SailPoint, Inc. Q1 FY2026 Earnings Call
SailPoint, Inc. (SAIL)
Call artefacts
Call audio is not captured yet.
A slide deck is not captured yet.
Transcript
Auto-generated speakersWelcome to SailPoint's First Quarter 2026 Earnings Conference Call. Please be advised today's conference is being recorded. I would now like to hand the conference over to your speaker today, Scott Schmitz. Please go ahead. Good morning, and thank you for joining us today to discuss SailPoint's Fiscal First Quarter 2026 financial results. Joining me today are SailPoint's Founder and CEO, Mark McClain; and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matt Mills. Please note that today's call will include forward-looking statements, and because these statements are based on the company's current intent, expectations, and projections, they are not guarantees of future performance, and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which exclude certain items that do not reflect our underlying business performance. Please reference this morning's press release in the Investors section of sailpoint.com for further information regarding forward-looking statements and reconciliations of GAAP to non-GAAP financial measures. And with that, I'd like to turn the call over to Mark.
Thank you, Scott. Good morning, everyone, and thank you for joining us today. We're thrilled to share our fiscal Q1 2026 results. We closed the quarter with $925 million in annual recurring revenue, or ARR, a 30% year-over-year increase, with SaaS ARR growing 39% year-over-year. Our ARR growth reflects continued high demand as we believe identity security continues to be a top cybersecurity investment priority for enterprise leaders. We also saw a 62% year-over-year increase in customers with ARR greater than $1 million. This highlights our continued ability to support the significant scale and complexity prevalent among enterprises today. Today's digital enterprises demand a trusted partner who can secure the full spectrum of identities from the human workforce, which includes employees, contractors, and third-party suppliers, to the digital workforce, which spans machines and autonomous AI agents across a hybrid environment. Organizations with this level of scale and complexity need identity controls that are both broad and deep. This is where SailPoint stands apart, and the market is taking notice. Our expertise in enterprise-class governance continues to drive share gains over both legacy and niche players, as evidenced by Gartner's latest IGA market sizing report, placing us at nearly 21% market share, which represents about 5 times the gain of our nearest direct competitor. We believe this leadership reflects our commitment to meet the evolving identity security needs of our customers, as well as their belief that SailPoint is more than just an IGA vendor. Our innovation strategy is central to our long-term durable growth and our differentiation in the market. Let me highlight the key tenets behind that strategy. First, our foundational principle is simple: least privilege for all enterprise identities. Every identity, human or digital, carries some level of privilege. What matters is context, the role it plays, where it operates, and what it needs access to. A contractor with temporary access to intellectual property, a payroll bot executing critical transactions, or a remote agent handling regulated data, all are privileged, but each in a different way. Legacy PAM tools were built for a narrow world - admin accounts on static infrastructure. SailPoint breaks that mold, delivering fine-grained contextual governance for all identities, systems, and access levels at enterprise scale. Our policy-driven model defines who or what gives access to information and what actions they can take, a modern unified approach that we believe is fundamentally different from how others manage identities today. Second, we're leading in the governance of emerging identity types, particularly machine identities and AI agents. Machine identities have proliferated, with some hidden deep within directories like Active Directory and Entra, making them difficult to track or secure. SailPoint machine identity security delivers deep visibility, control, and entitlement level governance for these often overlooked assets such as service accounts, software bots, and intelligent devices. When it comes to machines, other vendors primarily manage keys and certificates, not the actual access rights. Our approach goes far deeper, providing the full identity governance life cycle for the actual machines to which those keys and certificates belong. AI agents represent the next frontier. These autonomous systems are now underwriting loans, onboarding customers, and executing critical operations across both cloud-native apps and legacy systems. They make decisions independently, often operating with a level of self-governance that redefines what it means to be an identity. With our new offering, Agent Identity Security, planned for release this fall, we believe SailPoint is uniquely positioned to govern this new class of digital identities alongside all human and machine identities across the full spectrum of access from the cloud to the mainframe. Third, we're embracing AI not just as a disruptor, but as a catalyst for cyber resilience. Just last quarter, we introduced Harbor Pilot, our AI-powered assistant, and it is already gaining strong traction. Harbor Pilot embeds AI into the fabric of identity programs, servicing recommendations, guiding configurations, and driving faster, smarter decisions. Users can issue prompts such as, 'Share all roles with no entitlements' or 'Make me a workflow that creates a certification when a user's department changes' to surface actionable insights in real time. It's also fueling a new wave of low-code, no-code workflow automation enabling intuitive intelligent management of identity processes. These innovations make our platform even more powerful and easier to use, helping security teams achieve more with less. In many