Okta, Inc. Q1 FY2025 Earnings Call
Okta, Inc. (OKTA)
Call artefacts
Call audio is not captured yet.
A slide deck is not captured yet.
Transcript
Auto-generated speakersHi, everyone. Welcome to Okta's First Quarter Fiscal Year 2025 Earnings Webcast. I'm Dave Gennarelli, Senior Vice President of Investor Relations at Okta. With me in today's meeting, we have Todd McKinnon, our Chief Executive Officer and Co-Founder, and Brett Tighe, our Chief Financial Officer. At around the same time that the earnings press release hit the wire, we posted supplemental commentary to our IR website. This posted commentary contains a large portion of what would historically be the opening commentary, including customer commentary, product-related news, and a review of our financial results. This new format allows listeners to review that information before this call. Today's meeting will include forward-looking statements pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995, including, but not limited to statements regarding our financial outlook and market positioning. Forward-looking statements involve known and unknown risks and uncertainties that may cause our actual results, performance, or achievements to be materially different from those expressed or implied by the forward-looking statements. Forward-looking statements represent our management's beliefs and assumptions only as of the date made. Information on factors that could affect our financial results is included in our filings with the SEC from time-to-time, including the section titled Risk Factors in our previously filed Form 10-K. In addition, during today's meeting, we will discuss non-GAAP financial measures. Though we may not state it explicitly during the meeting, all references to profitability are non-GAAP. These non-GAAP financial measures are in addition to and not a substitute for or superior to measures of financial performance prepared in accordance with GAAP. A reconciliation between GAAP and non-GAAP financial measures and a discussion of the limitations of using non-GAAP measures versus their closest GAAP equivalents is available in our earnings release. You can also find more detailed information in our supplemental financial materials, which include trended financial statements and key metrics posted on our investor relations website. In today's meeting, we'll quote a number of numeric or growth changes as we discuss our financial performance. And unless otherwise noted, each such reference represents a year-over-year comparison. And now I'd like to turn the meeting over to Todd McKinnon. Todd?
Thanks, Dave, and thank you everyone for joining us this afternoon. Q1 was a solid start to FY’25, highlighted by continued strength of large customers and the public sector and record profitability and cash flow. The operating efficiency actions that we started almost two years ago have delivered outstanding leverage to our model. While it's difficult to quantify the impact on our business from the October security incident, our analysis continues to suggest minimal impact on our financial results. Today, I'll cover the progress we've made with the Okta Secure Identity Commitment, and then review some of the highlights from our showcase event earlier this month. As a reminder, we launched the Okta Secure Identity Commitment earlier this year. This is our long-term plan to lead the industry in the fight against identity attacks. It's aimed at hardening our ancillary and corporate systems and further strengthening our products and services, as well as championing customer best practices that help enable our customers to be highly protected. We want our customers to benefit from our depth of experience, so we are further enhancing our customer policies to help ensure our products are deployed with Okta's best security practices. In only a few short months, we've made meaningful progress. Identity plays a critical role in the technology stack, so it's not surprising that identity-based attacks have become a top method for threat actors. Over 80% of data breaches in the industry involve some kind of compromised identity. Identity is security. As part of our vision to free everyone to safely use any technology, Okta is modernizing identity and effectively modernizing security. We are protecting our customers by blocking over 2 billion security attacks a month, and it's likely that number will only grow. During the week of the RSA conference, we hosted 100 of our customers at our hybrid showcase event. In addition to the keynotes, we hosted a large group of CISOs from various industries to discuss today's threat environment and how Okta helps protect them. It was an energetic forum, and we walked away with even more confidence that we're on the right track in delivering industry-leading identity security solutions. Our products are the foundation of Okta. We already have the broadest array of identity products in the world. Building on that, our current rate and pace of innovation is really impressive. We've historically put a lot of focus on delivering secure products to our customers, and we are now on the journey to make Okta one of the most secure companies in the world from every aspect, from our internal technologies to people to processes. At showcase, we featured the latest product innovations starting with a new product, Identity Security Posture Management. Stemming from our recent acquisition of Spera, this technology is a fantastic addition to our portfolio as it proactively identifies vulnerabilities and security gaps before they can be exploited. It works for both Okta and other identity providers like AWS and Azure AD, bringing a multilayered defense strategy on top of the already strong security capabilities in the workforce identity cloud. Earlier this month, we began rolling out Identity Security Posture Management to select customers in North America. We're also excited about the launch of identity threat protection with