes a corresponding loss in interest income and other, net when the impairment is incurred. Unrealized non-credit related losses and unrealized gains are reported as a separate component of accumulated other comprehensive loss in the consolidated balance sheets until realized. Realized gains and losses are determined based on the specific identification method and are reported in interest income and other, net in the consolidated statements of operations.
Strategic Investments
The Company's strategic investments consist primarily of equity investments in privately held companies and are included in Other assets on the consolidated balance sheets. Investments in privately held companies without readily determinable fair values in which the Company does not own a controlling interest or have significant influence over are measured using the measurement alternative. In applying the measurement alternative, the Company adjusts the carrying values of strategic investments based on observable price changes from orderly transactions for identical or similar investments of the same issuer. Additionally, the Company evaluates its strategic investments at least quarterly for impairment. Adjustments and impairments are recorded in Interest and other, net on the consolidated statements of operations.
In determining the estimated fair value of its strategic investments in privately held companies, the Company uses the most recent and available data. Valuations of privately held securities are inherently complex due to the lack of readily available market data and require the use of judgment. The determination of whether an orderly transaction is for an identical or similar investment requires use of significant judgment. In its evaluation, the Company considers factors such as differences in the rights and preferences of the investments and the extent to which those differences would affect the fair values of those investments. The Company’s impairment analysis encompasses an assessment of both qualitative and quantitative factors including the investee's financial metrics, market acceptance of the investee's product or technology, general market conditions and liquidity considerations.
Accounts Receivable and Allowances
Accounts receivable are recorded at the invoiced amount, net of allowances. These allowances are based on the Company’s assessment of the collectibility of accounts by considering the age of each outstanding invoice, the collection history of each customer, and an evaluation of current expected risk of credit loss based on current economic conditions and reasonable and supportable forecasts of future economic conditions over the life of the receivable. The Company assesses collectibility by reviewing accounts receivable on an aggregated basis where similar characteristics exist and on an individual basis when specific customers with collectibility issues are identified. Amounts deemed uncollectible are recorded as an allowance in the consolidated balance sheets with an offsetting decrease in deferred revenue or a charge to general and administrative expense in the consolidated statements of operations.
77
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
Property and Equipment
Property and equipment, net, is stated at cost less accumulated depreciation. Depreciation is recorded using the straight-line method over the estimated useful lives of the respective assets. Repairs and maintenance costs are expensed as incurred.
The useful lives of property and equipment are as follows:
| Useful lives | |||||
| Computers and equipment | 3 years | ||||
| Furniture and fixtures | 7 years | ||||
| Leasehold improvements | Shorter of estimated useful life or remaining lease term | ||||
Business Combinations
Business combinations are accounted for under the acquisition method of accounting, which requires the acquired assets, including separately identifiable intangible assets, and assumed liabilities to be recorded as of the acquisition date at their respective estimated fair values. Any excess of the purchase price over the fair value of the assets acquired, including separately identifiable intangible assets and liabilities assumed, is recorded as goodwill.
The determination of the fair value of assets acquired and liabilities assumed involves assessments of factors such as the expected future cash flows associated with individual assets and liabilities and appropriate discount rates at the date of the acquisition. Significant management inputs used in the estimation of fair value of assets acquired and liabilities assumed include, but are not limited to, expected future cash flows, future changes in technology, estimated replacement costs, person hours required in recreating certain acquired technologies, discount rates and assumptions about the period of time the brand will continue to be used in the Company’s portfolio. Where appropriate, external advisers are consulted to assist in the determination of fair value. For non-observable market values, fair value has been determined using acceptable valuation methods. The Company uses its best estimates and assumptions to assign fair value to the tangible and intangible assets acquired and liabilities assumed at the acquisition date. The Company’s estimates are inherently uncertain and subject to refinement. During the measurement period, which may be up to one year from the acquisition date, the Company may record adjustments to the fair value of these tangible and intangible assets acquired and liabilities assumed, with the corresponding offset to goodwill. The results of operations for businesses acquired are included in the financial statements from the acquisition date. Acquisition-related expenses and post-acquisition restructuring costs are recognized separately from the business combination and are expensed as incurred.
Goodwill and Other Long-Lived Assets
Goodwill represents the excess of the purchase price over the estimated fair value of net assets of businesses acquired in a business combination. Goodwill amounts are not amortized. Goodwill is tested for impairment annually on the first day of the fourth quarter of each fiscal year, or whenever events or changes in circumstances indicate the carrying amount of goodwill may not be recoverable. The Company operates as a single operating segment.
Management has the option to first perform a qualitative assessment to determine whether it is more likely than not that the fair value of the Company’s reporting unit is less than the carrying amount, including goodwill. The Company also has the option, which the Company has elected, to bypass the qualitative assessment, and perform the quantitative assessment. The quantitative assessment involves comparing the fair value of the reporting unit to its carrying value, including goodwill. An impairment charge is recognized for the amount by which the carrying amount exceeds the reporting unit’s fair value, not to exceed the total amount of goodwill allocated to that reporting unit. No goodwill impairments were recorded during the years presented based on the assessments performed.
Long-lived assets, such as property and equipment and finite-lived intangible assets subject to amortization are reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount of such assets may not be recoverable. Recoverability of assets to be held and used is measured by comparing the carrying amount to the estimated undiscounted future cash flows expected to be generated. If the carrying amount exceeds the undiscounted cash flows, the assets are determined to be impaired and an impairment charge is recognized as the amount by which the carrying amount exceeds its fair value. Intangible assets with finite lives are amortized on a straight-line basis over their estimated useful lives.
78
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
Operating Leases and Incremental Borrowing Rate
The Company leases office space under operating leases with expiration dates through 2030. The Company determines whether an arrangement constitutes a lease and records lease liabilities and right-of-use assets on its consolidated balance sheets at lease commencement. Lease liabilities are measured based on the present value of the total lease payments not yet paid, discounted based on the more readily determinable of either the rate implicit in the lease or the incremental borrowing rate, which is the estimated rate the Company would be required to pay for a collateralized borrowing equal to the total lease payments over the term of the lease. The estimation of the incremental borrowing rate is based on an estimate of the Company's unsecured borrowing rate, adjusted for tenor and collateralized security features. Lease liabilities due within twelve months are included within accrued expenses and other current liabilities on the consolidated balance sheet. Right-of-use assets are measured based on the corresponding lease liability adjusted for (i) payments made to the lessor at or before the commencement date, (ii) initial direct costs incurred and (iii) tenant incentives received, incurred or payable under the lease. Recognition of rent expense begins when the lessor makes the underlying asset available to the Company. The Company does not assume renewals or early terminations of its leases unless it is reasonably certain to exercise these options at commencement and does not allocate consideration between lease and non-lease components.
For leases with a lease term of 12 months or less ("short-term leases"), rent expense is recorded in the consolidated statements of operations on a straight-line basis over the lease term and records variable lease payments as incurred.
Loss Contingencies
The Company is periodically involved in various legal claims and proceedings. The Company routinely reviews the status of each significant matter and assesses its potential financial exposure. If the potential loss from any matter is considered probable and the amount can be reasonably estimated, the Company records a liability for the estimated loss. If either or both of the criteria for recording the liability are not met, the Company assesses whether there is at least a reasonable possibility that a loss, or additional losses, may have been incurred. If there is a reasonable possibility that a loss may have been incurred, the Company discloses the estimate of the amount of loss or range of loss, discloses that the amount is immaterial, or discloses that an estimate of loss cannot be made, as applicable. Because of inherent uncertainties related to these legal matters, the Company bases its loss accruals on the best information available at the time. As additional information becomes available, the Company reassesses its potential liability and may review its estimates. Actual outcomes of these legal and regulatory proceedings may differ materially from the Company’s estimates.
Concentrations of Risk
Financial instruments that are exposed to concentrations of credit risk consist primarily of cash and cash equivalents, short-term investments and accounts receivable. The Company's short-term investments are primarily intended to facilitate liquidity and capital preservation and consist predominately of highly liquid investment-grade fixed-income securities, diversified among industries and individual issuers. The Company's policy is designed to limit exposure from any particular issuer or institution.
Credit risk arising from accounts receivable is mitigated due to the large number of customers and their dispersion across various industries and geographies. For the periods presented, there were no customers that represented more than 10% of the Company's accounts receivable balance or total revenue.
The Company serves customers and users from data center facilities located across various different physical locations, such as the U.S., Europe and Asia-Pacific, most of which are operated by a single third party. The Company has disaster recovery protocols at the third-party service providers. Even with these procedures for disaster recovery in place, access to the Company's service could be significantly interrupted, resulting in an adverse effect on its operating results and financial condition.
Net Income (Loss) per Share
The Company computes basic and diluted net income (loss) per share attributable to common stockholders for Class A and Class B common stock using the two-class method required for participating securities. Under the two-class method, basic net income (loss) per share attributable to common stockholders is computed by dividing the net income (loss) attributable to common stockholders by the weighted-average number of shares of common stock outstanding during the period.
