Okta, Inc. (OKTA) Earnings Call Transcript & Summary

Okay. Great. Well, thanks, everyone, for joining us today. I'm Dave Gennarelli, Head of Investor Relations here at Okta. And hopefully, you all had a chance to tune into the Showcase event earlier this morning. We now have about 45 minutes for an open Q&A session with our extended executive team. And joining us from Okta is Todd McKinnon, our CEO and Co-Founder; Frederic Kerrest, our Executive Vice Chairman, COO and Co-Founder; Eugenio Pace, CEO of Auth0; Diya Jolly, our Chief Product Officer; Susan St. Ledger, President of Worldwide Field Operations; and Brett Tighe, our Interim CFO. So let's get started.

[Operator Instructions] So with that, let's get started with Jonathan Ho from William Blair. Jonathan?

Thank you so much for providing this update opportunity. I just wanted to get started with maybe the device authorization grant capability. Can you talk a little bit about some of the use cases that this could be applicable for? And maybe help us understand how that expands the size of your TAM opportunity around this device authorization grant capability.

Yes. I think that we had a lot of exciting announcements. Hopefully, people got a chance to tune in, particularly this one was under the Okta SIEM category. And then we had a bunch under the Auth0 customer identity and then, of course, the Workflows for any identity use case. The device grant capability is specifically -- it's an extension on a protocol called -- it's the OAuth protocol. There's an extension of it that is the industry effort to standardize how these input-constrained devices like an Apple TV or a Kindle Fire can essentially do single sign-on. So you can sign on your YouTube app on a Kindle Fire with your Google account. It's the protocol on how that works. So it's -- we've supported that protocol fully and made it really easy if you're using the Okta SIEM platform to support that flow. So the TAM is really -- expands SIEM -- the SIEM use case and applicability to any company that's trying to support those constrained devices. And the example we use of the Apple TV is a kind of a mass market device. But these kind of flows are showing up in a lot of interesting applications. I think Diya can probably talk more about that.

Yes. So exactly what Todd said. There are more and more IoT and input-constrained devices showing up, whether that is for consumer applications and when you think of your thermostat at home, a smart thermostat or if you think of your camera phone. And in the workforce as well, when you think about all these IoT devices like kiosks, et cetera, so what this allows us to do is provide single sign-on to those, as Todd said. And so you can imagine the opportunity in the TAM there is pretty phenomenal given that this is an area that is growing exponentially.

Absolutely. Absolutely. And just as a follow-up. One of the things that you mentioned in the discussion between Todd and Eugenio was that there's a lot of interesting things that you can now do between both Okta and Auth0. I just wonder if you could maybe elaborate on that and just give us some examples of some of those early integrations that you've not been able to bring to the market or are starting to bring to the market.

Before I answer that question, Jonathan, just one more point on the grant authorization flow. I think it's for people that are maybe thinking about zooming out a little bit on the value prop of SIEM platform. It's -- this is a perfect example of the -- another additional thing you have to do yourself. You have to implement this protocol if you don't buy a customer identity solution off the shelf. So we talked about this in the show. I don't know how much the Showcase showed. I don't know how many of you got a chance to watch. But it always seems simple when you're building your customer-facing app to build and to add the first password check in the log-in registration. But it's the next 99 things that are complex and cumbersome, and you don't want to get wrong from a security perspective. And this device grant authorization flow is a great example of that. So it really insulates the -- our customers from having to deal with all that complexity. In terms of how the 2 SIEM customer identity platforms are working together, there's a today and then there's in the future. And so there's -- one of the things we did -- actually, didn't talk a lot about today in Showcase was all the cool stuff we're planning and building for the future that integrates the 2 platforms. We've been working to go for 6 months, and some of these long-term things are going to take some more time to design out and fully implement, but we're starting to work on those. So that's the longer term. And that's -- we're going to be talking a lot more about this at Oktane22 in the spring. But the short-term stuff is really exciting as well because like we said in the show that these -- both of these platforms are -- their identity is stacked. So they're really good at many other things. So a really good example is this scenario where if Auth0 has a ton of customers that are B2B SaaS apps, and those B2B SaaS apps have -- a lot of their customers of those apps are Okta workforce customers. So it's really easy for the workforce Okta customers to connect to that B2B SaaS app that's powered by Auth0, and we're adding some things to make it even easier than it is today. It's -- we can do it today, and we're adding it to make that connection even easier. And you can think about what that means for the Integration Network effect. It's not -- now it's not just a pre-integrated catalog of integration. It's a -- there's SaaS apps, and there's Okta workforce. And we are -- our company is on both sides of that exchange. So the way we can make it easier for customers and add value is pretty exciting.