Okta AI, which includes powerful features like universal logout, which makes it possible to automatically log users out of all of their critical apps when there is a security issue. Think of this as identity threat detection and response for Okta. We expect identity threat protection to become generally available this summer. There are so many more new products, features, and enhancements that we spoke about at showcase, So I encourage you to check out the summary in our posted commentary. We're really excited about all the great innovation that is taking place at Okta, which will help drive future growth. I also want to remind you of our three top priorities for FY’25 because they are fundamental to our success. It shouldn't be surprising to anyone that security is our top priority, from our company culture to our security architecture to our products and services. The second is reigniting our growth, and this is where all the great product innovation will contribute. And the third top priority is scaling Okta in order to set us up for success to become a $5 billion and then $10 billion-plus company. To wrap things up, we are pleased with the start of FY’25. We're expanding on our robust and modern identity platform, and we have a strong pipeline of products and functionality powered by Okta AI. Identity is security, and Okta is playing a critical role in helping companies protect themselves from identity-based attacks. As always, I want to thank the entire Okta team for their tireless efforts and our awesome customers and partners around the world who put their trust in us every day. Now here's Brett to cover the financial commentary and talk about how we're positioned for long-term profitable growth.
Thanks, Todd, and thank you, everyone, for joining us today. Just a quick reminder that most of my typical commentary on the quarterly financials was published on Okta's Investor Relations website at the same time as the press release. I'll cover a few of the financial highlights, but we'll focus my commentary on broader topics before getting into our business outlook. Our solid Q1 financial performance continues to suggest minimal impact on our financial results stemming from last year's security incident. Consistent with last quarter, as we analyzed our key metrics, we couldn't attribute a quantifiable impact from the security incident on our Q1 results. And while not quantifiable, the event likely had some level of impact. We'll continue to monitor this as we move through the rest of FY’25. The macro environment during Q1 was relatively consistent with what we experienced over the past few quarters. In short, it's stable but still challenging, and most notably having an impact on our mix of new business versus upsells with existing customers. Moving on to some financial highlights. Over the past several quarters, we've put significant effort into positioning the company for profitable growth for years to come. The actions we've taken to drive efficiencies in our cost structure have yielded impressive results. Our Q1 financial performance was highlighted by record operating profitability as well as record free cash flow, resulting in a free cash flow margin of 35%. The cash flow performance is even more impressive when considering it includes a $22 million impact related to the headcount reduction action at the start of Q1. Another highlight in the quarter was Q1 subscription gross margin of 83.5%, which represents an increase of 420 basis points when compared to two years ago. The improvement reflects the cost-saving initiatives we've taken that have resulted in lower platform costs. We expect subscription gross margin to remain in the 83% range and flex down slightly for the rest of the fiscal year as we invest in the business across key areas such as security, public sector, and customer support. We were encouraged by Q1's strong top-line metrics and pipeline growth. Public sector was a particular area of strength, led by our largest ever public sector deal. In fact, five of our top six deals in Q1 were with public sector organizations. And despite the strong quarter for public sector deals, which are typically one-year deals, the weighted average contract term length for contracts signed in the quarter increased year-over-year. We added 150 net new customers in the quarter. This primarily reflects the ongoing business trends of the current macro environment, resulting in an increased weighting of upsell versus new business and continued strength with large enterprise customers. Once again, our fastest-growing cohort was large customers with $1 million-plus ACV. Now let's turn to our business outlook for Q2 and FY’25. As always, we take a prudent approach to forward guidance. We're factoring in a stable but still challenging macro environment consistent with what we've experienced over the past few quarters. We also continue to incorporate some conservatism into our outlook as we continue to monitor potential impacts related to last year's security incident. Again, you can view the more granular guidance details in our press release or posted commentary. For the second quarter of FY’25, we expect total revenue growth of 13% to 14%, current RPO growth of 10% to 11%, a non-GAAP operating margin of 19% to 20%, and a free cash flow margin of approximately 5%. Keep in mind, the cash flow in Q1 was a record and that Q2 is seasonally the lowest quarter of the year. We are raising our outlook across the board for the full year FY’25. We now expect total revenue growth of 12%, a non-GAAP operating margin of 19% to 20%, and a free cash flow margin of approximately 22%. To wrap things up, we remain confident that we've set the path for profitable growth for years to come. Our balance sheet is strong with a net cash position of approximately $1.2 billion. And we continue to focus on initiatives to drive the top line while driving operational efficiencies. With that, I'll turn it back to Dave for Q&A.