ways, Harbor Pilot functions like a digital employee with deep expertise in both SailPoint and identity security. Fourth, threat prevention must evolve. And with Atlas, we are transforming how it's done. Atlas is our unified intelligence platform built on a consolidated data model and shared services architecture designed to deliver deep identity context at scale. As the authoritative source of identity entitlements for many of the world's most complex organizations, we enable advanced entitlement level risk modeling that surfaces granular signals in real time. This allows for proactive detection and response, identifying threats before they can be exploited. By continuously mapping identities, entitlements, behaviors, and risks, Atlas becomes the intelligent foundation of modern identity security, powering decisions with context, and fortifying the entire enterprise security stack. Innovation alone isn't enough. We know identity security must operate in lockstep with the broader ecosystem. That's why we're forging deep partnerships with cloud providers, systems integrators, and technology leaders as we work together with forward-thinking customers to ensure our Atlas platform integrates seamlessly into all customer environments. Our shared data model and flexible architecture enable partners to build on SailPoint, enhancing coverage and accelerating outcomes across a wide range of identity security needs. We're continuously focused on expanding connectivity across the portfolio, making it easier for customers to govern access to more business-critical applications. This ecosystem strategy is helping us scale across the market. For large enterprises, our expanded strategic alliance with Deloitte is a prime example. Together, we're enabling organizations to navigate the rise of AI agents, harnessing them as a force for efficiency while helping improve governance and security. At the same time, we're extending our reach into the mid-market through our managed service provider, or MSP program, which gives midsized enterprises access to SailPoint's industry-leading solution through trusted partners. Across the board, our ecosystem is a growth engine, bringing SailPoint to more customers with more efficiency and greater impact. Our ecosystem is a force multiplier, and our consistent NRR is the proof. Half of our new bookings this quarter came from existing customers, a strong indicator of the trust and value we continue to deliver. And these customers aren't just renewing, they're expanding. For us, it's not just about the number of individual solutions the customer buys. It's about the outcomes we deliver, the breadth and depth of identity coverage we provide, and the unique high-stakes problems we help solve. That value is reflected in the numbers. Our average ARR per customer is nearly 3 times higher than that of other identity security vendors, a clear signal of the comprehensive enterprise-wide role SailPoint plays across our customers' environments. As an example, a leading mortgage lender significantly deepened their investment with us as part of their broader digital transformation and modernization efforts. They upgraded to our Identity Security Cloud Business Plus suite, adding Machine Identity Security and data access security, plus training and services support. Their decision was driven by the proven ROI they had already seen and the value of our unified solution based on the scalable, integrated architecture in the Atlas platform. Today, we continue to see strong customer adoption across our platform. Our workflow usage hit an all-time high during fiscal Q1 2026, with a record number of identity workflows being built. They are evidence that our customers are scaling their use of SailPoint to govern more applications, new use cases, and diverse identity types. This includes machine identities, where we've seen robust demand and a strong and growing pipeline since the initial launch of SailPoint Machine Identity Security last fall. This quarter, interest in Machine Identity Security continued to grow among both existing and new customers. A Fortune 500 manufacturer expanded their SailPoint investment to better manage service accounts with greater precision. Meanwhile, a Fortune 25 retailer became a new SailPoint customer, adopting our most comprehensive Identity Security Cloud Business Plus suite, along with Machine Identity Security, non-employee risk management, a suite of connectors, and advisory and success services. They went all in on SailPoint, confident in our proven ability to deliver identity security at the scale and sophistication required to support their massive identity landscape. As we look ahead, we remain confident in the depth of our pipeline, the velocity of our sales motion, and the resilience of identity and cybersecurity budgets. As identity-centric threats continue to be a top challenge for global enterprises today, we believe it's clear that identity has become the hub of modern security strategy, serving as the common link across all aspects of enterprise security, from networks and cloud infrastructure to endpoints, data, and applications. And while some competitors tout momentum with the collection of products, we are not seeing that approach resonate in our core enterprise market. Our win rate remains strong among large complex organizations that demand the depth, breadth, and sophistication that we believe only SailPoint can deliver. This represents clear validation that our focused platform-driven strategy is winning where it matters most. In closing, I'm grateful to everyone at SailPoint and our partners for ensuring we continue to stay in front. We're executing with focus, innovating with purpose, and delivering real value where it matters most. As the industry increasingly recognizes identity security as the backbone of enterprise resilience, SailPoint will continue to be the identity security innovator and trusted partner leading the way. And now let me hand it off to Brian, who will share more details on our financial results for the quarter.