Great. Next, let's go to Alex Henderson at Needham.

So you kind of touched on a little bit of the -- in respect to the last question, but I was struck that it sounds more like you're running 2 separate silos that are connected with interconnectors as opposed to doing the hard-lifting to merge the 2 SIEM products into a single platform, which ultimately I would think would be a goal. Can you talk a little bit about what the near-term tactical moves are relative to this versus the longer-term vision? And are you anticipating getting this into a single platform over time that tightly integrates the code base and allows you to very rapidly deliver incremental functionality and feature sets on the microservices architecture?

Alex, it's a really good question. And I think the right way to think about it is, first of all, the SIEM customer identity platforms are -- there's some overlap, but they're distinct and they serve different use cases today. The Okta customer identity platform is really well suited for these. Basically, if a customer needs a really robust database to store different user types and do security policies across those user types, it's better for the Okta customer identity platform. The Auth0 customer identity platform is better if the customer has a ton of developers and they want to control every detail of the experience and want a great developer experience. That's a simple way to think about it. And both of those teams have a lot of work to do to make sure that they -- this is a new market. And this is still -- the complete solution is still being formed in this market. So the first priority is make sure that these teams -- they're obviously coordinating now, and they're not duplicating future effort, but we need to make sure that they execute on their road maps and keep their torrid growth pace and so we can capture this market opportunity. That's the first level. The second level is we do not have to smash these things together and turn it into 1 monolithic architecture. That would be a huge mistake. It wouldn't be valuable to any one, and it would slow us down. So what you said is really important. It's the microservices approach that we're taking for the long term. And Diya has been thinking a lot about that.

Yes. So I'll reiterate what Todd said. We think SIEM is a homogenous market, but it's not. Think about a new app that's being built from the ground up tomorrow -- later B2B SaaS app or the next YouTube, and then think about an insurance company that's trying to come online. And the needs and requirements of these companies are really, really different. So saying that one -- that the SaaS -- that 1 platform is going to cover all needs is really not true today. And so what our goal is, as Todd said is, how do we actually go capture as much -- or provide as much value to our customers and capture as much of this market because the transformation is happening today. It's not happening 2 years from now. It's not happening 3 years from now. So the point is to provide the right technology today. And how do we do that with the 2 platforms we have, and we talked about this, our overlap across the 2 customer bases is 2%. Now on the microservices side, we want to do this thoughtfully. There are pieces of the Auth0 platform that are extremely valuable like their extensibility, their rules engine, et cetera. There are pieces of our platform that are world-class, like our Universal Directory, et cetera. The point isn't that just take and mash these pieces. What are the use cases we want to light up, and how do you actually take these 2 platforms and make -- and pull out the right microservices out of those and interconnect them to the life of the right use cases? And we're doing this really, really thoughtfully. So as we discussed, we see a lot more of that come out at Okta SIEM, but that's definitely the goal. But the #1 goal is to go capture the market right now and provide the value to our customers right now crossing different shade of segments.

And to reiterate what Diya said, some very specific concrete examples of what you might hear us announce at Octane22 in the spring, if you happen to attend. We're not committing to this, but I'll just give you some examples. The -- or we're not ready to make announcements, but I'll just give you some examples, so you really have a concrete understanding what we're talking about. Imagine if -- this example I talked about before, where there's a B2B SaaS app that's using Auth0 for identity. And the people that are building that app want to build an integration to Okta because thousands and thousands of their potential customers have Okta for workforce identity. Today, that integration goes through a protocol like SAML or OpenID or OAuth or something called SCIM. But imagine, since we are Auth0 on one side of that inside the app and Okta and the workforce on the other side, imagine how we can extend that and make it -- make the integration much richer and much easier and more valuable for the customer because we are on both sides of that exchange now as 1 company. So that's 1 really exciting area. The second really specific example is imagine if in the Auth0 platform, you can easily embed the robust Okta Universal Directory as a component. That's really interesting. And then the last example is, think about from a company we talked today with Venky from Hewlett Packard Enterprises, imagine if they had -- we built 1 admin console that lets him manage policies across his Okta deployment and his Auth0 deployments. Because it's not just a company -- this is more for larger companies, Global 2000. It's not that they just have maybe Auth0 and Okta, they probably have multiple deployments of Okta and multiple deployments of Auth0. So imagine an admin console that can sit above all of these deployments and manage policy across all of them. These are specific examples of how we can integrate things more closely together without doing what would be a mistake, which is trying to merge the 2 things together into 1 monolithic architecture.

