false00016601342021FYP1Yus-gaap:OtherLiabilitiesCurrentus-gaap:OtherLiabilitiesCurrent0.02067950.00529910.004191200016601342020-02-012021-01-31iso4217:USD00016601342020-07-31xbrli:shares0001660134us-gaap:CommonClassAMember2021-02-280001660134us-gaap:CommonClassBMember2021-02-2800016601342021-01-3100016601342020-01-31iso4217:USDxbrli:shares0001660134us-gaap:CommonClassAMember2021-01-310001660134us-gaap:CommonClassAMember2020-01-310001660134us-gaap:CommonClassBMember2021-01-310001660134us-gaap:CommonClassBMember2020-01-310001660134us-gaap:SubscriptionAndCirculationMember2020-02-012021-01-310001660134us-gaap:SubscriptionAndCirculationMember2019-02-012020-01-310001660134us-gaap:SubscriptionAndCirculationMember2018-02-012019-01-310001660134us-gaap:TechnologyServiceMember2020-02-012021-01-310001660134us-gaap:TechnologyServiceMember2019-02-012020-01-310001660134us-gaap:TechnologyServiceMember2018-02-012019-01-3100016601342019-02-012020-01-3100016601342018-02-012019-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2018-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2018-01-310001660134us-gaap:AdditionalPaidInCapitalMember2018-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2018-01-310001660134us-gaap:RetainedEarningsMember2018-01-3100016601342018-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2018-02-012019-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2018-02-012019-01-310001660134us-gaap:AdditionalPaidInCapitalMember2018-02-012019-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2018-02-012019-01-310001660134us-gaap:RetainedEarningsMember2018-02-012019-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2019-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2019-01-310001660134us-gaap:AdditionalPaidInCapitalMember2019-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-01-310001660134us-gaap:RetainedEarningsMember2019-01-3100016601342019-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2019-02-012020-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2019-02-012020-01-310001660134us-gaap:AdditionalPaidInCapitalMember2019-02-012020-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2019-02-012020-01-310001660134us-gaap:RetainedEarningsMember2019-02-012020-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2020-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2020-01-310001660134us-gaap:AdditionalPaidInCapitalMember2020-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-01-310001660134us-gaap:RetainedEarningsMember2020-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2020-02-012021-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2020-02-012021-01-310001660134us-gaap:AdditionalPaidInCapitalMember2020-02-012021-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2020-02-012021-01-310001660134us-gaap:RetainedEarningsMember2020-02-012021-01-310001660134us-gaap:CommonClassAMemberus-gaap:CommonStockMember2021-01-310001660134us-gaap:CommonClassBMemberus-gaap:CommonStockMember2021-01-310001660134us-gaap:AdditionalPaidInCapitalMember2021-01-310001660134us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-01-310001660134us-gaap:RetainedEarningsMember2021-01-310001660134srt:MinimumMember2020-02-012021-01-310001660134srt:MaximumMember2020-02-012021-01-310001660134us-gaap:ComputerSoftwareIntangibleAssetMember2020-02-012021-01-310001660134us-gaap:ComputerEquipmentMember2020-02-012021-01-310001660134us-gaap:FurnitureAndFixturesMember2020-02-012021-01-310001660134country:US2020-02-012021-01-310001660134country:US2019-02-012020-01-310001660134country:US2018-02-012019-01-310001660134us-gaap:NonUsMember2020-02-012021-01-310001660134us-gaap:NonUsMember2019-02-012020-01-310001660134us-gaap:NonUsMember2018-02-012019-01-310001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMember2019-02-012020-01-310001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMemberus-gaap:DevelopedTechnologyRightsMember2020-01-310001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMemberus-gaap:DevelopedTechnologyRightsMember2019-02-012020-01-310001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMember2020-01-310001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMember2019-02-012019-04-300001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMember2021-01-310001660134us-gaap:SeriesOfIndividuallyImmaterialBusinessAcquisitionsMember2020-02-012021-01-310001660134us-gaap:MoneyMarketFundsMemberus-gaap:CashAndCashEquivalentsMember2021-01-310001660134us-gaap:CashAndCashEquivalentsMember2021-01-310001660134us-gaap:USTreasurySecuritiesMemberus-gaap:ShortTermInvestmentsMember2021-01-310001660134us-gaap:CorporateDebtSecuritiesMemberus-gaap:ShortTermInvestmentsMember2021-01-310001660134us-gaap:ShortTermInvestmentsMember2021-01-310001660134us-gaap:MoneyMarketFundsMemberus-gaap:CashAndCashEquivalentsMember2020-01-310001