79
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
Diluted earnings per share attributable to common stockholders is computed by giving effect to all potential shares of common stock, including shares underlying convertible senior notes, unvested RSUs, outstanding stock options, unvested common stock and restricted stock issued in connection with certain business combinations, and ESPP obligations, to the extent they are dilutive. The dilutive effect of potentially dilutive common shares included in diluted earnings per share is determined in accordance with the treasury stock, if-converted, or contingently issuable accounting methods, depending on the nature of the security.
The rights of the holders of the Company's Class A and Class B common stock are identical, except with respect to voting and conversion rights.
Accounting Pronouncements Recently Adopted
In November 2023, the Financial Accounting Standards Board (“FASB”) issued guidance which requires potential disclosure of incremental segment information on an annual and interim basis. This guidance is effective for fiscal years beginning after December 15, 2023, and interim periods within fiscal years beginning after December 15, 2024, and requires retrospective application to all prior periods presented in the financial statements. The Company adopted this guidance in fiscal 2025 with no material impact to its consolidated financial statements.
Recent Accounting Pronouncements Not Yet Adopted
In December 2023, the FASB issued guidance to provide disaggregated income tax disclosures on the rate reconciliation and income taxes paid. This guidance is effective for annual periods beginning after December 15, 2024, with early adoption permitted. The Company intends to adopt this guidance in fiscal 2026 and expects the adoption of the updated guidance to result in disclosure of additional disaggregated tax information.
In November 2024, the FASB issued guidance requiring the disclosure, in the notes to financial statements, of specified disaggregated income statement expense information. This guidance is effective for annual periods beginning after December 15, 2026, and interim reporting periods beginning after December 15, 2027, with early adoption permitted. The Company is currently evaluating the impact of this guidance.
3. Restructuring and Other Charges
The following table summarizes the Company’s restructuring and other charges during fiscal 2025, 2024 and 2023:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Severance and termination benefit costs | $ | 11 | $ | 28 | $ | 15 | |||||||||||
| Lease impairment charges | — | 28 | 14 | ||||||||||||||
| Total | $ | 11 | $ | 56 | $ | 29 | |||||||||||
The following table summarizes the Company’s restructuring liability related to severance and termination benefit costs that is included in Accrued expenses and other current liabilities on the consolidated balance sheets:
| Severance and termination benefit costs | |||||
| (dollars in millions) | |||||
Balance as of January 31, 2023 | $ | 15 | |||
| Restructuring charges | 28 | ||||
| Cash payments | (19) | ||||
Balance as of January 31, 2024 | 24 | ||||
| Restructuring charges | 11 | ||||
| Cash payments | (24) | ||||
Balance as of January 31, 2025 | $ | 11 | |||
80
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
2025 Restructuring Plan
During fiscal 2025, the Company approved a restructuring plan (the “2025 Restructuring Plan”) intended to reallocate resources toward priorities to drive growth. The 2025 Restructuring Plan involved a reduction of the Company’s workforce by approximately 180 full-time employees. The 2025 Restructuring Plan is expected to be substantially complete by the first quarter of fiscal 2026, and the Company recognized aggregate restructuring costs of $11 million in fiscal 2025.
2024 Restructuring Plan
During fiscal 2024, the Company approved a restructuring plan (the “2024 Restructuring Plan”) intended to improve operating efficiencies and profitability. The 2024 Restructuring Plan involved a reduction of the Company’s workforce by approximately 400 full-time employees. The 2024 Restructuring Plan was substantially complete by the first quarter of fiscal 2025 and the Company recognized aggregate restructuring costs of $24 million in fiscal 2024.
Separate from the 2024 Restructuring Plan, the Company recognized $4 million of severance and termination benefit costs related to an insignificant workforce reduction in fiscal 2024.
2023 Restructuring Plan & Real Estate Optimization Plan
During fiscal 2023, the Company approved a restructuring plan (the “2023 Restructuring Plan”) intended to reduce operating expenses and improve profitability. The 2023 Restructuring Plan involved a reduction of the Company’s workforce by approximately 300 full-time employees. The 2023 Restructuring Plan was substantially complete by the first quarter of fiscal 2024 and the Company recognized aggregate restructuring costs of $15 million in fiscal 2023.
Additionally, during fiscal 2023 the Company implemented a real estate optimization plan which provided for closing duplicative sites and decommissioning underutilized offices and floors. As result, the Company recognized non-cash lease impairment charges of $28 million and $14 million in fiscal 2024 and fiscal 2023, respectively.
4. Cash Equivalents and Investments
Cash Equivalents and Short-term Investments
Financial assets are measured at fair value each reporting period using a fair value hierarchy that prioritizes the use of observable inputs and minimizes the use of unobservable inputs when measuring fair value. A financial instrument’s classification within the fair value hierarchy is based upon the lowest level of input that is significant to the fair value measurement.
Three levels of inputs may be used to measure as follows:
•Level 1 — Valuations based on observable inputs that reflect quoted prices for identical assets or liabilities in active markets.
•Level 2 — Valuations based on other inputs that are directly or indirectly observable in the marketplace.
•Level 3 — Valuations based on unobservable inputs that are supported by little or no market activity.
81
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
The following table presents the estimated fair value of cash equivalents and short-term investments:
As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
(dollars in millions) | |||||||||||
Cash equivalents: | |||||||||||
Money market funds (Level 1) | $ | 225 | $ | 151 | |||||||
Certificates of deposit (Level 2) | 23 | — | |||||||||
| Total cash equivalents | 248 | 151 | |||||||||
Level 2: | |||||||||||
Short-term investments (Available-for-sale): | |||||||||||
| U.S. treasury securities | 1,788 | 1,784 | |||||||||
| Corporate debt securities | 281 | 43 | |||||||||
Certificates of deposit | 45 | 41 | |||||||||
| Total short-term investments | 2,114 | 1,868 | |||||||||
| Total | $ | 2,362 | $ | 2,019 | |||||||
The following table presents the contractual maturities of the Company's short-term investments:
| As of January 31, 2025 | |||||
Estimated Fair Value | |||||
| (dollars in millions) | |||||
| Due within one year | $ | 1,456 | |||
| Due between one to five years | 658 | ||||
| Total | $ | 2,114 | |||
Interest receivable of $24 million and $20 million is included in Prepaid expenses and other current assets on the consolidated balance sheets as of January 31, 2025 and 2024, respectively.
There were no material differences between the estimated fair value and amortized cost of our cash equivalents and short-term investments as of January 31, 2025 and 2024.
For available-for-sale debt securities that have unrealized losses, there were no material credit or non-credit related impairments for short-term investments as of January 31, 2025 and 2024.
Strategic Investments
Strategic investments primarily include equity investments in privately-held companies, which do not have a readily determinable fair value. Strategic investments are classified as Level 3 in the fair value hierarchy as nonrecurring fair value measurements may include observable and unobservable inputs. As of January 31, 2025 and 2024, the balance of strategic investments was $30 million and $26 million, respectively.
5. Goodwill and Intangible Assets, net
Goodwill
As of January 31, 2025 and 2024, goodwill was $5,448 million and $5,406 million, respectively. No goodwill impairments were recorded during fiscal 2025, 2024 and 2023.
82
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
Intangible Assets, net
Intangible assets consisted of the following:
| As of January 31, 2025 | |||||||||||||||||
| Gross | Accumulated Amortization | Net | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Purchased developed technology | $ | 239 | $ | (179) | $ | 60 | |||||||||||
| Customer relationships | 116 | (85) | 31 | ||||||||||||||
| Capitalized internal-use software costs | 54 | (19) | 35 | ||||||||||||||
| Trade name | 21 | (16) | 5 | ||||||||||||||
| Other | 10 | (3) | 7 | ||||||||||||||
| $ | 440 | $ | (302) | $ | 138 | ||||||||||||
| As of January 31, 2024 | |||||||||||||||||
| Gross | Accumulated Amortization | Net | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Purchased developed technology | $ | 220 | $ | (134) | $ | 86 | |||||||||||
| Customer relationships | 116 | (62) | 54 | ||||||||||||||
| Capitalized internal-use software costs | 48 | (17) | 31 | ||||||||||||||
| Trade name | 21 | (12) | 9 | ||||||||||||||
| Other | 4 | (2) | 2 | ||||||||||||||
| $ | 409 | $ | (227) | $ | 182 | ||||||||||||
The weighted-average remaining useful lives of the Company’s acquired intangible assets are as follows:
| Weighted-Average Remaining Useful Life | |||||||||||
| As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
| Purchased developed technology | 1.9 years | 2.2 years | |||||||||
| Customer relationships | 1.6 years | 2.5 years | |||||||||
| Trade name | 1.3 years | 2.3 years | |||||||||
As of January 31, 2025, estimated remaining amortization expense for the intangible assets by fiscal year was as follows:
| Remaining Amortization | |||||
| (dollars in millions) | |||||
| 2026 | $ | 81 | |||
| 2027 | 36 | ||||
| 2028 | 13 | ||||
| 2029 | 6 | ||||
| 2030 | 1 | ||||
| Thereafter | 1 | ||||
| Total | $ | 138 | |||
Amortization expense of intangible assets was $85 million, $87 million and $93 million in fiscal 2025, 2024 and 2023, respectively.