If I could follow up just briefly, how are you taking the coding lessons that you brought in from Auth0 into the enterprise side of Okta, which is I think something that really needs to be brought up more aggressively?

I'll defer to the master of Auth0 coding.

When you say the Auth0 coding practices, what do you actually mean? Do you mean like the engineering practices or more like the customer experience?

The deep ability to tie into the coding community and bring their -- them into the development process, which has not been the hallmark of the enterprise side of the business.

Yes. Great question, Alex. And I'm grateful that you bring that topic up because it's one of the things that we wanted to highlight in Showcase today is that that's one of the things that makes us complementary and in that complementary lies our strength. We have a whole go-to-market and marketing engine and reach out to our developer community, which becomes the pipeline for some of our largest deals. And that's something that we now are able to reinforce and we're able to do more. Before joining forces with Okta, we have to balance a little bit and say, well, we have that, which is important to get the next Zoom, the next Salesforce, the next Slack on our platform early. So they -- we don't have to go and sell them later. We want all -- every start-up in the planet to use Auth0. So before joining forces with Okta, we have to balance that and with the business and the business of selling to larger organizations. And now we can do more. We can do both with a new level of investment, which is really awesome. And for TAM, I also -- I don't want to disclose anything to -- prematurely, but we have like big plans in how we are going to reach out to every single developer in the planet. There's 24 million developers in the world. And today, we only reach out to maybe hundreds of thousands, but a lot of room for growth there as well.

Yes. I'll just cap that off because it is something that's really, really important to me and the entire team. Part of the developer focus is a cultural thing. So order #1 is to preserve that part of the Auth0 culture. When I think about integrating these companies, as we made a ton of progress over the first 6 months, what's sacrosanct is that we have to maintain -- especially on Auth0 and spread into the entire company, we have to maintain that developer focus.

Great. Next, we're going to go to Adam Tindle at Raymond James.

It looks like Susan is lonely there, so I'll ask her a question. If you could maybe touch on the Salesforce integration and an update there. What kind of feedback have you gotten since announcing the intent to integrate the Salesforce? What are the key items that you're tackling right now? And what does success look like on Feb 1?

Sure. Thanks for that, Adam. I was lonely. Thank you very much. So we're so excited about the integration, and come Feb 1, every salesperson will sell everything, the entire portfolio. And we've learned so much just in the short period of time that we've done together. The collaboration between the teams has been amazing because we just lean in with looking at customer requirements and then deciding which platform we should be leading with. And so that's been hugely successful. And as Diya called out earlier, we see very little overlap. The hypothesis was that we were both serving different parts of the market, and that has absolutely played out to be true with the 2% of customer overlap. And the other thing I would say is that when you look at the range and the volume of digital experiences that every company or every government agency needs to supply at this point, that's why they're standardizing on a platform, right? Because the range is everything from -- take a Warby Parker, right, who's doing everything from their vision test to selling their eyeglasses online, they've disrupted an entire industry; to DICK'S Sporting Goods, who's trying to take 5 omnichannel experiences and make it 1 log-in; or take state and local government, right, State of Iowa, State Illinois, State of Vermont, all of them have now standardized on a combination, in some cases, of Auth0; and in some cases, of Okta to actually provide government to citizen experiences. So it's the range and volume of digital experiences that all these companies and agencies have to provide that is causing them to choose a platform now. Because, as I think Todd and Eugenio so eloquently described earlier, they want to focus on their core business requirements when they're doing their development and when they're creating their experiences; not on identity. And that's why this market is so exciting for us.

Yes. Got it. And maybe just as a quick follow-up for Todd and more of a clarification. With the Workflows announcement, I thought of that as under the ALCM umbrella, and I know it's been a big success. I think about ALCM as a precursor to the full IGA product in a few months. So maybe touch on the decision to break out and launch Workflows now if IGA is going to be its own skew to GA just a few months after this launch. What does it say about IGA? And any early feedback from the beta testing that you might include would be helpful.