Thank you, Mark, and good morning, everyone. Thank you for joining us today. Our fiscal year 2026 is off to a strong start with ARR, revenue, and adjusted operating margin each exceeding the high end of our first quarter guidance as we continue to deliver durable growth at scale. We ended fiscal Q1 '26 with ARR of $925 million, an increase of 30% year-over-year, with SaaS ARR of $574 million, growing 39% year-over-year. Currency had less than a 1 point benefit to our total ARR growth. Our strong results showcase our leadership position, strong competitive advantage, and durable growth profile. Importantly, we have not seen a fundamental change in demand due to the macro environment. Today, more than ever, enterprises are focused on what they believe to be most critical, and we continue to see evidence that identity security is business-essential and often at the top of the spending priority list. As such, we plan to continue to execute on the large opportunity in front of us, delivering value to our customers. More specifically, our pipelines remain robust with deal velocity and close rates consistent with prior quarters. Our customer retention rates continue to be very strong, and our growth drivers are consistent, with approximately half of our Q1 ARR growth coming from new customers and half from existing customer expansion. We continue to see significant growth potential through a universe of new customers that are primed for a more modern solution. In fact, many of our new customer wins are displacements of other solutions that cannot keep up with the scale and complexity of enterprise environments. We also see a large opportunity to expand within our installed base. Our NRR of 115% remained steady this quarter with many drivers, including suite upgrades, migrations, upsell, and cross-sell initiatives. We were encouraged by the growing ARR contribution from our non-employee risk management, machine identity security, and data access security modules, which more than doubled from the same period a year ago. Let me now cover our strong Q1 results. In Q1 '26, we delivered total revenue of $230 million, up 23% year-over-year, with subscription revenue of $215 million, up 27% year-over-year. Adjusted gross profit margin was 76.3%, and adjusted operating margin remained healthy and well ahead of our expectations at 10.2%. Our adjusted operating margin upside versus guidance was the result of a higher term revenue mix, cost discipline, and the timing of investments. Moving to the balance sheet, we ended the quarter with $228 million of cash and equivalents and no debt after paying off our outstanding balance in March. Cash used in operating activities was $97 million and includes $37 million of cash paid for interest expense and $88 million of cash paid for items that ended with our IPO, such as equity award payouts and monitoring fees. Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges. Full details can be found in this morning's press release and supplemental earnings deck. For the fiscal second quarter of 2026, we expect ARR to be $965 million, up approximately 26% year-over-year, compared to current consensus of 23.5% growth. For our fiscal year 2026, we are increasing our ARR outlook by $20 million to $1.1 billion, up 25.5% year-over-year compared to our prior guidance of 23.2% growth. The increase in our ARR guidance primarily reflects organic growth of the business and assumes no material change in FX rates. For revenue, we expect fiscal second quarter 2026 to be $243 million, an increase of 22% year-over-year, with an adjusted operating margin of 12.1%. We expect our diluted share count to be approximately 557 million shares and adjusted EPS to be $0.045. For fiscal year 2026, we expect revenue to be approximately $1.039 billion, an increase of 21% year-over-year with an adjusted operating margin of 15.7%. We expect our diluted share count to be approximately 565 million shares and adjusted EPS to be $0.18. Please note, we included additional modeling notes in our supplemental earnings deck. In summary, we believe we are well positioned to win the next generation of identity security because of the depth and breadth of our platform, our enterprise scale and our willingness to listen and respond to market needs. We continue to see several durable growth drivers that position us for sustained long-term growth, and we are relentlessly focused on executing on that opportunity. With that, let's invite Matt Mills, our President, to join us and open the call for questions.
Our first question comes from Joel Fishbein with Truist.