83
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
6. Property and Equipment, net
Property and equipment consisted of the following:
| As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
| (dollars in millions) | |||||||||||
| Furniture and fixtures | $ | 15 | $ | 18 | |||||||
| Leasehold improvements | 84 | 92 | |||||||||
| Property and equipment, gross | 99 | 110 | |||||||||
| Less accumulated depreciation | (56) | (62) | |||||||||
| Property and equipment, net | $ | 43 | $ | 48 | |||||||
Depreciation expense was $13 million in fiscal 2025 and $12 million in fiscal 2024 and 2023.
7. Deferred Revenue and Performance Obligations
Deferred Revenue
Deferred revenue, which is a contract liability, consists primarily of payments received and accounts receivable recorded in advance of revenue recognition under the Company’s contracts with customers and is recognized as the revenue recognition criteria are met.
Subscription revenue recognized during fiscal 2025 and 2024 that was included in the deferred revenue balances at the beginning of the respective periods was $1,456 million and $1,229 million, respectively.
Transaction Price Allocated to the Remaining Performance Obligations
Transaction price allocated to the remaining performance obligations represents all future, non-cancelable contracted revenue that has not yet been recognized, inclusive of deferred revenue that has been invoiced and non-cancelable amounts that will be invoiced and recognized as revenue in future periods.
Total remaining non-cancelable performance obligations under subscription contracts with customers was approximately $4,215 million as of January 31, 2025. Of this amount, the Company expects to recognize revenue of approximately $2,248 million, or 53%, over the next 12 months, with the balance to be recognized as revenue thereafter. Remaining performance obligations for professional services and other contracts as of January 31, 2025 were not material.
8. Convertible Senior Notes, Net
Convertible Senior Notes
The convertible senior notes due in 2025 (“2025 Notes”) and 2026 (“2026 Notes” and together with the 2025 Notes, the “Notes”), are recorded at face value less unamortized debt issuance costs.
During fiscal 2025, the Company repurchased $42 million principal amount of the 2025 Notes for $40 million in cash, and $258 million principal amount of the 2026 Notes for $240 million in cash, resulting in a gain on early extinguishment of debt of $19 million.
During fiscal 2024, the Company repurchased $508 million principal amount of the 2025 Notes for $462 million in cash, and $542 million principal amount of the 2026 Notes for $475 million in cash, resulting in a gain on early extinguishment of debt of $106 million.
2025 Convertible Senior Notes
The 2025 Notes are senior, unsecured obligations of the Company, and bear interest at a fixed rate of 0.125% per year. Interest is payable in cash semi-annually in arrears on March 1 and September 1 of each year, beginning on March 1, 2020. The 2025 Notes mature on September 1, 2025 unless earlier redeemed, repurchased or converted.
84
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
The terms of the 2025 Notes are governed by an Indenture by and between the Company and Wilmington Trust, National Association, as Trustee (the "2025 Indenture"). Upon conversion, the 2025 Notes may be settled in cash, shares of Class A common stock or a combination of cash and shares of Class A common stock, at the Company’s election.
The 2025 Notes are convertible at an initial conversion rate of 5.2991 shares of Class A common stock per $1,000 principal amount of the 2025 Notes, which is equal to an initial conversion price of approximately $188.71 per share of Class A common stock, subject to adjustment under certain circumstances in accordance with the terms of the 2025 Indenture. Prior to the close of business on the business day immediately preceding June 1, 2025, holders of the 2025 Notes may convert all or a portion of their 2025 Notes only in multiples of $1,000 principal amount, under the following circumstances:
•during any fiscal quarter commencing after the fiscal quarter ending on January 31, 2020 (and only during such fiscal quarter), if the last reported sale price of Class A common stock for at least 20 trading days (whether or not consecutive) during the period of 30 consecutive trading days ending on, and including, the last trading day of the immediately preceding fiscal quarter is greater than or equal to 130% of the conversion price of the 2025 Notes on each applicable trading day;
•during the five business day period after any five consecutive trading day period in which the trading price per $1,000 principal amount of the 2025 Notes for each trading day of that five consecutive trading day period was less than 98% of the product of the last reported sale price of Class A common stock and the conversion rate on such trading day;
•if the Company calls the notes for redemption, at any time prior to the close of business on the second scheduled trading day immediately preceding the redemption date; or
•upon the occurrence of specified corporate events, as described in the 2025 Indenture.
On or after June 1, 2025 until the close of business on the second scheduled trading day immediately preceding the maturity date, holders may convert all or any portion of their 2025 Notes regardless of the foregoing circumstances. During the three months ended January 31, 2025, the conditions allowing holders of the 2025 Notes to convert during the three months ending April 30, 2025 were not met. As of January 31, 2025, the 2025 Notes are classified as current liabilities due to their upcoming maturity on September 1, 2025.
The Company may redeem for cash all or any portion of the 2025 Notes, at its option, on or after September 6, 2022, if the last reported sale price of the Company’s Class A common stock has been at least 130% of the conversion price then in effect for at least 20 trading days (whether or not consecutive) during any 30 consecutive trading day period (including the last trading day of such period) ending on and including the trading day preceding the date on which the Company provides notice of redemption at a redemption price equal to 100% of the principal amount of the 2025 Notes to be redeemed, plus any accrued and unpaid interest to, but excluding, the redemption date.
Holders of the 2025 Notes who convert their 2025 Notes in connection with certain corporate events that constitute a make-whole fundamental change (as defined in the 2025 Indenture) or in connection with the Company’s issuance of a redemption notice are, under certain circumstances, entitled to an increase in the conversion rate. Additionally, in the event of a corporate event that constitutes a fundamental change (as defined in the 2025 Indenture), holders of the 2025 Notes may require the Company to repurchase all or a portion of their 2025 Notes at a price equal to 100% of the principal amount of the 2025 Notes being repurchased, plus any accrued and unpaid interest.
The net carrying amount of the 2025 Notes consisted of the following:
| As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
| (dollars in millions) | |||||||||||
| Principal | $ | 510 | $ | 552 | |||||||
Less: unamortized debt issuance costs | (1) | (3) | |||||||||
| Net carrying amount | $ | 509 | $ | 549 | |||||||
85
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
2025 Capped Calls
In connection with the pricing of the 2025 Notes, the Company entered into capped call transactions with respect to its Class A common stock. The 2025 Capped Calls are purchased call options that give the Company the option to purchase approximately 6 million shares, subject to anti-dilution adjustments substantially identical to those in the 2025 Notes, of its Class A common stock for approximately $188.71 per share (subject to adjustment), corresponding to the approximate initial conversion price of the 2025 Notes, exercisable upon conversion of the 2025 Notes. The 2025 Capped Calls have initial cap prices of $255.88 per share (subject to adjustment) and will expire in 2025, if not exercised earlier. The 2025 Capped Calls are intended to offset potential dilution to the Company’s Class A common stock and/or offset the potential cash payments that the Company could be required to make in excess of the principal amount upon any conversion of the 2025 Notes under certain circumstances. The 2025 Capped Calls are separate transactions and are not part of the terms of the 2025 Notes. The 2025 Capped Calls meet the criteria for classification as equity and, as such, are not remeasured each reporting period.
2026 Convertible Senior Notes
The 2026 Notes are senior, unsecured obligations of the Company, and bear interest at a fixed rate of 0.375% per year. Interest is payable in cash semi-annually in arrears on June 15 and December 15 of each year, beginning on December 15, 2020. The 2026 Notes mature on June 15, 2026 unless earlier redeemed, repurchased or converted.
The terms of the 2026 Notes are governed by an Indenture by and between the Company and Wilmington Trust, National Association, as Trustee (the "2026 Indenture"). Upon conversion, the 2026 Notes may be settled in cash, shares of Class A common stock or a combination of cash and shares of Class A common stock, at the Company’s election.
The 2026 Notes are convertible at an initial conversion rate of 4.1912 shares of Class A common stock per $1,000 principal amount of the 2026 Notes, which is equal to an initial conversion price of approximately $238.60 per share of Class A common stock, subject to adjustment under certain circumstances in accordance with the terms of the 2026 Indenture. Prior to the close of business on the business day immediately preceding March 15, 2026, holders of the 2026 Notes may convert all or a portion of their 2026 Notes only in multiples of $1,000 principal amount, under the following circumstances:
•during any fiscal quarter commencing after the fiscal quarter ending on October 31, 2020 (and only during such fiscal quarter), if the last reported sale price of the Company's Class A common stock for at least 20 trading days (whether or not consecutive) during the period of 30 consecutive trading days ending on, and including, the last trading day of the immediately preceding fiscal quarter is greater than or equal to 130% of the conversion price of the 2026 Notes on each applicable trading day;
•during the five business day period after any five consecutive trading day period in which the trading price per $1,000 principal amount of the 2026 Notes for each trading day of that five consecutive trading day period was less than 98% of the product of the last reported sale price of the Company's Class A common stock and the conversion rate on such trading day;
•if the Company calls the notes for redemption, at any time prior to the close of business on the second scheduled trading day immediately preceding the redemption date; or
•upon the occurrence of specified corporate events, as described in the 2026 Indenture.