Thanks, Brett. I see there are quite a few hands raised already, and I'll take them in order. And in the interest of time, please limit yourself to one question so that we can get to everyone, and then you're welcome to queue back up with additional questions. So with that, let's go to our first question from Gabriela Borges at Goldman.
Hi, good afternoon. Thanks for taking the question. For Todd and Brett, I'm hoping you can provide some qualitative commentary on sales productivity. There are factors outside of your control with the macro, but maybe talk about the factors that are within your control. And specifically, how you think about training and enablement around cross-sell and where you think NRR can go over the medium-term with some of the new products that you've released? Thank you.
It's something we're really focused on. I've talked about it on previous calls. One of the leading indicators of productivity is tenure and the level of tenure in the sales team has been ramping over the past few quarters and it is at a comfortable level now for us. So we're happy with where it is. And we are waiting to see throughout the year for the ramp in productivity that will come from that. And I think in Q1, it was good, but it can't get better in previous quarters, mostly because just the sales for the year ramp through the subsequent quarters of the year. And also we assume that the productivity will be higher through there. So Q1 is solid, but it is only a small part of the year, and we are really optimistic about the further increases in productivity through the rest of the quarters of the year. In terms of cross-sell, we had a very strong quarter in terms of cross-sell. We are happy with the way the team is positioning both clouds, starting with workforce and then moving to customer or even in the public sector deal we mentioned is actually a significant cross-sell the other way. It started with customer identity, and then the big upsell was with workforce identity which is a healthy thing to see in the business. So that is a key metric. And I’d say, we're off to a solid start, and we're really optimistic about what could happen in the rest of the year in terms of acceleration.
Thank you.
Now we'll go to Fatima Boolani at Citi.
Hi good afternoon. Thank you for taking my questions. Todd, just to piggyback off that last point. So the public sector performance has actually been very consistently strong over the arc of the last several quarters. So I was hoping if you could drill into this with a little bit more detail as it relates to what sort of catalysts are you tapping very effectively within the public sector. And frankly, the public sector strength is outside of the normal confines of what we typically see from a timing standpoint, typically back half of the year, coinciding with the US Federal fiscal year-end. But any specific details around what mandates you're tapping and why public sector has actually been so strong and consistently strong, whereas kind of other parts have been maybe a little bit more challenged. Thank you.