Like a lot of things we do is really customer-driven. Customers want to do more with the Workflows platform service. The example that is, I think, useful to understand is Advanced Lifecycle Management, Workflow automation does things like when a new employee gets hired, do really specific and detailed data exchange and writing and updating across HR systems and directory services. That's an example of an Advanced Lifecycle Management use case for Workflow. But a very different use case that customers want to do are things like when a device on their network is compromised, they want a specific flow and process for how that gets remediated. They want to shut down these accounts. They want to notify the SOC. They want not -- to not open up the user profile for access until that device has been remediated. That's not a -- that's a security use case. That's not really a user -- I mean, it's identity so you're definitely changing the user life cycle, but it's a whole different trigger for the event, and it's a whole different kind of process on how it gets adjudicated. So that's 1 example, and there's -- we can list off 10 more. So that's really the motivation to break it out of its own platform service. So people can use workflow and then if they get value of it over and above the 5, 3 flows, they're going to pay us for that value in a few different configurations. The biggest being an unlimited configuration where they can use flows across all these use cases that are independent of Advanced Lifecycle Management. It's kind of a different -- it's not on the same track as IGA. IGA is still very exciting, and we're making great progress on that product. IGA has a bunch of other stuff on top of Advanced Lifecycle Management, things like request certifications, advanced reporting and far deeper capabilities in terms of compliance and helping customers meet their governance. So it's kind of different from when I see it than the IGA bucket.

Next, let's go to Adam Borg at Stifel.

Maybe 1 or 2. First, just on Auth0, the announcement of it now running on Azure in addition to AWS. If I understand correctly, core Okta runs just on AWS. So I guess, a two-part question. One, is there an opportunity to continue to bring Auth0 to other clouds such as GCP? And then two, is there any thoughts of bringing Okta to either Azure or GCP for similar reasons than the benefits you laid out for Auth0?

Yes. This is one of the most exciting announcements that we made. And clearly, with this, we can serve a wider range of customers all over the world. We give customers more choice. The question of whether we can run on other clouds is going to be driven primarily out of customer demand and where we see the demand for that. Right now, between Amazon and Azure, we have like a pretty good coverage. We -- it's been 2 largest public cloud providers in the world, and that gives us -- puts us in a good situation. But once you do it for one and you're like kind of decoupling some of the dependencies to one specific implementation and you did it just for another one, doing it for the third one, it's not as costly as starting from scratch. So my expectation is that the heavy-lifting of like being agnostic of the underlying infrastructure is what we're investing in. And so in the future, we'll see what our customers ask and we will meet them there.

Super clear. Maybe just a quick follow-up either for Susan or for Freddy. I think Todd made a comment this morning about there being hundreds of openings on the SIEM front across both Auth0 and, of course, core Okta. Maybe you can share a little bit more about where you're investing the most globally.

Yes. Absolutely happy to do that. First of all, kind of add on to what Eugenio just said regarding the platforms. Look, we're always going to look to find the best ways to service our customers. We talked today specifically about them being obviously available in AWS. Now we're extending what we can do in Azure. But over time, it's going to be available everywhere. So it's going to be available in GCP. People are going to be able to run it in perhaps new hyperscale organizations we don't even know about. The vision is really about independence and neutrality and helping everyone tie into whatever technology they want to use. So whatever infrastructure they're going to be running on, it's not available today, but it will be in the future. Those are certainly things that we have in mind as we think about design and architecture. Regarding open -- job openings. Absolutely. By the way, if you know anyone, Adam, who's looking for an amazing job, who you think is the best person you've ever worked with, please have them email me directly. Yes, we have job openings across the board on both the workforce and customer and API Access Management side of the house, from G&A and product engineering to sales. And obviously, our company is -- we're a people-focused company. I mean we have extremely aggressive growth plans over the coming years. Again, we've got our FY '26 models of $4 billion of revenue, 35% growth year after year going through to that with margins accelerating to get to 20%. Well, we don't have any heavy machinery. We don't have any factories. We're a people business. So yes, there are a lot of job openings. We are excited to have more amazing people come join us. And it's really around the world. Obviously, with this hybrid work environment, it's not just the offices that you might see Eugenio and Todd in both for Showcase and for this Q&A, but really across North America and around the world and in these hybrid remote scenarios as well. So we're really looking for all the best talent we can.