On or after March 15, 2026 until the close of business on the second scheduled trading day immediately preceding the maturity date, holders may convert all or any portion of their 2026 Notes regardless of the foregoing circumstances. During the three months ended January 31, 2025, the conditions allowing holders of the 2026 Notes to convert during the three months ending April 30, 2025 were not met, and as a result, the 2026 Notes were classified as noncurrent liabilities as of January 31, 2025.
The Company may redeem for cash all or any portion of the 2026 Notes, at its option, on or after June 20, 2023, if the last reported sale price of the Company’s Class A common stock has been at least 130% of the conversion price then in effect for at least 20 trading days (whether or not consecutive), including the trading day immediately preceding the date on which the Company provides notice of redemption, during any 30 consecutive trading day period ending on and including the trading day preceding the date on which the Company provides
86
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
notice of redemption price equal to 100% of the principal amount of the notes to be redeemed, plus any accrued and unpaid interest to, but excluding, the redemption date.
Holders of the 2026 Notes who convert their 2026 Notes in connection with certain corporate events that constitute a make-whole fundamental change (as defined in the 2026 Indenture) or in connection with the Company’s issuance of a redemption notice are, under certain circumstances, entitled to an increase in the conversion rate. Additionally, in the event of a corporate event that constitutes a fundamental change (as defined in the 2026 Indenture), holders of the 2026 Notes may require the Company to repurchase all or a portion of their 2026 Notes at a price equal to 100% of the principal amount of the 2026 Notes being repurchased, plus any accrued and unpaid interest.
The net carrying amount of the 2026 Notes consisted of the following:
| As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
| (dollars in millions) | |||||||||||
| Principal | $ | 350 | $ | 608 | |||||||
Less: unamortized debt issuance costs | (1) | (3) | |||||||||
| Net carrying amount | $ | 349 | $ | 605 | |||||||
2026 Capped Calls
In connection with the pricing of the 2026 Notes, the Company entered into capped call transactions with respect to its Class A common stock. The 2026 Capped Calls are purchased call options that give the Company the option to purchase approximately 5 million shares, subject to anti-dilution adjustments substantially identical to those in the 2026 Notes, of its Class A common stock for approximately $238.60 per share (subject to adjustment), corresponding to the approximate initial conversion price of the 2026 Notes, exercisable upon conversion of the 2026 Notes. The 2026 Capped Calls have initial cap prices of $360.14 per share (subject to adjustment) and will expire in 2026, if not exercised earlier. The 2026 Capped Calls are intended to offset potential dilution to the Company’s Class A common stock and/or offset the potential cash payments that the Company could be required to make in excess of the principal amount upon any conversion of the 2026 Notes under certain circumstances. The 2026 Capped Calls are separate transactions and are not part of the terms of the 2026 Notes. The 2026 Capped Calls meet the criteria for classification as equity and, as such, are not remeasured each reporting period.
Fair Value Measurements
The following table presents the principal amounts and estimated fair values of financial instruments that are not recorded at fair value on the consolidated balance sheets:
| As of January 31, 2025 | |||||||||||
Principal Amount | Estimated Fair Value | ||||||||||
| (dollars in millions) | |||||||||||
| 2025 convertible senior notes | $ | 510 | $ | 494 | |||||||
| 2026 convertible senior notes | $ | 350 | $ | 329 | |||||||
The estimated fair values of the Notes, which are Level 2 financial instruments, were determined based on the quoted bid prices of the Notes in an over-the-counter market on the last trading day of the reporting period.
87
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
9. Leases
The Company has entered into various non-cancelable office space operating leases with original lease periods expiring between 2025 and 2030. These leases do not contain material variable rent payments, residual value guarantees, financial covenants or other restrictions. The Company's corporate headquarters lease in San Francisco has a 10-year term, which expires in October 2028. The Company is entitled to two five-year options to extend this lease, subject to certain requirements.
Operating lease costs were as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
Operating lease costs(1) | $ | 31 | $ | 34 | $ | 40 | |||||||||||
(1) Amounts are presented exclusive of sublease income and include short-term leases, which are immaterial.
The weighted-average remaining term of operating leases was 3.8 years and 4.5 years as of January 31, 2025 and January 31, 2024, respectively, and the weighted-average discount rate used to measure the present value of the operating lease liabilities was 5.6% and 5.5% as of January 31, 2025 and January 31, 2024, respectively.
Maturities of operating lease liabilities, which do not include short-term leases, were as follows:
| As of January 31, 2025 | |||||
| Fiscal Year Ending January 31: | (dollars in millions) | ||||
| 2026 | $ | 34 | |||
| 2027 | 36 | ||||
| 2028 | 36 | ||||
| 2029 | 28 | ||||
2030 | 2 | ||||
| Total lease payments | 136 | ||||
| Less imputed interest | (15) | ||||
| Total operating lease liabilities | $ | 121 | |||
Cash payments made related to operating lease liabilities were $41 million and $47 million in fiscal 2025 and 2024, respectively.
10. Commitments and Contingencies
Letters of Credit
In conjunction with the execution of certain office space operating leases, letters of credit in the aggregate amount of $6 million and $7 million were issued and outstanding as of January 31, 2025 and January 31, 2024, respectively. No draws have been made under such letters of credit.
Legal Matters
From time to time in the normal course of business, the Company may be subject to various legal matters such as threatened or pending claims or proceedings.
On May 20, 2022, a purported shareholder filed a putative class action lawsuit in the United States District Court for the Northern District of California against the Company and certain of its executive officers, captioned In re Okta, Inc. Securities Litigation, No. 3:22-cv-02990. The lawsuit asserted claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934, alleging that the defendants made false or misleading statements or omissions concerning the Company’s cybersecurity controls, vulnerability to data breaches, and the Company’s integration of Auth0, Inc. (“Auth0”). The lawsuit sought an order certifying the lawsuit as a class action and unspecified damages. The defendants moved to dismiss the amended complaint. On March 31, 2023, the court dismissed in full the claims based on the plaintiff’s allegations related to the Company’s cybersecurity controls and
88
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
vulnerability to data breaches, and dismissed in part and denied in part the claims based on allegations related to the Auth0 integration. On May 28, 2024, the parties entered into a stipulation of settlement (the “Stipulation”) where, in exchange for the release and dismissal with prejudice of all claims, the Company agreed to pay and/or to cause its insurance carriers to pay a total of $60 million, which is covered through a combination of the Company’s Director & Officer ("D&O") insurance and the balance of the Company’s $10 million retention on the primary D&O policy. The Stipulation does not constitute an admission of fault or wrongdoing by the Company or its executives. On November 19, 2024, the court granted final approval of the Stipulation and dismissed the lawsuit in its entirety, with prejudice.
Additionally, two purported shareholders filed derivative lawsuits on behalf of the Company in the United States District Court for the Northern District of California against certain of its current and former executive officers and directors, captioned O’Dell v. McKinnon et al., No. 3:22-cv-07480 (filed Nov. 28, 2022), and LR Trust v. McKinnon et al., No. 3:22-cv-08627 (filed Dec. 13, 2022) (the "California Federal Derivative Actions"). The California Federal Derivative Actions allege, among other things, that the defendants breached their fiduciary duties by making false or misleading statements or omissions concerning the Company’s cybersecurity controls, vulnerability to data breaches, and the Company’s integration of Auth0. The California Federal Derivative Actions seek orders permitting the plaintiffs to maintain the actions derivatively on behalf of the Company, awarding unspecified damages allegedly sustained by the Company, awarding restitution from the individual defendants, and requiring the Company to make certain reforms to its corporate governance and controls. On February 22, 2023, the court entered a stipulated order consolidating the California Federal Derivative Actions, appointing co-lead counsel for plaintiffs, and staying the consolidated California Federal Derivative Actions during the pendency of the motion to dismiss in the securities class action lawsuit. The consolidated California Federal Derivative Actions are captioned In re Okta, Inc. Stockholder Derivative Litigation, No. 3:22-cv-07480. On May 9, 2023, the court entered a stipulated order continuing the stay through the close of discovery in the securities class action lawsuit and, on January 27, 2025, the court entered an order continuing the stay.
On April 14, 2023, another shareholder filed a substantially similar derivative lawsuit in the United States District Court for the District of Delaware against certain of the Company’s current and former executive officers and directors, captioned Buono v. McKinnon et al., No. 1:23-cv-00413 (the "Buono Action"). On May 31, 2023, the court entered a stipulated order whereby the defendants agreed to accept service and stay the Buono Action through the close of discovery in the securities class action lawsuit.