Yes, there are several factors at play. I'll highlight a few to help you understand the business dynamics. Firstly, public sector deals tend to be larger, which means we are selling to bigger organizations that haven't been as affected by the macro environment in recent quarters compared to the SMB segment of our business. We are observing that our fastest-growing customer segment consists of those spending over $1 million, and customers spending over $100,000 are growing at a rate of 12%, compared to the overall customer growth rate of 6%. This shift upwards in our customer base is beneficial for long-term growth. In the public sector, we deal with state and local, Civilian Federal, and Department of Defense Federal clients, with the majority of our public sector business being in the US. A significant win for us this quarter includes a selection by the Department of Defense to standardize access management across the agency, which is exciting for us. This success stems from continuous sales efforts and successful implementations in smaller parts of the department and other federal segments. Our improved certifications, like IL4 and the capability to handle some IL5 workloads, along with FedRAMP High, have contributed to our momentum. Additionally, organizations are increasingly investing in technology, recognizing that identity solutions provide them with flexibility and better options. For instance, the Department of Defense was using over 75 identity tools, which highlights the complexity of their needs. They are looking to be more efficient with their resources and consolidate their identity solutions to manage vulnerabilities better against cyber threats. They understand that a robust identity platform is essential for strengthening their cybersecurity posture. These are some of the significant dynamics at play, and I hope this information is helpful.
I would just add that, actually, two things. First, a couple of years ago, one of our three strategic initiatives focused on federal efforts. This was back in fiscal year '23. We dedicated significant time and attention to this area, and you can now see the results of our hard work over the last couple of years, with our focus truly starting to pay off. Secondly, it’s important to note that we are still in the early stages of this opportunity. We view the public sector as a significant opportunity, and there is still plenty of room for growth in this area.
Great. Let's go to Brad Zelnick at Deutsche Bank.
Great. Thanks so much for taking my question. And congrats on a good result especially relative to some crazy stuff happening in software. Brett, my question is for you. I'm just trying to reconcile the Q2 current RPO guide for further deceleration with what otherwise looks strong when I look at Q2 revenue and the full year revenue guide, what dynamics should we consider? Does some of those public sector deals maybe not fully make their way into current RPO? Or are there any other factors that we should keep in mind when thinking about your current RPO guide for Q2? Thanks.
Yes. There are no specific factors impacting the public sector. They are included in the current RPO numbers for Q1, which show a 15% year-over-year growth that we consider solid. However, when we review the guidance for Q2 and the current RPO, we are taking into account two main elements. First, macroeconomic challenges are still present, affecting us in two ways: new logo acquisition and upselling, particularly around seed upsells and monthly active user upsells in customer identity. This situation continues to hinder growth, impacting the net retention and current RPO numbers, as well as any guidance we provide. The second element is the security incident. While we experienced only a minimal financial impact in Q1 and Q4, as mentioned 90 days ago, we are being cautious and incorporating this into the guidance we shared today.
Next, we have Eric Heath at KeyBanc.
Hi, thanks for taking the question here. I guess I wanted to drill in on some of the PAM commentary from the prepared remarks. A couple of nice customer wins that I thought was quite interesting. So could you elaborate more on those customer wins? Just firstly, were they displacements? And if they were on-prem or cloud workloads? And then third, just as it relates to the telecom customer, specifically you mentioned it needed to meet federal compliance requirements. So is PAM already FedRAMP certified at this point because that seems pretty impressive to me if it is.
We are very pleased with the progress of PAM, especially considering it is in the early stages of its lifecycle, having been available since Q4 of last year. The early traction we are seeing is encouraging, as expected. It is not necessarily replacing other technologies but because the product is user-friendly and specifically designed for modern cloud environments—where users are managing numerous virtual hosts and utilizing containers in contemporary DevOps settings—it fits particularly well. Often, we encounter these environments lacking a privileged solution, and our product integrates seamlessly. Additionally, it is reassuring to see our thesis validated; PAM is frequently purchased as part of a comprehensive suite. Customers are acquiring governance and PAM alongside our workforce access management tools. Our belief has been that these three components should be more interlinked and come from the same vendor, and we are establishing the identity suite for workforce applications to ensure they work well together. This has been illustrated by some of our initial successes. Specifically, when governance is sold, it can represent one-third of the annual recurring revenue once it is implemented. We are also observing similar early signs of uplift for PAM, which is encouraging. However, it’s important to note that the product is not yet FedRAMP-certified, but that will come later. In summary, we are excited about the early proof and validation of our strategy in this market.