And one thing, people -- oh, sorry, Freddy, I didn't mean to interrupt. So I was just going to add that identity is complex. And it's -- we've talked about how the world is turning to identity first and it's becoming strategic for every organization. But it's still pretty complex. And that's why our strategy of building this at-scale company totally focused on identity and building it with a team that are the experts and it's really become part of our brand. Like when customers think about prospects, think about the company that can give them answers about identity, they think of Okta. And that's a powerful brand position because, yes, there's -- when you pick your identity platform, there's a lot of considerations about features and costs and on and on and on. But one of the big ones is, is this a company that can help me figure out this complex area? And that's -- when we differentiate ourselves from the big platforms that are sending out maybe a couple of identity people mixed in with the generalists that kind of cover the whole technology stack that company might sell, we're pretty differentiated against them because we are the experts, and we want to give that customer choice and flexibility to choose what's best for them. And we know this space. And so that's -- I think that's -- we talked about the hundreds of open positions, but it comes with a good sound, strategic rationale for that.

And let's go to Brian Essex at Goldman.

Eugenio, maybe a question for you. So I mean, certainly, Auth0, more developer-centric, more customizable platform; Okta SIEM more scalable, volume-focused platform. How do you think about the market opportunity for each? Do you have enterprises that utilize both? I mean given -- it's always -- it just surprised me the lack of overlap there, which I think given their focus makes some sense. But I mean, how do you think about which one has a better market opportunity -- maybe not even better, which one has a larger market opportunity? How do we think about slicing the TAM, if we were to look at the opportunity of one versus the other?

Brian, so look, think of all the applications you have used in your life. And if you find 1 application that doesn't need authentication, I would be really surprised, really, really surprised. So it's pretty much like -- if you think about it, every app, every market, every segment, every company on the planet needs authentication. And most of the applications that are written that are out there in the real world are using like substandard and suboptimal solutions because they build it over time, it's not core to their business, so they kind of hacked it together, and they are not up to the task of today's demands, right? So it's not very integrated. It's not secure. We hear hacks every day. Things are bridged. So the -- so when -- even in the TAMs that we are estimating, which is like 30 and 30 -- $30 billion, $35 billion, those are humongous numbers, I think they are probably well, well underestimated of the enormous opportunity that we have in front of us. Because it's pretty much every company in the planet needs us, either for the applications that they are going to -- they are built and they need to modernize or the applications that are going to be built because, again, I don't know you, but my digital experience today, it's not often, and I'm still dealing with passwords. Why? Why I'm dealing with passwords? I don't want to deal with passwords anymore. I recently signed a lease, and I had to deal with like a pile of paper. We are in 2021. So a lot of applications were built and a lot of applications are being built. And all of those are our potential customers. So it's entirely of the world. Second to your other question, there's already a huge number of customers using both of our platforms today. One of them was in Showcase, was MassMutual, and they use these -- both our technologies and interconnected. And we have like a good number of customers using both but for different reasons because there's variety of use cases is so wide that we actually need both platforms. That's why we are so insistent on we need to keep both platforms because the surface area is so large that one doesn't cover everything. We need both.

And Brian, I would just add. I think what's really interesting is when you think about joint Okta and Auth0 SIEM customers, it really runs a gamut. You've got Fortune 500 organizations like News Corp, who have very simple applications they want to get up there. They want to use a low code or no code approach. They'll use the Okta SIEM platform. They've got some very brand-new maybe digital applications. They want to get out there with a lot of customization. It's a great fit for Auth0. You've got up and coming, the future unicorns of the world, the Rubriks, the Kivas, the Motley Fools that are using both. And then you even have the public sector, following on to what Susan mentioned earlier. We're seeing huge adoption. Larimer County, which is where Fort Collins in Colorado, is a great example. They're using both platforms. Again, some, they want easy customization out of the box; and others, they really want to make it a very customized experience. Great solutions for both, and they're going to continue to use both of those platforms in the time ahead. And I think that speaks back to Alex, probably, your question earlier on of why invest. There's just such a big opportunity out there. We want to make sure we can really give customers the opportunity to use the platform and the services in the ways that make most sense for their business.

And maybe just a quick follow-up to that. Are those -- I guess, enterprise experiences of consuming your platform, are those unified right now? Are those still separate? And is that the first step to bring them into like a unified like usage console, so that they can select whether or not they want 1 platform or the other?

Yes. Today, we're obviously just 6 months into the integration. So both of these businesses are obviously doing very, very well. They've grown very fast. Rule #1 that Todd has hammered into all of us is like don't screw it up. So make sure that both businesses are hitting their numbers this year, which they're doing a very good job of. Yes, absolutely, over time, there's going to be a ton of integration that we can do. A very simple example is like -- think about the signal from security incidents. We protect thousands of customers today on both sides. We get a lot of signal in when there's a [indiscernible] Okta behaving poorly against one particular organization. We can now help that many more organizations with that much more signal. It will improve our joint products like ThreatInsight and otherwise. But yes, there's a lot of different things that we're going to do over time to integrate that experience, while ensuring that the customers still have the right platforms they want to develop in to make -- that makes more sense for their business.