On January 25, 2024, another shareholder filed a substantially similar derivative lawsuit in the United States District Court for the District of Delaware against certain of the Company’s current and former executive officers and directors, captioned Nasr v. McKinnon, et al., No. 1:24-cv-00106 (together with the Buono Action, the "Delaware Federal Derivative Actions"). On March 18, 2024, the court entered a stipulated order whereby the defendants agreed to accept service and stay the derivative action through the close of discovery in the securities class action lawsuit.
On July 1, 2024, another shareholder filed a substantially similar derivative lawsuit in the Court of Chancery for the State of Delaware (the “Delaware Chancery Court”) against certain of the Company’s current and former executive officers and directors, captioned Grimaldi v. McKinnon, et al., C.A. No. 2024-0685-PAF (the “Grimaldi Action”). On July 19, 2024, the Delaware Chancery Court entered a stipulated order whereby the defendants agreed to accept service and to stay the derivative action through final approval of the settlement in the securities class action lawsuit.
On October 18, 2024, another shareholder filed a substantially similar derivative lawsuit in the Delaware Chancery Court against certain of the Company’s current and former executive officers and directors, captioned Duprat v. McKinnon, et al., C.A. No. 2024-1072-PAF (the “Duprat Action”). On November 8, 2024, the Delaware Chancery Court entered a stipulated order where the defendants agreed to accept service in the Duprat Action; the Grimaldi Action and the Duprat Action were consolidated (the "Delaware Chancery Actions"); and the Delaware Chancery Actions were stayed pursuant to the terms previously entered in the Grimaldi Action.
On January 10, 2025, the Company and defendants agreed in principle to the non-monetary terms of a global resolution of the California Federal Derivative Actions, the Delaware Federal Derivative Actions, and the Delaware Chancery Actions, and executed a Memorandum of Understanding in connection therewith containing the agreed-upon material, non-monetary terms of the proposed settlement.
89
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
While the Company and defendants have agreed in principle to settle the above-referenced derivative lawsuits, the Company is unable to predict the outcome or estimate the amount of loss or range of losses that could potentially result from these lawsuits.
Warranties and Indemnification
The Company’s subscription services are generally warranted to perform materially in accordance with the Company’s online help documentation under normal use and circumstances. Additionally, the Company’s arrangements generally include provisions for indemnifying customers against liabilities if its subscription services infringe a third party’s intellectual property rights. Furthermore, the Company may also incur liabilities if it breaches the security or confidentiality obligations in its arrangements. To date, the Company has not incurred significant costs and has not accrued any material liabilities in the accompanying consolidated financial statements as a result of these obligations.
The Company has entered into service-level agreements with a majority of its customers defining levels of uptime reliability and performance and permitting certain customers to receive credits for paid amounts related to subscription services when the Company fails to meet the defined levels of uptime. In very limited instances, the Company allows customers to early terminate their agreements in the event that the Company fails to meet those levels as they may constitute a breach of contract. If the customer did terminate, they would receive a refund of prepaid unused subscription fees. To date, the Company has not experienced any significant failures to meet defined levels of uptime reliability and performance as a result of those agreements and, as a result, the Company has not incurred significant costs and has not accrued any material liabilities in the accompanying consolidated financial statements as a result of these warranties.
Agreements with customers and other third parties may include indemnification or other provisions under which the Company agrees to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from the use of the Company’s platforms or other acts or omissions. The Company cannot reasonably estimate potential payment obligations as a result of indemnification claims because it cannot predict when and under what circumstances they may be incurred. As a result, no material liabilities have been recognized in the accompanying consolidated financial statements related to these indemnification obligations.
11. Common Stock and Stockholders' Equity
Common Stock
Holders of Class A and Class B common stock are entitled to one vote per share and ten votes per share, respectively, and the shares of Class A common stock and Class B common stock are identical, except for voting and conversion rights. Shares of Class B common stock may be converted into Class A common stock at any time at the option of the stockholder on a one-for-one basis, and are automatically converted into Class A common stock upon sale or transfer, subject to certain limited exceptions. Shares of Class A common stock are not convertible.
As of January 31, 2025, shares of common stock reserved for future issuance were as follows:
| As of January 31, 2025 | |||||
| (shares in thousands) | |||||
| Options and unvested RSUs outstanding | 9,998 | ||||
| Available for future stock option and RSU grants | 36,828 | ||||
| Available for ESPP | 8,736 | ||||
Total | 55,562 | ||||
Awards Issued as Charitable Contributions
During fiscal 2025, 2024 and 2023, the Company issued 56,250, 75,000 and 41,250 shares, respectively, of Class A common stock as charitable contributions and recognized $5 million, $6 million and $4 million, respectively, as general and administrative expense in the consolidated statements of operations.
90
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
12. Employee Incentive Plans
Equity Incentive Plans
The Company has two equity incentive plans: the 2009 Stock Plan (“2009 Plan”) and the 2017 Equity Incentive Plan (“2017 Plan”). All shares that remain available for future grants are under the 2017 Plan. As of January 31, 2025, options to purchase 811,267 shares of Class A common stock and 1,387,313 shares of Class B common stock remained outstanding.
The Company’s equity incentive plans provide for granting stock options, RSUs, restricted stock awards to employees, consultants, officers and directors and RSUs with market-based vesting conditions to certain executives. In addition, the Company offers an ESPP to eligible employees.
Stock-based compensation expense by award type was as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Stock options | $ | 14 | $ | 45 | $ | 82 | |||||||||||
| RSUs | 500 | 502 | 464 | ||||||||||||||
| ESPP | 17 | 26 | 19 | ||||||||||||||
| Restricted stock awards | 34 | 111 | 112 | ||||||||||||||
| Total | $ | 565 | $ | 684 | $ | 677 | |||||||||||
Stock-based compensation expense was recorded in the following cost and expense categories in the consolidated statements of operations:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Cost of revenue: | |||||||||||||||||
| Subscription | $ | 82 | $ | 75 | $ | 69 | |||||||||||
| Professional services and other | 12 | 15 | 14 | ||||||||||||||
| Research and development | 216 | 277 | 275 | ||||||||||||||
| Sales and marketing | 131 | 156 | 159 | ||||||||||||||
| General and administrative | 124 | 161 | 160 | ||||||||||||||
| Total | $ | 565 | $ | 684 | $ | 677 | |||||||||||
Stock Options
Options issued under the Plan generally are exercisable for periods not to exceed ten years and generally vest over four years with 25% vesting after one year and with the remainder vesting monthly thereafter in equal installments. Shares offered under the Plan may be: (i) authorized but unissued shares or (ii) treasury shares.
91
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
A summary of stock option activity and related information was as follows:
Number of Options (in thousands) | Weighted-Average Exercise Price | Weighted-Average Remaining Contractual Term (Years) | Aggregate Intrinsic Value (in millions) | ||||||||||||||||||||
| Outstanding as of January 31, 2024 | 5,038 | $ | 32.54 | 3.1 | $ | 320 | |||||||||||||||||
| Exercised | (2,792) | 9.80 | |||||||||||||||||||||
| Expired | (43) | 206.35 | |||||||||||||||||||||
| Forfeited | (4) | 47.82 | |||||||||||||||||||||
| Outstanding as of January 31, 2025 | 2,199 | $ | 57.98 | 2.8 | $ | 137 | |||||||||||||||||
As of January 31, 2025 | |||||||||||||||||||||||
| Vested and expected to vest | 2,199 | $ | 57.98 | 2.8 | $ | 137 | |||||||||||||||||
| Vested and exercisable | 2,192 | $ | 57.33 | 2.8 | $ | 137 | |||||||||||||||||
No options were granted during fiscal 2025, 2024 and 2023. The total grant-date fair value of stock options vested was $16 million, $48 million and $104 million during fiscal 2025, 2024 and 2023, respectively. The intrinsic value of the options exercised, which represents the difference between the fair market value of the Company’s common stock on the date of exercise and the exercise price of each option, was $213 million, $57 million and $108 million during fiscal 2025, 2024 and 2023, respectively. Windfall tax benefits realized upon exercise of stock options were $47 million during fiscal 2025, while no windfall tax benefits were realized in fiscal years 2024 and 2023.
Restricted Stock Units
A summary of RSU activity (inclusive of market-based RSUs) and related information was as follows:
Number of RSUs (in thousands) | Weighted-Average Grant Date Fair Value Per Share | ||||||||||
| Outstanding as of January 31, 2024 | 9,080 | $ | 111.03 | ||||||||
| Granted | 4,859 | 96.98 | |||||||||
| Vested | (4,361) | 114.57 | |||||||||
| Forfeited | (1,780) | 108.11 | |||||||||
| Outstanding as of January 31, 2025 | 7,798 | $ | 100.97 | ||||||||
The Company granted 4,858,824 RSUs with an aggregate fair value of $471 million during fiscal 2025. As of January 31, 2025 and 2024, there was a total of $672 million and $898 million, respectively, of unrecognized stock-based compensation expense related to unvested RSUs, which is being recognized over a weighted-average period of 1.8 years, based on vesting under the award service conditions. The total fair value of RSUs vested during fiscal 2025, 2024 and 2023 was $382 million, $335 million and $229 million, respectively.