Thanks Todd.
Let's go to Adam Tindle at Raymond James.
Okay thanks Dave. Todd, I just want to first acknowledge the impressive profitability here. On the flip side, if I look at Brett's guidance, it looks like Okta is likely tracking to a single-digit growth business within the next couple of quarters. I noticed in your prepared remarks, you used the term reignite growth. So I just wondered if you can maybe just double click on the top opportunities that you see to reaccelerate growth from here, which areas would those be? And then secondly, from a capital allocation perspective, Brett noted that you have $1.2 billion of net cash. Is there something that you might consider more transformational that would help accelerate that timeline to reignite growth? Thanks.
The — reigniting growth is one of our top three priorities. Of course, the first is securing Okta and securing our — making sure our products do the same things for all of our customers and with our secure identity commitment. That's our Number One priority. Second is reigniting growth. So it is very important to us. And I think — there's three important things I'll call out there in terms of how we're thinking about driving up that growth rate and doing everything we can to meet and then exceed our guidance we've put forward. That first one is we want to make sure that we are — we have trained, enabled, tenured, productive salespeople. And as I mentioned previously for a couple of questions ago, we think we're off to a solid start on that dimension. The second one is new product innovation, where we are just starting to hit the ramping phase of — in terms of the next few quarters of material impact of — our governance product. PAM is a few quarters behind that, but it has a potential to get there being built and sold and positioned as a suite, which I think we are seeing really early signs of compelling value there. We have a customer identity business that's, by far, the leader in the industry that has a ton of innovation coming in that part of the business as well with highly regulated identities and all the other announcements we've made there. And so the products are really important part of what we're doing. And then the third thing is just broadly speaking, how we fit into the partner ecosystem and particularly in the large enterprise, working more effectively and being strategic partners with the global SIs and having them fit us into their — or build practices around us so we can fit seamlessly into what they are trying to do strategically with their businesses and all the way up and down the partner channel. We've made a bunch of changes there over the last year. And hopefully as you all talk to the folks in the partner community, you are seeing positive feedback about what we're doing and how we can work with the partner community effectively and to serve everyone's mutual interest. So those are some of the highlights. It is very important. We think we have a very big long-term market opportunity. And we are not here to be a slow growth company. We're here to be accelerating growth and reaching that market opportunity over the long-term.
No, I'd add one or two things to that, Adam. One is around the hunter-farmer model. I know you guys heard about that from us 90 days ago, a couple of months ago or three months ago. we obviously want to accelerate logo acquisition and obviously penetrate the customer base. I mean we've got 19,100-plus customers and you heard us talked in prior calls about governance customers of only — it's measured in the hundreds. So there's a lot of opportunity inside the customer base, I'm just using governance as an example, but you could apply what I just said to everything Todd just said in terms of additional products. And hopefully everyone had a chance to look through all the exciting product announcements that we made at Showcase or listed out in the posted commentary. And then in terms of your question around capital allocation and capital structure right now, we are going to continue to do what we've done in the past, right, be opportunistic with the debt and leave the balance of the money there for operating the business and looking at tech tuck-ins, things to accelerate the road map like you saw with Spera, which then turned into posture management, which is an exciting product that just came out a few weeks ago. It is only available to some customers in North America. So it's still very early, but it's just another example of us taking small tuck-ins and frankly, accelerating some new exciting features for our customers.
Let's go to Hamza Fodderwala at Morgan Stanley.
Thank you for taking my question. I want to express my congratulations on the results in a challenging environment. Todd, referring back to your comment about accelerating growth, transitioning to a $5 billion or $10 billion revenue company, how are you viewing the slower hiring pace you’ve experienced over the past couple of years? Are there any indicators in the demand environment or opportunities that might suggest you could ramp up hiring? Additionally, how should we consider the growth margin equation moving forward?