Thank you for taking my question and congratulations on your excellent execution. I have many questions, but the first one is for you, Matt. It seems that machine identity is starting to show some positive changes. I know you have deployed new products, including Agent Identity Security coming out this fall. Can you share your thoughts on the pricing in that market and the competitive dynamics you are observing?
Thanks for the question, Joel. When we examine the market along with our customers and prospects, machine identity is a top priority for them. It's crucial. Many of our customers have been addressing issues related to service accounts and bots for some time. Recently, in the last year, it has gained significance as a threat vector, making it a major concern for our customers and prospects. Regarding pricing, I've monitored various inputs from sources like yours. I see it as a moving target, largely value-based, which makes it challenging to pinpoint a specific price. However, we recognize it as a significant opportunity for us.
The only thing I'd add, Joe, on the competitive side, is the clarity we're trying to help establish in the market and where we're focused on the machine identity problem versus, say, others around us. I think we continue to see a lot of the focus from others is on what we would call the authentication of those machines, the server certificates, the identity of the machine. We're focused, as we have been for human identities, on the authorization capabilities, what can those accounts or systems do, bots, RPAs, etc. So again, we find that it may be tenable that we may coexist with other machine identity security solutions where just like, say, we coexist with an SSO vendor because they're solving a different part of the identity problem. I think where we're focused in machine identity is differentiated, and we're hearing that back from the customers we're engaging with.
Our next question comes from Matt Hedberg with RBC.
I'll offer my congrats as well, really strong results. One area I wanted to ask about, it sounds like you guys didn't call out any macro pressure, but I know you have some U.S. Fed exposure, and other cyber vendors have been calling out maybe some pressure there. Just curious on what you're seeing in that particular vertical.
Yes, Matt, this is Matt. So far, it has been business as usual for us. We haven't observed any significant results or material impacts from the macro environment. We remain vigilant and attentive, but our business continues to be strong. Up to this point, we have not identified any challenges stemming from macro factors.
Our next question comes from Rob Owens with Piper Sandler.
I wanted to discuss the strength of our annual recurring revenue, which accelerated this quarter when we examine the growth rate. As for the new customers, which you mentioned make up half of this growth, can you provide insight into the status of those discussions? Is there a sense of urgency, particularly in this unpredictable environment? Additionally, regarding our existing customers, it seems there was an improvement in net revenue retention quarter-over-quarter. Is this improvement due to an increase in identities, the addition of modules, or upgrades to higher tiers?
Rob, it's Brian here. I hope you're well. So with respect to the new customer acquisition, I think that what we're seeing is just great success from this being a very resilient market for us. These are business essential programs. Companies are not looking to cut back on identity security. They often rise to the top of the stack for CIOs and CISOs. And really, we're seeing pipeline from failed deployments of other competitive solutions that we're able to go back in and save and restart them for them. So we're pleased with our new customer acquisition. We continue to make great progress there. With respect to existing customers, we're continuing to see, again, about half of this comes from new logos, but half from expansion opportunities within our installed base. And there's been this nice kind of even disposition of several growth vectors. This includes migrations of on-prem customers into net new SaaS solutions, where we typically see a 2 to 3 times uplift on their ARR spend. We do see quantity upsell, so more identities being sold. I called out there's other cross-sell initiatives. So some of those new products, like non-employee risk management, machine identity security, data access security, that's all contributing to low single digits of our expansion, then also our SaaS suite upgrades. So again, we're really pleased to see that nice cross-sell and upsell disposition.
Our next question comes from Peter Levine with Evercore.
Maybe one, Mark, you talked about the success we're seeing in AI, kind of a bit of an inflection point, but maybe share with us why is IGA better positioned to kind of capitalize on the rise of AI over some of the PAM vendors or even the identity access management providers? Just curious to know why you think governance is better positioned. And then maybe, Brian, I know you said not much of a macro, but perhaps did you bake in anything into the full year guide? You raised the guide. But just curious, were there any guardrails that you kind of factored in into the full year guide just to assume maybe things get worse, but just curious to know what your philosophy was that.