During the first quarter of fiscal 2025, the Company began funding withholding taxes due upon the vesting of employee RSUs in certain jurisdictions by net share settlement, rather than its previous approach of selling shares of the Company’s common stock. The amount of withholding taxes related to net share settlement of employee RSUs is reflected as (i) a reduction to additional paid-in-capital, and (ii) cash outflows for financing activities when the payments are made. The shares withheld by the Company as a result of the net share settlement of RSUs are not considered issued and outstanding, and do not impact the calculation of basic net income (loss) per share attributable to the Class A and Class B common stockholders.
Market-based Restricted Stock Units
In March 2022, the Company granted market-based RSUs to certain members of management with an average grant date fair value of $244.73. The target number of market-based RSUs granted was 58,150. One-third of these market-based RSUs vest over each of a one-, two- and three-year performance period, each starting on February 1, 2022.
92
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
In March 2023, the Company granted market-based RSUs to certain members of management with an average grant date fair value of $149.78. The target number of market-based RSUs granted was 192,843. One-third of these market-based RSUs vest over each of a one-, two- and three-year performance period, each starting on February 1, 2023.
In March 2024, the Company granted market-based RSUs to certain members of management with an average grant date fair value of $182.15. The target number of market-based RSUs granted was 183,595. One-third of these market-based RSUs vest over each of a one-, two- and three-year performance period, each starting on February 1, 2024.
For each granted market-based RSU award, the number of shares that can be earned ranges from 0% to 200% of the target number of shares based on the relative performance of the per share price of the Company’s common stock as compared to the Nasdaq Composite Index over the respective performance periods and subject to continuous employment through the vesting dates. The average grant date fair value per target market-based RSU is determined using a Monte Carlo simulation approach. Compensation expense for awards with market conditions is recognized over the service period using the accelerated attribution method and is not reversed if the market condition is not met.
Restricted Stock Awards
As of January 31, 2025, there was $15 million of unrecognized stock-based compensation expense related to unvested restricted stock awards, which is being recognized over a weighted-average period of 2.1 years based on vesting under the award service conditions.
Employee Stock Purchase Plan (ESPP)
The ESPP provides for 12-month offering periods beginning June 21 and December 21 of each year, and each offering period consists of up to two six-month purchase periods. The ESPP contains a reset provision under which the offering period resets if the fair market value of the Company’s common stock on the purchase date is less than the fair market value on the offering date.
The Company estimated the fair value of ESPP purchase rights using a Black-Scholes option pricing model with the following assumptions:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| Expected volatility | 42% - 44% | 46% - 74% | 63% - 90% | ||||||||||||||
| Expected term (in years) | 0.5 - 1.0 | 0.5 - 1.0 | 0.5 - 1.0 | ||||||||||||||
| Risk-free interest rate | 4.26% - 5.36% | 4.84% - 5.41% | 2.46% - 4.67% | ||||||||||||||
| Expected dividend yield | — | — | — | ||||||||||||||
During fiscal 2025, the Company's employees purchased 586,149 shares of its Class A common stock under the ESPP. The shares were purchased at a weighted-average purchase price of $71.68 per share, with proceeds of $42 million. During fiscal 2024, the Company's employees purchased 793,739 shares of its Class A common stock under the ESPP. The shares were purchased at a weighted-average purchase price of $57.84 per share, with proceeds of $46 million.
As of January 31, 2025 and January 31, 2024, there was $15 million and $16 million, respectively, of unrecognized stock-based compensation expense related to the ESPP which is being recognized over a weighted-average vesting period of 0.6 years.
Employee Defined Contribution Plan
The Company has a qualified defined contribution plan under Section 401(k) of the Internal Revenue Code covering eligible employees. A portion of employee contributions are matched up to a fixed maximum dollar amount per year per employee. During fiscal 2025, 2024 and 2023, matching contributions related to the plan were $18 million, $19 million and $21 million, respectively.
93
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
13. Income Taxes
The Company is subject to taxation in the U.S. and various other state and foreign jurisdictions. The domestic and foreign components of pre-tax income (loss) for fiscal 2025, 2024 and 2023 were as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Domestic | $ | 28 | $ | (360) | $ | (834) | |||||||||||
| Foreign | 18 | 23 | 33 | ||||||||||||||
Income (loss) before provision for income taxes | $ | 46 | $ | (337) | $ | (801) | |||||||||||
The components of the provision for income taxes for fiscal 2025, 2024 and 2023 were as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Current: | |||||||||||||||||
| Federal | $ | 5 | $ | 2 | $ | — | |||||||||||
| State | 2 | 3 | 2 | ||||||||||||||
| Foreign | 9 | 6 | 5 | ||||||||||||||
| Total current provision for income taxes | 16 | 11 | 7 | ||||||||||||||
| Deferred: | |||||||||||||||||
| Foreign | 2 | 7 | 7 | ||||||||||||||
Total deferred provision for income taxes | 2 | 7 | 7 | ||||||||||||||
Total provision for income taxes | $ | 18 | $ | 18 | $ | 14 | |||||||||||
For fiscal 2025, income tax expense resulted primarily from profitable foreign jurisdictions, federal and state taxes resulting from limitations on tax attribute utilization, offset by the impact of tax windfalls from stock-based compensation in the United States. For fiscal 2024, the income tax expense resulted primarily from income tax expense related to profitable foreign jurisdictions, federal and state taxes resulting from limitations on tax attribute utilization, and the tax impact of shortfalls from stock-based compensation in the United Kingdom. For fiscal 2023, income tax expense resulted primarily from income tax expense related to profitable foreign jurisdictions, the tax impact of shortfalls from stock-based compensation in the United Kingdom, and state taxes.
The Company does not provide for income taxes on undistributed earnings of subsidiaries that are intended to be indefinitely reinvested. Where the Company does not intend to indefinitely reinvest subsidiary earnings, income and withholding taxes, as applicable, are provided on such undistributed earnings and are insignificant.
The following is a reconciliation of the statutory federal income tax rate to the Company’s effective tax rate for fiscal 2025, 2024 and 2023:
94
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
The Tax Cuts and Jobs Act enacted on December 22, 2017 amended Internal Revenue Code Section 174 to require that specific research and experimental (“R&E”) expenditures be capitalized and amortized over five years (U.S. R&E) or fifteen years (non-U.S. R&E) beginning in fiscal 2023. As a result, for fiscal 2024 and 2023, the Company disavowed certain tax deductions, which resulted in the utilization of federal and state tax attributes to offset this impact.
The tax effects of temporary differences and related deferred tax assets and liabilities as of January 31, 2025 and 2024 were as follows:
| As of January 31, | |||||||||||
| 2025 | 2024 | ||||||||||
| (dollars in millions) | |||||||||||
| Deferred tax assets: | |||||||||||
| Net operating loss carryforwards | $ | 702 | $ | 716 | |||||||
| Capitalized research expenditures | 335 | 268 | |||||||||
| Stock-based compensation | 41 | 41 | |||||||||
| Operating lease liabilities | 31 | 36 | |||||||||
| Other reserves and accruals | 24 | 21 | |||||||||
| Research and development and other credits | 146 | 125 | |||||||||
| Total deferred tax assets | 1,279 | 1,207 | |||||||||
| Valuation allowance | (1,144) | (1,087) | |||||||||
| Total deferred tax assets, net | 135 | 120 | |||||||||
| Deferred tax liabilities: | |||||||||||
| Deferred commissions | (99) | (67) | |||||||||
| Other deferred tax liabilities | (15) | (5) | |||||||||
| Operating lease right-of-use assets | (20) | (21) | |||||||||
| Depreciation and amortization | (14) | (35) | |||||||||
| Total deferred tax liabilities | (148) | (128) | |||||||||
Net deferred tax liabilities | $ | (13) | $ | (8) | |||||||
The Company has determined that it is not more likely than not that it will realize the benefits of its net deferred tax assets in the United States due to negative evidence such as a continued cumulative loss and an increase in net deferred tax assets despite attribute utilization. Therefore, the Company has recorded a valuation allowance to reduce the carrying value of the U.S. deferred tax assets, net of U.S. deferred tax liabilities. The U.S. valuation allowance increased by $57 million and $9 million during fiscal 2025 and 2024, respectively.
As of January 31, 2025, the Company had approximately $2,683 million of federal and $2,025 million of state net operating loss carryforwards available to offset future taxable income. If not utilized, the federal and state net operating loss carryforwards will begin to expire in 2036 and 2026, respectively. The federal and state net operating losses for fiscal 2025 consider the impacts of the amendments of prior-year federal and state tax returns as discussed in the effective tax rate reconciliation section. As of January 31, 2025, the Company had approximately $34 million of UK net operating losses which do not expire.
As of January 31, 2025, the Company had federal research and development tax credit carryforwards of $130 million and California research and development tax credit carryforwards of $86 million. The federal research and development credits will start to expire in 2038 while the California research and development credits do not expire.