I think in the enterprise segment we do. We see signals there. I think in SMB, it's still more of a wait and see. I think, we'll have to see some more quarters of stability or improving dynamics there — before we'll be more comfortable ramping that up. Brett mentioned one of the changes we made, which is doing this hunter-farmer approach in the SMB segment, which we're very optimistic about. It's going to take a few quarters to have the impact we think it can have. But as that settles out and as the — some of the economic choppiness maybe stabilizes further or picks up a little bit, we'd be more confident adding headcount there. I think the enterprise, public sector, strategic international segments are — that's where we've seen a lot of the growth, and that's where our customers have the biggest need in terms of lots of complexity, lots of technical choice really matters like not being locked into one platform is really valuable. They have a lot of risk, a lot of cyber risk, a lot of risk of not getting the technology adopted and driving their business forward. So I think that's a really long-term place to invest, and we are looking at making sure we do that in a measured way, we don't want to — we want to balance growth and profitability. But we're not going to leave opportunity on the field where we see we can take it.
Thank you.
Let's go to Madeline Brooks at BofA.
Thanks for taking the question. I just want to go back to the guidance and pick it a little bit. So it feels like the second half guide is very conservative. And I just looked at one quarter results, and also assuming that the second quarter comes in line, the model shows a pretty significant slowdown from one half to second half. So can you just go a little bit deeper into the specifics of the conservatism? For example, if I think about churn, it takes roughly three to four quarters to turn off of the identity platform. So is that an increased risk that you're looking at for the back half compared to, say, signing new businesses?
Yes. I think it's a little bit of a mix of both new business and on the renewal side of being prudent about both the things I talked about earlier around macroeconomic uncertainty and also the security incident, right? I mean, we've talked about it before with maybe the impact associated with the security incident like you said about renewals may take a little bit longer. So we're just baking those items in to make sure that we're just being prudent at this point and based on what we see in the business and from a pipeline perspective, the mix – new business versus upsell all that good stuff. We're just taking that all into account in the guidance here today.
And maybe just pushing a little bit further, I'm just going to sound very cliché. So apologies in advance. But if you can't weigh them 50-50, what keeps you up more at night? Is it potential churn? Or is it difficulty signing new customers for the back half of the year in that conservatism?
I would say, signing new customers.
I would agree with that 100%.
Perfect. Love to see that.
Well, I think the other thing also Madeline, is gross retention has remained very stable for years. And so it has been one of those very stable metrics. And so that's something we don't tend to worry about. That's why we focus and talk to you guys about reigniting growth. We talk about hunter-farmer, we talk about partners. We talk about all these things about new logo acquisition and penetrating the base further because that's our main focus and concern.
Next up, we have Patrick Colville at Scotiabank.
Hi guys. Thank you so much for taking my question. I mean, for me, the story of Okta over the last 12 months has been some incredible kind of product innovation with governance, PAM and the new models you called out on this call, identity security posture management and the identity threat protection. I guess how are they going to flow through the financial model in terms of kind of net retention and qualitatively to cRPO, I mean because these are major launches. So when are we going to be able to see that in numbers?
I think it really depends on the maturity of the product. I think, obviously, governance is a lot further along, right? And we've talked about hundreds of customers. We still have thousands of customers to go clearly based on the math, just total customers minus those hundreds of customers. So that would be the first one that you would start to see in cRPO and also into net retention, but the other ones will trail behind them. I wouldn't expect for these newer things that are coming out like posture management or threat protection, I wouldn't expect it in FY '25 at all. I probably wouldn't even expect it in FY '26 because we're talking about a $2.5 billion business at this point. It takes a lot of money in any of these products to make a material difference to the overall numbers. So we are setting these up for the long-term, not just to harness it for a couple of quarters here or there. So it is really the long-term play that you should expect.