Yes. And I'll jump in and say you're absolutely right. Over time, we will start combining the experiences to be able -- so that you can come to 1 admin console, so that you can come to 1 reporting set of capabilities, et cetera. But the key thing we're getting asked by customers right now is help us get up, be secure, reach our customers. It's the let us reach our customers, be live, be secure, and then we can work through the complexity of solving the management's pain.

If I can, I'll just add to that. I think the important thing here is that we make sure on the customer success side of things that they get 1 experience. So they get an experience from Okta. It doesn't matter whether they are on the Auth0 platform or the Okta platform. And that is something that we are absolutely focused on, and we know that we can deliver for our customers.

Great. Great. Thank you. Next, we're going to try to take a question from the buy side. We've got Jackie Glynn from Glynn Capital.

I guess, as you look at -- 2 questions really more on the sales side. With Auth0, can you kind of walk through the trajectory of adoption in a customer? Clearly, like you start off with 1 app. But can you walk through how that plays out for multiple applications? And kind of like you sell into 1 -- the developer to get this, like how does it work to get multiple applications in an organization? And then, I guess, I try -- and we've had a number of questions really trying to understand the evolution of the Salesforce as you bring them together. But I guess, as you sell these and you sort of -- and Susan St. Ledger says you guys have 1 customer experience. The buyers are on different areas because workforce is probably more back office and customer identity is more front-end. And can you find a set of people you can really sell into the kind of type of both areas, so you're not really having to sell so much individually or will always be an individual sale?

Great. Okay. Well, are you ready? Because I'm going to tell you the story about Auth0 and the -- one of our secret sauces in what made Auth0, Auth0. And so the hypothesis we have is that every company is a software company. Every company depends on software to exist nowadays. They cannot live without software. And that software is written by individuals, the people. It's not -- doesn't write on its own. And those people are developers. And there's not enough developers in the planet to deliver on that demand. And so anything that will make developers more effective, writing solutions faster, more secure, more robust is going to be a good thing. That's how Auth0 started. And so we started with developers, empowering developers to check the box on something that is complicated, universal, that everybody needs, but it's not really what they really are wanting to do. They want to build a better e-banking system, a better health care system, a better whatever system. Everybody needs it, but nobody really cares about that much, right? They care about other things. So our core company is built around that, and the journey starts by discovering us. So developers, if you've met one, you know that the best friend of a developer is Google. And so you go to Google and say, "I need to solve authentication." You search from there. Then you go and you find a solution. That's where our content marketing plugs in. You find our educational material. You download editorial. You create an account. And then we allow you to play with our technology. So the freemium is try before you buy this experience of not requiring talking to anybody, just experiencing the product on your own, making your own judgments and not trying to sell you something in advance, that's key to that motion. So you go from trial. You try it out. Most developers have a site projects or they have like a hobby project. They do that on the weekends. And then on Monday, they have a day job. And they might be working for News Corp. They might be working for Wall Street Journal. They might be working for MassMutual, big companies with massive projects. And the challenge with that is Google. They go and say, "How come I need to spend 7 months building the same? And for me, for my pet project, my hobby project in the weekend, I am done in 10 minutes? Why don't we just buy that and be done with it?" That's how we go into the -- into bigger accounts. That's how we sell of our larger deals, if that makes sense. In between those 2, there's a self-service business, which is like from free trial to the big companies, there is like this middle ground, which is smaller companies, start-ups, people who are not ready to be -- maybe not ready for the volume and the compliance requirements or the sophistication of a MassMutual, but they still need the product. And so -- and it's not free. So they pay as you go, they pay with a credit card. We have thousands of those people there. So the free -- the self-service become essentially the funnel and the pipeline for our largest deals but also allows us to not just grow on revenue, but it allows us to grow on mindshare, I mean, in thought leadership. So when developers -- the other thing developers do besides Google is they ask their friends. And said, "What are you using?" They go to Twitter and say, "What is the best platform? What are you doing on authentication?" And they -- we want to be in their minds, top of mind, when somebody asks that question. So a lot of our of marketing, education content goes towards that. Does it make sense, Jackie?