The Company’s ability to utilize the net operating loss and tax credit carryforwards in the future may be subject to substantial restrictions in the event of future ownership changes as defined in Section 382 of the Internal Revenue Code and similar state tax laws.
95
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
A reconciliation of beginning and ending amount of unrecognized tax benefit was as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| Gross amount of unrecognized tax benefits as of the beginning of the year | $ | 49 | $ | 43 | $ | 37 | |||||||||||
| Additions based on tax positions related to a prior year | 4 | — | 1 | ||||||||||||||
| Additions based on tax positions related to current year | 12 | 7 | 7 | ||||||||||||||
| Reductions based on tax positions taken in a prior year | — | (1) | (2) | ||||||||||||||
| Gross amount of unrecognized tax benefits as of the end of the year | $ | 65 | $ | 49 | $ | 43 | |||||||||||
For all periods presented, the Company has an immaterial amount of unrecognized tax benefits that, if recognized, would impact the effective tax rate. The Company's policy is to include interest and penalties related to unrecognized tax benefits within the provision for income taxes. For all years presented, the Company has not accrued a material amount in interest and penalties related to unrecognized tax benefits. The Company does not have any significant uncertain tax positions as of January 31, 2025 for which it is reasonably possible that the positions will increase or decrease within the next twelve months.
As the Company has net operating loss carryforwards for the U.S. federal and state jurisdictions, the statute of limitations is open for all years. For material foreign jurisdictions, the tax years open to examination include the tax years 2017 and forward.
96
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
14. Net Income (Loss) Per Share
The following table presents the calculation of basic and diluted net income (loss) per share. Net income (loss) is reported in millions and rounded from amounts in thousands; as a result, net income (loss) per share may not recalculate exactly due to rounding.
| Year Ended January 31, | |||||||||||||||||||||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||||||||||||||||||||
| Class A | Class B | Class A | Class B | Class A | Class B | ||||||||||||||||||||||||||||||
| (dollars in millions, shares in thousands, except per share data) | |||||||||||||||||||||||||||||||||||
| Basic net income (loss) per share: | |||||||||||||||||||||||||||||||||||
| Numerator: | |||||||||||||||||||||||||||||||||||
| Net income (loss), basic | $ | 27 | $ | 1 | $ | (339) | $ | (16) | $ | (778) | $ | (37) | |||||||||||||||||||||||
| Denominator: | |||||||||||||||||||||||||||||||||||
| Weighted-average shares outstanding, basic | 162,082 | 7,487 | 156,335 | 7,299 | 150,891 | 7,132 | |||||||||||||||||||||||||||||
| Net income (loss) per share, basic | $ | 0.16 | $ | 0.16 | $ | (2.17) | $ | (2.17) | $ | (5.16) | $ | (5.16) | |||||||||||||||||||||||
| Diluted net income (loss) per share: | |||||||||||||||||||||||||||||||||||
| Numerator: | |||||||||||||||||||||||||||||||||||
| Net income (loss) | $ | 27 | $ | 1 | $ | (339) | $ | (16) | $ | (778) | $ | (37) | |||||||||||||||||||||||
Gain on extinguishment of debt, net of interest expense1 | (17) | (1) | — | — | — | — | |||||||||||||||||||||||||||||
| Net income (loss), diluted | $ | 10 | $ | — | $ | (339) | $ | (16) | $ | (778) | $ | (37) | |||||||||||||||||||||||
| Denominator: | |||||||||||||||||||||||||||||||||||
| Number of shares used in basic calculation | 162,082 | 7,487 | 156,335 | 7,299 | 150,891 | 7,132 | |||||||||||||||||||||||||||||
| Weighted-average effect of diluted securities related to: | |||||||||||||||||||||||||||||||||||
| Employee share-based awards | 1,832 | 2,942 | — | — | — | — | |||||||||||||||||||||||||||||
| Convertible senior notes | 743 | — | — | — | — | — | |||||||||||||||||||||||||||||
| Assumed conversion of Class B to Class A common shares | 10,429 | — | — | — | — | — | |||||||||||||||||||||||||||||
| Number of shares used in diluted calculation | 175,086 | 10,429 | 156,335 | 7,299 | 150,891 | 7,132 | |||||||||||||||||||||||||||||
| Net income (loss) per share, diluted | $ | 0.06 | $ | 0.06 | $ | (2.17) | $ | (2.17) | $ | (5.16) | $ | (5.16) | |||||||||||||||||||||||
1 Under the if-converted method, net income is adjusted to reflect the assumption that the convertible senior notes were converted at the beginning of the period. | |||||||||||||||||||||||||||||||||||
Potentially dilutive securities excluded because they would be anti-dilutive were as follows:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (shares in thousands) | |||||||||||||||||
| Employee share-based awards | 4,503 | 15,179 | 17,334 | ||||||||||||||
| Convertible senior notes | 4,170 | 5,473 | 11,485 | ||||||||||||||
| Total | 8,673 | 20,652 | 28,819 | ||||||||||||||
The Company entered into capped call transactions in connection with the issuance of the convertible senior notes. The effect of the capped calls was also excluded from the calculation of diluted net income per share as the effect of the capped calls would have been anti-dilutive.
97
OKTA, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS (continued)
15. Geographical Information
Revenue by location is determined by the billing address of the customer. The following table sets forth revenue by geographic area:
| Year Ended January 31, | |||||||||||||||||
| 2025 | 2024 | 2023 | |||||||||||||||
| (dollars in millions) | |||||||||||||||||
| United States | $ | 2,062 | $ | 1,783 | $ | 1,456 | |||||||||||
| International | 548 | 480 | 402 | ||||||||||||||
| Total | $ | 2,610 | $ | 2,263 | $ | 1,858 | |||||||||||
Other than the United States, no individual country exceeded 10% of total revenue for fiscal 2025, 2024 and 2023.
Property and equipment by geographic location is based on the location of the legal entity that owns the asset. As of January 31, 2025 and 2024, the majority of the Company's long-lived assets, which primarily consist of property and equipment and operating lease right-of-use assets, were located in the United States.
16. Business Combinations
On February 1, 2024, the Company acquired all of the outstanding equity of Spera, an identity security platform provider. The acquisition of Spera is expected to broaden the Company's identity threat detection and security posture management capabilities. The Spera acquisition was accounted for as a business combination.
The acquisition date fair value of purchase consideration for Spera of $58 million was paid in cash. Of this amount, $12 million of consideration was transferred to an escrow fund as partial security for any purchase price adjustments and indemnification obligations, and will be paid to the former Spera stockholders following the 18-month anniversary of the closing date (less any such adjustments or indemnification obligations).
The Company recorded $18 million for developed technology intangible assets with an estimated useful life of 5 years and recorded $42 million of goodwill which is primarily attributed to the assembled workforce as well as the integration of Spera’s technology and the Company’s technology. None of the goodwill is expected to be deductible for U.S. federal income tax purposes.
The Company entered into revesting agreements with Spera’s founders pursuant to which 238,795 additional shares of Okta’s Class A common stock were issued as of the closing date which vest over three years. The $20 million fair value of the unvested restricted stock award is attributable to a post-combination service condition and will be accounted for by the Company separately from the business combination as stock-based compensation expense.
Acquisition related expenses incurred were not material. This acquisition did not have a material impact on the Company’s consolidated financial statements; therefore, historical financial information and pro forma disclosures have not been presented.
98
Item 9. Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
None.
Item 9A. Controls and Procedures
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our principal executive officer and principal financial officer, has evaluated the effectiveness of our disclosure controls and procedures (as defined in Rules 13a-15(e) and 15d-15(e) under the Exchange Act), as of the end of the period covered by this Annual Report on Form 10-K.
Based on this evaluation, our management concluded that, as of January 31, 2025, our disclosure controls and procedures are effective to provide reasonable assurance that information we are required to disclose in reports that we file or submit under the Exchange Act is recorded, processed, summarized, and reported within the time periods specified in the Securities and Exchange Commission’s rules and forms, and that such information is accumulated and communicated to our management, including our principal executive officer and principal financial officer, as appropriate, to allow timely decisions regarding required disclosure.
Management's Report on Internal Control over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as defined in Rule 13a-15(f) of the Exchange Act. Our management conducted an evaluation of the effectiveness of our internal control over financial reporting based on the framework in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission ("2013 framework"). Our internal control over financial reporting includes policies and procedures that provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external reporting purposes in accordance with U.S. generally accepted accounting principles. Based on this evaluation, management concluded that our internal control over financial reporting was effective as of January 31, 2025. Our independent registered public accounting firm, Ernst & Young LLP, has issued an audit report with respect to our internal control over financial reporting, which appears in Part II, Item 8 of this Annual Report on Form 10-K, and is incorporated herein by reference.
Changes in Internal Control over Financial Reporting
There was no change in our internal control over financial reporting identified in connection with the evaluation required by Rules 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the quarter ended January 31, 2025 that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.
Inherent Limitations on Effectiveness of Controls
In designing and evaluating the disclosure controls and procedures and internal control over financial reporting, management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures and internal control over financial reporting must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs.