Yes. How we're thinking about this internally is that the — I think it will mirror the order of broad enablement, so we are broadly enabling people in the following order; governance first, followed by a combination of posture management and identity threat protection followed by privilege access. So we think that identity threat protection with Okta AI and identity security posture management, that bundle could pretty quickly have as much of an impact as governance. And then we think the next sequential enablement in the next quarter of impact will probably be privilege access. So that's how we're thinking about it internally. And I think that maps out to what you'll see in terms of the flowing through in the financials over time.
Great. Thank you so much.
Let's go to Joe Gallo at Jefferies.
Hi, guys. Thanks for the question. Nice job in a really tough environment. I wanted to follow up on some of the things you said earlier, Todd. You noted large deal strength. And while large deals are growing, new customer adds over $100,000 were down meaningfully year-over-year. So can you just talk through the gross retention rate of that business? And then is there just anything notable to call out between enterprise spend versus SMB or mid-market spend? Thanks.
So your first question, you said that — is it gross retention or growth retention? What did you say?
So I was — so for large deals, $100,000 and larger year-over-year adds were down year-over-year. So I was just asking on the gross retention.
Gross retention. Yes. I think the — if you look at the logo numbers, there is no — it's the softness is in the adds. It is not in the elevated churn rates. So the net as a result of fewer adds, not a result of higher logo churn. So that is, as Brett mentioned, and that matches up with the dollar gross retention, which has been stable and healthy for many years. I do think that just there's a lot of opportunity in we talk about these $100,000 deals and that number being up 12%. There is a lot of room to expand even in those, especially when you layer on the breadth of the product portfolio now the customer identity add to the workforce suite, the workforce to customer and then even within the workforce suite, you're getting a lot of capabilities to upsell governance, workflows, identity threat protection, identity security posture management, privileged access and it is a lot of potential there. So it's one of the reasons why we've seen success in that part of the business, and we're also focused on it for the future to make sure we capture the opportunity there as well.
Hi, Joe, just to add to that. Another dynamic that has happened now two quarters in a row is the majority — vast majority of the ACV that was added in the quarter actually came from customers that are greater than $100,000 already. So it's not like you'd see an add into that cohort because they're already in the cohort. And so we saw that in Q4, if you remember, I said that last quarter, it happened again. So it is — when Todd is talking about the strength in large businesses, it really is in the cohort that's already in there. You also see the $1 million cohort continue to be the fastest-growing cohort amongst all the cohorts. So it's really that upper end that we tend to be doing well right now. And we believe that's directly related back to what we've been talking about with macro, these bigger businesses have one bigger balance sheet, but also what Todd's talking about, they have more complexity to solve and that's really where we shine from a product set perspective.
Makes a ton of sense and good to hear. Thank you.
Next, we go to Rudy Kessinger at D.A. Davidson.
Hi, great. Thanks for taking my questions guys. I guess kind of trying to triangulate on some of the other questions here. The cRPO growth deceleration, the implied growth deceleration, this high single-digit range in the second half and the caution around the new customers. I guess, when you look at your top of funnel sales activity and pipeline generation, just over the last 90 days versus the prior quarter or maybe before the breach. I know you are saying no quantifiable impact to the Q1 numbers from the breach, but how has that breach impacted, I guess, your top of funnel sales activity and pipeline generation.
Yes. I mean, from a pipeline perspective in Q1, the pipeline we created in the quarter was healthy, and we were happy with it. So that's one of the reasons why we're saying here that we're struggling to find quantifiable evidence that there has been an impact related to the security incident. Now granted there is always the potential that there are deals we're not seeing but we never really see it in the numbers and the way we track things. So we are limited by what we can see.
Next, let's go to Gray Powell at BTIG.