Thanks, Peter. Yes, on the first one there on AI. I think sometimes it helps to go back to the basics. When we first came to market, the first time in '17, we were trying to help make sure we positioned where we thought what was not even called IGA at that time was. And then we said, look, at the end of the day, we answered three simple questions for humans, and that was who has access to what, how does that compare to who should have access, kind of policy versus actual. And then what are they doing with it? And the truth is, I think those are the same three core questions that are going to get asked about Agentic AI, right? It's like what is this agent, what does it have access to? And is it performing according to my expectations? An authorization tool like ours, a governance tool is well designed and suited for that question. Access and authentication tools are not, right? We often go back to a very simple metaphor, what we experience every time we're up here in New York for investor meetings of the security guard at the front door knows that you've gotten into the building, that's access, that's letting you into the application of the building; they really lose track of where you go once you leave that front desk. And that's sort of the SSO problem. They aren't designed to understand all the entitlements capabilities that an identity has inside those complex applications. And that's going to be true for agents. What does the agent have access to, what is it allowed to do, what data can it see, can it change data? Those are hard questions to answer without a governance framework, and that's really where we're coming from. So we think the access and privilege vendors that don't have that heritage are just going to be very challenged in trying to answer those difficult questions. Now I'll turn it over to Brian for the other part.
Yes. Thank you. So we're not expecting currently any major change in the macro environment. So we're not building in any sort of headwind. But having said that, we are mindful of it. And we're doing a great deal of deal scrutiny with rigorous pipeline management, but we continue to see good demand for the identity security space. So we're aware of it; we're not immune to it. We're watching deal timing, in particular because a lot of times, these are programs that may change from one quarter to the next. But again, the underlying fundamental demand is still there and is strong.
Our next question comes from Gray Powell with BTIG.
Yes, I just would love to hear what you're seeing in terms of customer willingness to migrate from legacy IGA solutions like Oracle and IBM. And then does macro uncertainty impact any of those projects? Or is it really just more a function of like pending end of life and customers need to modernize?
Yes. Thanks, Gray. This is Matt. Look, I think what we're seeing now is actually a little bit of an acceleration there. I think the security landscape today is such that it's really bringing out the flows, if you will, on these legacy systems. And in many cases, as you probably know, they're heavily customized and it becomes a handful just to keep up with in and of itself, not to mention the accelerating threat landscape. So I would tell you, we continue to see really good opportunities, and we continue to win at a high rate.
And Gray, just one point to add. You may have seen the recent Gartner report. And in terms of our overall market share gains that we made in recent history, we're more than 5 times or about 5 times our nearest competitor. So we feel like we're displacing legacy competition and also winning against some new competitors.
Our next question comes from Shaul Eyal with TD Cowen.
Congrats, gents, on strong results and guidance. Question to Mark or Matt. Given that Accenture is one of your leading partners, what are you hearing internally as it relates to their overall activities with SailPoint? Will they be one of your prime go-to-market partners as we think about further Gen AI adoption?
Thank you, Shaul. This is Matt. Look, we're very fortunate; we have a strong ecosystem of partners, of which Accenture is a big part of. They continue to be one of our largest partners, and I don't see anything that would cause that to change. So we continue to work with them. We invest in them. They're one of our large MSP partners, right? And so I would tell you, from an expectation perspective, we continue to invest with them and do good things for our customers and prospects.
I think just to add, Shaul, we made a little note of what we're doing with Deloitte on the call today around agents, but with all of our leading partners, PwC, Accenture, and many others, Optiv, strong partnerships we are expecting to move in the direction of supporting customers' needs around agentic with all of those leading partners, just pleased to be able to reference multiple good things there. But yes, Accenture continues to be one of our top partners around the globe, and we can expect that to just continue to expand as we go.
Our next question comes from Joseph Gallo with Jefferies.
Brian, it was great to see some of the margin strength even with most of the upside coming from SaaS. Can you just update us on where you are on sales capacity, where you're investing? And then where some of this leverage is actually coming from?
Sure. So we were pleased with our margin performance this year exceeding the Q1 guidance that we put out there. Some of that was driven by timing of investments, too, which we'll catch up on some of that as the year goes along. I'd say we're in a good spot with capacity adds, more to come on that. We're investing in things like customer success early on in the year, just to make sure we're still driving a strong gross retention rate and net revenue retention rate. So we feel like this is going to be a balanced strategy. We're really pleased with the 30% ARR growth. We want to make sure we're continuing to invest in that while still contributing and delivering some level of margin expansion, which gave us confidence to increase it for the year.
Our next question comes from Brian Essex with JPMorgan.