Item 9B. Other Information
Rule 10b5-1 Trading Arrangements
During the quarter ended January 31, 2025, none of our directors or officers (as defined in Rule 16a-1(f) of the Exchange Act) informed us of the adoption or termination of a "Rule 10b5-1 trading arrangement" or a "non-Rule 10b5-1 trading arrangement," as each term is defined in Item 408 of Regulation S-K.
Item 9C. Disclosure Regarding Foreign Jurisdictions that Prevent Inspections
Not Applicable.
99
Part III
Item 10. Directors, Executive Officers and Corporate Governance
The information required by this item is incorporated by reference to our Proxy Statement relating to our 2025 Annual Meeting of Stockholders. The Proxy Statement will be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Code of Conduct
Our board of directors has adopted a code of conduct that applies to all of our employees, officers and directors. The full text of our code of conduct is available on our investor relations website at investor.okta.com under "Responsibility and Governance." We intend to satisfy the disclosure requirement under Item 5.05 of Form 8-K regarding amendments to, or waiver from, a provision of our code of conduct by posting such information on the website address and location specified above.
Item 11. Executive Compensation
The information required by this item is incorporated by reference to our Proxy Statement relating to our 2025 Annual Meeting of Stockholders. The Proxy Statement will be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item is incorporated by reference to our Proxy Statement relating to our 2025 Annual Meeting of Stockholders. The Proxy Statement will be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Item 13. Certain Relationships and Related Party Transactions, and Director Independence
The information required by this item is incorporated by reference to our Proxy Statement relating to our 2025 Annual Meeting of Stockholders. The Proxy Statement will be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Item 14. Principal Accountant Fees and Services
The information required by this item is incorporated by reference to our Proxy Statement relating to our 2025 Annual Meeting of Stockholders. The Proxy Statement will be filed with the SEC within 120 days of the fiscal year ended January 31, 2025.
Part IV
Item 15. Exhibits and Financial Statement Schedules
(a) The following documents are filed as part of this report:
1.Financial Statements
See Index to Financial Statements under Part II, Item 8 of this Annual Report on Form 10-K.
2.Financial Statement Schedules
Schedules not listed above have been omitted because they are not required, not applicable, or the required information is otherwise included.
3.Exhibits
See the Exhibit Index immediately following the signature page of this Annual Report on Form 10-K.
Item 16. Form 10-K Summary
None.
100
SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, as amended, the registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized.
| OKTA, INC. | ||||||||
| March 5, 2025 | /s/ Brett Tighe | |||||||
Brett Tighe Chief Financial Officer | ||||||||
POWER OF ATTORNEY
KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints Todd McKinnon and Brett Tighe, and each of them, as his or her true and lawful attorneys-in-fact and agents, with full power of substitution and resubstitution, for him or her and in his or her name, place and stead, in any and all capacities, to sign any amendments to this Annual Report on Form 10-K and to file the same, with Exhibits thereto and other documents in connection therewith with the Securities and Exchange Commission, hereby ratifying and confirming all that each of said attorneys-in-fact, or substitute or substitutes may do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the Registrant and in the capacities and on the dates indicated:
| Signature | Title | Date | ||||||||||||
/s/ Todd McKinnon Todd McKinnon | Chief Executive Officer and Director (Principal Executive Officer) | March 5, 2025 | ||||||||||||
/s/ Brett Tighe Brett Tighe | Chief Financial Officer (Principal Financial Officer) | March 5, 2025 | ||||||||||||
/s/ Shibu Ninan Shibu Ninan | Chief Accounting Officer (Principal Accounting Officer) | March 5, 2025 | ||||||||||||
/s/ Shellye Archambeau Shellye Archambeau | Director | March 5, 2025 | ||||||||||||
/s/ Anthony Bates Anthony Bates | Director | March 5, 2025 | ||||||||||||
/s/ Emilie Choi Emilie Choi | Director | March 5, 2025 | ||||||||||||
/s/ Robert L. Dixon, Jr. Robert L. Dixon, Jr. | Director | March 5, 2025 | ||||||||||||
/s/ Jeff Epstein Jeff Epstein | Director | March 5, 2025 | ||||||||||||
/s/ Benjamin Horowitz Benjamin Horowitz | Director | March 5, 2025 | ||||||||||||
/s/ J. Frederic Kerrest J. Frederic Kerrest | Director | March 5, 2025 | ||||||||||||
/s/ Rebecca Saeger Rebecca Saeger | Director | March 5, 2025 | ||||||||||||
/s/ Michael Stankey Michael Stankey | Director | March 5, 2025 | ||||||||||||
101
EXHIBIT INDEX
| Exhibit Number | Exhibit Description | Incorporated by Reference from Form | ||||||||||||
| 3.1 | Exhibit 3.2 to Form S-1 filed on March 13, 2017 | |||||||||||||
| 3.2 | Exhibit 3.1 to Form 8-K filed on June 24, 2024 | |||||||||||||
| 4.1 | Exhibit 4.1 to Form S-1 filed on March 13, 2017 | |||||||||||||
4.2 | Exhibit 4.1 to Form 8-K filed on September 10, 2019 | |||||||||||||
4.3 | Exhibit 4.1 to Form 8-K filed on September 10, 2019 | |||||||||||||
4.4 | Exhibit 4.1 to Form 8-K filed on June 15, 2020 | |||||||||||||
4.5 | Exhibit 4.1 to Form 8-K filed on June 15, 2020 | |||||||||||||
4.6 | Exhibit 4.6 to Form 10-K filed on March 6, 2020 | |||||||||||||
| 10.1# | Exhibit 10.1 to Form S-1 filed on March 13, 2017 | |||||||||||||
| 10.2# | Exhibit 10.2 to Form S-1 filed on March 13, 2017 | |||||||||||||
| 10.3# | Exhibit 10.3 to Form S-1A filed on March 27, 2017 | |||||||||||||
| 10.4# | Exhibit 10.4 to Form S-1A filed on March 27, 2017 | |||||||||||||
| 10.5# | Exhibit 99.2 to Form 8-K filed on March 7, 2019 | |||||||||||||
| 10.6# | Exhibit 10.8 to Form S-1 filed on March 13, 2017 | |||||||||||||
| 10.7# | Exhibit 10.1 to Form 10-Q filed on August 29, 2024 | |||||||||||||
| 10.8# | Exhibit 10.10 to Form S-1 filed on March 13, 2017 | |||||||||||||
| 10.9# | Exhibit 99.1 to Form S-8 filed on May 10, 2021 | |||||||||||||
| 10.10# | Exhibit 99.2 to Form S-8 filed on May 10, 2021 | |||||||||||||
102
| Exhibit Number | Exhibit Description | Incorporated by Reference from Form | ||||||||||||
| 10.11 | Exhibit 10.1 to Form 8-K filed on December 6, 2017 | |||||||||||||
| 10.11.1 | Exhibit 10.2 to Form 10-Q filed on December 6, 2019 | |||||||||||||
| 10.11.2 | Exhibit 10.9.2 to Form 10-K filed on March 4, 2021 | |||||||||||||
| 10.11.3 | Exhibit 10.1 to Form 10-Q filed on December 2, 2021 | |||||||||||||
| 10.12 | Exhibit 10.1 to Form 8-K filed on September 10, 2019 | |||||||||||||
| 10.13 | Exhibit 10.1 to Form 8-K filed on June 15, 2020 | |||||||||||||
10.14# | Exhibit 10.1 to Form 10-Q filed on May 30, 2024 | |||||||||||||
19.1 | Filed herewith | |||||||||||||
| 21.1 | Filed herewith | |||||||||||||
| 23.1 | Filed herewith | |||||||||||||
| 31.1 | Filed herewith | |||||||||||||
| 31.2 | Filed herewith | |||||||||||||
| 32.1* | Furnished herewith | |||||||||||||
97.1# | Exhibit 97.1 to Form 10-K filed on March 1, 2024 | |||||||||||||
| 101.INS | XBRL Instance Document | Filed herewith | ||||||||||||
| 101.SCH | XBRL Taxonomy Extension Schema Document | Filed herewith | ||||||||||||
| 101.CAL | XBRL Taxonomy Extension Calculation Linkbase Document | Filed herewith | ||||||||||||
| 101.DEF | XBRL Taxonomy Extension Definition Linkbase Document | Filed herewith | ||||||||||||
| 101.LAB | XBRL Taxonomy Extension Label Linkbase Document | Filed herewith | ||||||||||||
| 101.PRE | XBRL Taxonomy Extension Presentation Linkbase Document | Filed herewith | ||||||||||||
| 104 | Cover Page Interactive Data File (formatted as inline XBRL with applicable taxonomy extension information contained in Exhibits 101.*) | Filed herewith | ||||||||||||
* The certifications furnished in Exhibit 32.1 hereto are deemed to accompany this Annual Report on Form 10-K and will not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended, except to the extent that the registrant specifically incorporates it by reference.
# Indicates management contract or compensatory plan, contract or agreement.
103