Okay. Great. Thanks for taking the question. So yes, it was good to see the net retention rate stabilize this quarter. I just want to make sure that I'm sort of thinking about the components of your growth profile correctly between the installed base and new customers. So maybe just like what does the recurring revenue look like on the new customers that you've signed up in the last 6 months to 12 months? And how does that compare to the installed base? Like are you signing up — are the new customers that are coming on board, are they bigger customers, same, smaller? And then just how should we think about that going forward?
We haven't seen a significant departure from the past. I mean they might be slightly bigger just because enterprise is doing a little bit better. But I mean, it's — because there's such a deep customer set and such a large amount of ACV, it's hard to sway the metrics with one or two quarters. It's just a lot of large numbers. I don't know, Todd, if you would add anything else to that, but that's how I've been seeing the math, at least from my perspective.
Yes, I think I don't have the quantitative analysis that would answer this question directly. But I can tell you some of my experiences and conversations. I think that we still have an opportunity to do a better job having the first deal have a broader set of our products. Often in the conversations where I was just in a big deal review for a Q2 deal this morning where it was still for budget reasons and other reasons that the land set of products was still pretty traditional, single sign-on, advanced multifactor, a little bit of LCM. And I think one thing we can improve on is making that broader, which would mean that theoretically there would be less upsell potential, but it will also mean that the customer starts with a broader set of our products upfront, and it would be more expensive and more strategic and so it's an area to improve. But that's — those are some thoughts there that might be helpful.
Okay, that’s perfect. Thank you very much.
Next up, John DiFucci at Guggenheim.
Thanks, thanks guys. I would first — I want to thank Brett for asking the cRPO question, so I don't have to ask Brett that question this time. But listen, I think it's — one of you mentioned the SMB portion of your customer base and the risk associated with that portion of the market as it pertains to the macro backdrop. But can you comment on the mid-market, like sort of between the enterprise and the SMB and any changes in demand for that portion of the market and how the identity platform message or the triumph of like access PAM and IGA, is resonating there. I know it's early, but it seems to me that there's just a whole lot of white space to cross-sell into that type of customer.
Yes. I think it's something we're really focused on, and it's kind of back to my previous answer. I think it's the platform, the governance, access and privileged and posture management still early. I think a lot of that segment still thinks about it in the traditional categories and we're trying to solve the access management problem, we are trying to solve the multifactor authentication problem. And the industry is evolving and we are helping push it that way. We can make sure we — everyone knows that they can solve all these problems at once, and there's a better way to do it and simpler and will increase their security posture. The good news is that I think there's a lot of, I think, more than a couple of years ago, there's a lot more awareness of the security challenge and the security risks there, which I think is every breach and every month and every quarter, the entire world gets more aware of it, but particularly in that segment is something I've noticed as well.
Is my assessment of that market accurate, Todd? I view PAM and IGA as traditionally serving large enterprise markets or products. However, it seems to me that, while your primary focus is on the larger end, you also compete in the mid-level and smaller enterprise spaces. It appears they lack those products.
Yes, that's absolutely correct. If you look back 10 years, there wasn't a genuine mid-market access management product available. The only option was Active Directory for those using Windows clients, servers, and printers, which served as the identity management system. Okta changed that landscape by being the first real mid-market identity and access management product. We're now witnessing a similar transformation in other markets like privilege and governance, where companies like SailPoint and CyberArk have predominantly focused on large enterprises. We now offer a strong mid-market solution in that area. Furthermore, like in many markets, the disruptors are moving up. Large enterprises are beginning to adopt this approach. It’s important to remember just how significant it is that a major Department of Defense Agency has standardized on Okta. This illustrates how we have fundamentally transformed the cloud access management space within government sectors that maintain high standards. We're aiming for similar achievements in enterprise governance, as well as in mid-market governance, privilege management, and customer identity, which is quite exciting progress.
Thanks, everybody for staying late. Before you go, I just want to let you know that in addition to hosting several on-site and virtual bus tours this quarter. We'll be attending the NASDAQ Investor Conference in London on June 11, and we hope to see you at one of those events. Thanks, everyone.