Yes, that makes a lot of sense. That's helpful.

When they are willing to go pay -- because one misunderstanding is that developers don't want to pay. They want to pay. They want -- but if it's somebody else's checkbook, that's a difference. It's not their own checkbook. There are influences in these organizations. So we want to make sure that when they are ready to pay, when the MassMutual CSO, the Chief Digital Officer, the -- are ready, you want to be prepared for that call, and that's kind of like what will happen afterwards in Susan's organization.

Right. Just adding a little color to that, Jackie. I mean it does -- yes, developers get it started. But when something is going to be deployed, the CSO and the CIO care, right? They have to -- they're the ones whose neck are on the line to the experience of the security. And so it definitely comes together at the CSO/CIO level, even though it starts -- even though the motion for Auth0 starts very differently than the original Okta motion. Truth of the matter is they come together. And what we're seeing -- what we're hearing from CSOs and CIOs is they love the fact that they have these 2 platforms with very different experiences to solve different use cases. And because companies are starting to understand that identity is a strategic choice, it's a 10-year choice for them. And so what they're asking us to lay out for them when they should be using each platform, and they're placing these bets because they know that we are neutral and they know that in the end, we are the only company that is identity. And other companies have a mix of other -- we're the only modern identity choices, the 2 platforms together, Auth0 and Okta. And so I think that's where we see it coming together as the CSO and CIO, and it's helping us really get deeper penetration across all organizations.

Thanks, Jackie. Next, we're going to go to Hamza Fodderwala at Morgan Stanley.

This might be for a number of you, so just whoever wants to jump in on this one. But Eugenio mentioned very much a self-serve freemium go-to-market model on the Auth0 side. I'm wondering from an Okta perspective, do you see any improvements in sales efficiency as you adopt that more self-service approach on the SIEM side and particularly as you think about reaching some of your longer-term profitability targets?

So as Freddy mentioned earlier, the first thing Todd said was you don't screw up the developer motion, don't screw up the self-service. And so 100%, we are leaving that untouched, and it's working incredibly well, and there's no reason for us to change anything there. We do believe that ultimately, for the reasons we just talked about that is going to help us on both ends of the spectrum. It's going to help us -- it's going to continue on the self-service side, but it's also going to give us insights as to who is doing a lot of identity work on the self-service side and are we already talking to their CSOs and CIOs about the overall strategy. So we do believe the 2 come together, but we're very, very clear on do not screw it up.

I'll just add there, Hamza. You said margins, so I have to talk. So I'll just add in there. As you know, obviously, we put the long-range targets out there. Freddy talked about them earlier. Obviously, as we bring these organizations together, we're going to harness the best of both to be able to make sure that we can not only grow the business but also grow responsibly. And so if there are opportunities for us to save some money but also [ topple ] back into driving growth, we're going to do that. And you can see that in the rule of 55% that we've put out there with a greater than 35% in every year and all the way through FY '26 and the 20% free cash flow margin in FY '26 that we've kind of like set rule 55% being out in FY '26. So the idea being is we're going to try to grow as fast as possible, but while also doing it responsibly as we bring these 2 teams together.

Great. We're coming up on time, but we've got good questions and a few more hands up, so we'll go into overtime here. Let's go to Ben Bollin at Cleveland.

I was hoping you could talk a little bit about the selling motion between -- the differences between workforce and SIEM, specifically around the length of that sales cycle. And also, curious if you have any thoughts on the progress you're seeing on cross-sell workforce, core Okta workforce into the Auth0 footprint.