Congrats on some solid results. Maybe, Mark, for you, in your prepared remarks, you called out a retailer that went 'all in on SailPoint.' Could you provide a little detail there? What was the catalyst to move? What did you displace? Maybe how long was that sales cycle? And how indicative is that deal with regard to what you typically see with new customer lands?
I'll hand it over to Matt for more details. I want to emphasize that securing a large-scale win like that is not unusual for us. We highlighted this particular case, and typically, in large organizations, there's some existing deployment, usually from a legacy vendor that we are replacing. However, it's often the case that these tools are minimally deployed. Therefore, within the first 6 to 9 months of our deployment, we often surpass any previous level of usage they had. This is due to their frustration with legacy tools that fail to cover their entire needs, leading them to seek more comprehensive security solutions. It’s a positive development because they are aligning with the main aspects of what we offer.
Yes. Thanks. I'll just add, Brian. Look, I think when you look at these large opportunities, they start with a fair amount of relationship and education that happens before you actually start prosecuting an opportunity. And I think that was the case here. We built a very strong relationship with this company, and as Mark said, they're running a legacy solution, and they feel the pain of the legacy solution in terms of what it can do and the problems it's causing for them. And so once we started the opportunity, I think it went in fairly short order, but a great win for our team. And then it kind of validates the whole idea that we continue to win at a very high rate in replacing these legacy solutions.
Our next question comes from Gabriela Borges with Goldman Sachs.
For Mark and for Matt, we've talked on IGA for some time now about how one of the limiting factors for adoption is how long or how annoying it can be to switch from one vendor to another. So my question for you is, what are you doing with AI internally to perhaps speed up some of that implementation? And how do you think about, on the flip side, the risk that this lowers the barriers to entry for some new enabled IGA vendor to come down the pipeline and potentially disrupt you?
Thanks, Gabriela. I'll start and see if Matt has some thoughts to add. I think a couple of points. First, in mid- to large enterprises with complex IT environments, we have two decades of experience building deep connections. We may need to clarify our terminology because a connector doesn't mean the same thing everywhere. For an access tool, connecting an application might just mean logging in, but for us, it involves deep governance around entitlements and access to data within those applications. Our extensive connections with commercial apps that enterprises value, as well as bespoke applications, instill confidence. A significant focus is to leverage AI to speed up the integration of new bespoke applications that we haven't yet connected to in typical enterprise environments and to simplify this process for nontechnical users. Often, implementation slowdowns occur due to the technical complexities involved in connecting to business applications. We aim to use AI to expedite this process, leveraging our knowledge from the many connections we've created to make it easier. Regarding other vendors, we are aware of earlier-stage companies in identity making claims about connectivity. Those making claims of rapid connectivity expansion often rely on shallow connectors that facilitate basic connections but lack entitlement-level governance. We ensure customers understand our actual capabilities compared to the claims of newer vendors. Ultimately, as Matt would point out, in large, complex environments, our success rate remains very high once customers clearly understand the differences in what we offer.
Our next question comes from Tal Liani with Bank of America.
ARR was very strong this quarter, $27 million above expectations. For the next quarter, you're also guiding up $20 million above. But when I look at the full year, I have to reduce my estimates for net new ARR in order to hit because the increase in the full year is lower than what we're seeing this quarter and next quarter. So is there anything that is happening with timing of orders that is pulling things forward? Or is it just kind of the way the numbers are and we shouldn't pay attention to it.
Tal, it's Brian here. There wasn't anything distinctive about the acceleration of any deals or revenue. I encourage you to focus on our annual recurring revenue for our FY '26 guidance, which we're actually increasing by more than 200 basis points. Additionally, our Q2 guidance is 200 basis points higher than the current consensus. It's important to remember that the 3% beat from Q1, or the $27 million, reflects an annual metric compared to what other companies report in quarterly revenue. Regarding the quarterly revenue and operating income beats, we accounted for all of that and increased our Q2 guidance too. This aligns with our philosophy. We're confident about it, and it's a strong starting point for Q2.
Our next question comes from Keith Weiss with Morgan Stanley.
Congratulations on a great start to the fiscal year. A lot of big numbers in this Q1 print. I guess one that we haven't really dug into yet was the large customer numbers, really good growth on both the $250,000 customers and the $1 million-plus customers. So two questions within that. Like one, anything in particular driving that? Or is it just the summation of the expanding solution portfolio traction in identity management market? And then maybe somewhat related, any change in sales strategy or go-to-market strategy as we enter into the new fiscal year? Anything that is worth noting in terms of how you guys are approaching that market opportunity from a go-to-market perspective?
