Okta Conference: Identity Market Converges as Okta Pushes Governance, PAM, and AI Agent Security
In a recent conference, Okta executives outlined the company’s strategic positioning within the evolving identity market. They highlighted a notable convergence across identity categories, rising interest in cloud-delivered governance and privileged access management (PAM), along with an increasing urgency among customers to secure “agents” in enterprise AI deployments.
Executive Insights
During a fireside chat, corporate development leader Monty Gray discussed key contract metrics and go-to-market strategies, emphasizing the company’s sales structure and product cross-selling strategies. Gray characterized Okta as the “largest independent neutral identity vendor,” positioning the company’s offerings as essential for organizations aiming to safely adopt any technology while prioritizing security.
He noted the evolution of the identity market, transitioning from an initial focus on user provisioning for applications like Workday and Salesforce to a heightened emphasis on security through governance and privileged access controls. Gray articulated that historically distinct categories such as identity governance (IGA) and PAM are now converging, largely propelled by cloud adoption and customer preferences for streamlined systems.
Product Momentum
Okta has experienced significant growth in its governance offerings, which have been pivotal in new product growth and cross-selling within its existing customer base of approximately 20,000 customers. Gray described governance as a natural extension of identity access management, facilitating cross-selling opportunities for existing sales personnel.
In contrast, PAM is still maturing due to deployment complexities and the variety of resource types involved, such as Kubernetes clusters and databases. Gray highlighted that Okta employs specialists for PAM sales in more intricate environments.
Deployment Dynamics
Gray emphasized that Okta’s cloud-delivered model reduces bottlenecks typically associated with technology installations, noting that customer change management and policy readiness are often the main hurdles to deployment. Customers are now experiencing a “time to value” in weeks or months, unlike the quarters or years associated with traditional on-prem deployments.
Investment and Growth Strategy
Following the announcement of a newly authorized $1 billion share repurchase program, Gray reiterated Okta’s commitment to investing in growth and evaluating potential tuck-in acquisitions to enhance its roadmap coverage. Key areas for expansion include:
- User coverage (including contingent labor and deskless workers)
- Resource coverage (from SaaS apps to cloud infrastructure)
- Use-case coverage (access, MFA, lifecycle management, governance, and PAM)
Gray cited the acquisition of Axiom as a strategic move to enhance database resource coverage and improve functionality for privileged access use cases. He indicated that Okta is currently integrating technology from Axiom, with new offerings expected in early H1.
Neutrality and Identity Layer
Gray emphasized the importance of neutrality in identity management, arguing that enterprises require identity solutions that operate independently of application silos and cloud platforms. He illustrated this with Okta’s largest integration, Office 365, highlighting that organizations adopting major productivity suites still rely on Okta for comprehensive identity management.
AI Agent Security
Discussing the rise of agentic AI, Gray noted that these agents may function within applications, orchestrate across tech stacks, or operate independently, thus necessitating a neutral identity layer. He pointed out that customer awareness of these challenges is high, particularly among Chief Information Security Officers (CISOs), who are increasingly concerned about secure agent adoption.
As an example, Gray shared insights from a financial services firm exploring customer-facing agents that require access to sensitive data while ensuring compliance. He asserted that Okta’s identity controls are crucial for maintaining security in regulated environments.
Market Positioning and AI Standards
Gray highlighted Okta’s participation in discussions surrounding new AI-related standards, such as the Model Context Protocol (MCP), to support identity aspects. Okta is monetizing its AI agent products through two primary channels: a “build” side for developers and a “manage” side for enterprise agents. The company now offers Auth0 for AI to facilitate agent development, while “Okta for AI Agents” focuses on managing those agents within enterprises.
Financial and Operational Metrics
On financial metrics, David discussed Okta’s revenue and remaining performance obligations (RPO), emphasizing that 98% of revenue is recurring. He suggested that RPO and current RPO (cRPO) serve as better indicators of future subscription revenue than traditional revenue metrics.
David attributed growth divergences between RPO and cRPO to an increase in average contract duration as Okta shifts towards more enterprise-focused clients. He noted that longer contracts allow for greater opportunities to introduce new products and expand usage.
Regarding net retention, David confirmed that gross retention has remained stable, with some customers adopting a more conservative approach towards seat and monthly active user expansions. However, Okta has been successful in upselling and cross-selling newer products, including governance, PAM, and AI solutions.
Conclusion
Okta, Inc. continues to solidify its position as a prominent provider of identity and access management solutions, leveraging a cloud-native approach to enable organizations to manage user access seamlessly across applications and infrastructure. With a focus on governance, PAM, and AI agent security, Okta is strategically poised to navigate the convergence within the identity market while addressing the evolving needs of its customers.