Yes, Ben, happy to talk about that. So there are certainly some differences. I think the workforce -- taking the first question first, the workforce business has been around for a long time. So when people talk about that you talk about traditional enterprise identity management, it was basically all workforce. So it's well understood. There's a central buyer that does this in IT or IS. they kind of manage this process. The great news there is it's usually a budgeted line item, number one. Number two, there's a lot of sales, both reps as well as managers, who know how to sell this product. So that means we're also getting a lot more great experienced talent as we go more and more upmarket, which is very exciting. So in terms of how long those sales cycles go, it all depends. When you're talking about Fortune 500, it's traditionally a longer sales cycle than when you talk about small, medium business that might actually close within the quarter. So nothing unusual there, what you'd expect in large enterprise sales. I think what's also very interesting, though, and a good reminder for folks, is how our business works. If you look at the dollar-based net retention that we used to talk about in the 115 to 120 range, it's recently ticked up. It's now jointly 124 with our friends at Auth0, but it was 122 stand-alone Okta. That really speaks to the fact that this is not forklift upgrade program. We show up. We get customers up and running very quickly with specific projects they're trying to roll out: maybe rolling out Workday to 50,000 employees, maybe getting Office 365 spun up to 100,000 worldwide employees. We do that better and faster than anyone else. And then we learn how to build those relationships, build that trust, and the executive leadership at that large organization starts giving more and more to us. And then over time, we can go back and say, "Hey, here's the plan to turn off the lights on your Oracle, your legacy paying, your CA, your IBM over the next 3, 5 years." And that's how we build these relationships. And the proof of the pudding, you see how these larger and larger organizations just continue to build on what they're doing with us. When it comes to SIEM, it is different. First of all, the competitive dynamics are very different. It's a build versus buy story. So as Eugenio mentioned earlier, look, if you think about messaging, that's a $60 billion business for Twilio. Well, a lot of people need messaging. If you think about payments. I mean I know Stripe's private, but people talk about $100 billion valuation. So I would argue that a lot of people need payments, to everyone needs identity in all the applications they're building, whether they're native mobile applications, whether they're improved web experiences. And so our job basically is to help people understand that they can use their precious developer resources for sustainable competitive differentiators in their business and take identity off the shelf from the experts, Okta and Auth0, and just put it inside their applications. And that's kind of our job, and that's what we have to do. As a result, though, back to how long those sales cycles take, a lot of times, as Eugenio mentioned, the Auth0 folks, they'll already be using the product, right? Because they've gotten only -- they brought 1,500 enterprise customers to the base, 13,000 more that are paying monthly active self-service subscriptions and another 40,000 active free subscriptions being utilized, which I think just speaks to how they go through their motion. It is a little bit more of an engineering or technology-focused approach because you are talking to a CTO or a VP of Engineering and their development organization. But those are some things that we're obviously very, very good at. And then finally, the second part of your question, which was around cross-sell and upsell, I mean, the opportunities are huge. Not only have we seen so much more cross-sell and upsell in Okta stand-alone, from the workforce to the SIEM side, our different products becoming so feature-rich now, we can land with MFA and SIEM and then move over to workforce. We could land with workforce and then find SIEM opportunities. And now you just add all the richness of the environment that Auth0 brings, and that's going to be phenomenal for us. In addition to the 2 things we talked about, 1,650 new enterprise customers that are obviously very good for us to do workforce cross-sell into since they were Auth0 SIEM customers. And number two, to the question earlier, what can we learn as a combined organization from Auth0? Well, one of the things is that developer community that Eugenio talked about, right? All those paying self-service subscriptions, the active free subscriptions that are being utilized, how you can really get those to mature and become obviously, in the end, enterprise contracts, that's something that we're very excited about, and I think provides a huge base for us to cross-sell and upsell into the years ahead.

Okay. We're going to take our last question from Eric Heath at Keybanc.

Eugenio, earlier in the Showcase, you mentioned that Auth0 is now seeing an acceleration in the number of deals and shorter sales cycles. So could you just drill on that some more? So what is it you attribute that to? And do you think that accelerates even faster next year with the alignment of the go-to-market team?

Yes. So we are on track for our plans. We didn't see a slowdown in our business at all. We did a study on our brands. We do this every year, so it's an interesting comparison like the brand awareness. And this is like unaided brand awareness, so this is like -- imagine asking a customer, what is your top 3 identity and access management platforms that you would consider in your projects? And so you don't mention anyone, and they have to come up with their own -- on their own. And so we did 1 last year, in 2020, and we recently did another 1, same question, same constituency or same group of people, and that awareness increased significantly. And so we are just seeing that the validation of the transaction and the joining forces as being a company that is -- that knows what we're doing. We talked before about the experts -- being the experts in this domain. We talked before about being the only company for which identity is not a means to an end, but it's the end. And I think that's essentially saying, yes, this is it. We need to -- this is a safe bet for us on the full spectrum of requirements because now we can cover more. We can do more for you. So no slowdown in sales, no slowdown and better pipeline, better metrics across the board, increased brand awareness. I think that's what I was trying to say.

Okay. Great. Well, thanks for your time today. It's been a great meeting. We appreciate your participation. I apologize for the couple of hands we didn't get to. If you have any follow-up questions, you can e-mail us at [email protected]. And we'll talk to you next time. Thank you very much. Bye.

Thank you.

Thanks, everyone.