I'll start just with respect to the increasing deal size. I mean we're really pleased with it. I mean, greater than $250,000 ARR customer count that's up about 28% year-over-year. The greater than $1 million, as we mentioned, is up 62% year-over-year. We're also not just the number of customers that we're landing; it's just a more sizable number. Our average ARR per customer is now above $300,000. It's really driven by expansion opportunities across the board in terms of just overall identity growth, suite upgrades, upsell, and cross-sell of new modules. And then I'll defer to Matt just on some additional color.
Yes. Thanks, Keith. Look, there's been really no big change relative to our go-to-market strategy, our selling strategy. As you know, we're fairly pragmatic in terms of who we market to; we work off a target account list. And so none of that has changed, and we'll continue to execute that for the remainder of the year.
Our next question comes from Michael Romanelli with Mizuho.
This is Mike on behalf of Gregg Moskowitz. Congratulations on the strong results. I was wondering if Harbor Pilot is included in any of your suites and if there will be an additional charge for this technology. Additionally, regarding the migration impact on the net retention rate, was that around 3 to 4 points again this quarter?
I got the first part, Mike, on the Harbor Pilot.
Yes. Just real quick on the migrations. It did contribute low single digits in terms of the NRR contribution.
Yes, regarding the net retention rate, the contributions from migration were approximately a quarter of the overall 15%. As for Harbor Pilot, it is currently part of our platform. We have included the first two AI offerings from Harbor Pilot in our offering at this time. As we add new features, we will consider whether to price them separately based on their value. For now, we are eager for customers to adopt some of the AI capabilities to enhance their efficiency and effectiveness in implementing and deploying our solutions. The initial capabilities of Harbor Pilot are aimed at helping customers quickly obtain the answers they need to resolve their issues. We will continue to monitor this development, but for now, it's integrated into our platform's cost.
Our next question comes from Andrew Nowinski with Wells Fargo.
Okay, I'm just wondering what drove the 18% growth in your non-SaaS ARR in Q1? And I know you're assuming 90% of net new comes from SaaS going forward, but that still implies growth in your non-SaaS ARR. So just wondering if you could give any more color on what's driving that?
Andy, it's Brian. So we actually saw a fairly strong term business for Q1, both on renewals and also a couple of new sizable customers chose to go with an on-prem solution just given their environment. So moving forward, we still are targeting that 90-10 mix, meaning 90% SaaS and 10% term. So we do believe that SaaS is going to continue to be the first and foremost sales play for us, but we did see some nice uptick in some term business for the quarter.
Our next question comes from Saket Kalia with Barclays.
I wanted to highlight the strong pace of ARR. Brian, could you discuss the net new ARR for this year and how it compares to previous years? Additionally, could you provide more detail on the components of the 115% NRR, particularly whether migrations played a larger role than anticipated?
So I wouldn't think there's anything materially different about our ARR and our new customer acquisition. We're actually really pleased with the consistency of it, to be honest with you, and the nice disposition between new and existing customers. And as I mentioned, what's great about the expansion with the existing installed base is the almost even distribution among things like migrations and quantity upsell, and then the cross-sell initiatives that I called out in terms of non-employee risk management, machine identity security, data access security, that bucket alone was more than double it was a year ago. And then we're also experiencing our SaaS suite upgrades as well. So again, just think about this as half and half, and we're really pleased with that disposition.
And then anything just on the shape of net new ARR for the year. I know that last year, I think Q2 was particularly healthy. I can't remember if it was Fed or another vertical, but anything you want to say just in the shape of the year?
We had a fairly strong Q2 last year. We typically are kind of a second half company when it comes to net new ARR growth. So I'd continue to think of it that way, but nothing super unusual year-over-year.
And I'm not showing any further questions at this time. I'd like to turn the call back over to Mark for any closing remarks.
Thank you. I appreciate everyone's questions today, and for all the great notes that have been written up over the course of our first few months here being public. So we look forward to continuing the dialogue, and thanks for everyone's interest on the call today. We'll talk to you soon. Thanks. Have a great day.
Thank you. Ladies and gentlemen, this does conclude today's presentation. We thank you for your participation. You may now disconnect, and have a wonderful day.