660134us-gaap:USTreasurySecuritiesMemberus-gaap:CashAndCashEquivalentsMember2020-01-310001660134us-gaap:CashAndCashEquivalentsMember2020-01-310001660134us-gaap:USTreasurySecuritiesMemberus-gaap:ShortTermInvestmentsMember2020-01-310001660134us-gaap:CorporateDebtSecuritiesMemberus-gaap:ShortTermInvestmentsMember2020-01-310001660134us-gaap:ShortTermInvestmentsMember2020-01-31okta:investment0001660134us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2021-01-310001660134us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2021-01-310001660134us-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2021-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2021-01-310001660134us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Member2021-01-310001660134us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2021-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2021-01-310001660134us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2021-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-01-310001660134us-gaap:MoneyMarketFundsMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-01-310001660134us-gaap:USTreasurySecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-01-310001660134us-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2020-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2020-01-310001660134us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMemberus-gaap:FairValueInputsLevel3Member2020-01-310001660134us-gaap:FairValueMeasurementsRecurringMemberus-gaap:USTreasurySecuritiesMember2020-01-310001660134us-gaap:FairValueInputsLevel1Memberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:FairValueInputsLevel2Memberus-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMemberus-gaap:FairValueInputsLevel3Member2020-01-310001660134us-gaap:CorporateDebtSecuritiesMemberus-gaap:FairValueMeasurementsRecurringMember2020-01-310001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMemberus-gaap:CarryingReportedAmountFairValueDisclosureMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:EstimateOfFairValueFairValueDisclosureMemberus-gaap:SeniorNotesMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:SeniorNotesMemberus-gaap:CarryingReportedAmountFairValueDisclosureMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:EstimateOfFairValueFairValueDisclosureMemberus-gaap:SeniorNotesMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2026Memberus-gaap:SeniorNotesMemberus-gaap:CarryingReportedAmountFairValueDisclosureMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2026Memberus-gaap:EstimateOfFairValueFairValueDisclosureMemberus-gaap:SeniorNotesMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:SeniorNotesMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2026Memberus-gaap:SeniorNotesMember2021-01-310001660134us-gaap:ComputerSoftwareIntangibleAssetMember2021-01-310001660134us-gaap:DevelopedTechnologyRightsMember2021-01-310001660134us-gaap:DevelopedTechnologyRightsMember2020-02-012021-01-310001660134us-gaap:LicensingAgreementsMember2021-01-310001660134us-gaap:LicensingAgreementsMember2020-02-012021-01-310001660134us-gaap:ComputerSoftwareIntangibleAssetMember2020-01-310001660134us-gaap:ComputerSoftwareIntangibleAssetMember2019-02-012020-01-310001660134us-gaap:DevelopedTechnologyRightsMember2020-01-310001660134us-gaap:DevelopedTechnologyRightsMember2019-02-012020-01-310001660134us-gaap:LicensingAgreementsMember2020-01-310001660134us-gaap:LicensingAgreementsMember2019-02-012020-01-310001660134us-gaap:ComputerEquipmentMember2021-01-310001660134us-gaap:ComputerEquipmentMember2020-01-310001660134us-gaap:FurnitureAndFixturesMember2021-01-310001660134us-gaap:FurnitureAndFixturesMember2020-01-310001660134us-gaap:LeaseholdImprovementsMember2021-01-310001660134us-gaap:LeaseholdImprovementsMember2020-01-3100016601342021-02-012021-01-31xbrli:pure0001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2018-02-280001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2018-02-012018-02-280001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2019-09-012019-09-300001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2019-09-300001660134us-gaap:CommonClassAMemberokta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2019-09-012019-09-300001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-02-012020-10-310001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-01-310001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-06-300001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-06-012020-06-300001660134us-gaap:CommonClassAMemberokta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-06-012020-06-300001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-02-012021-01-31okta:tradingDay0001660134us-gaap:CommonClassAMemberokta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2020-11-012021-01-310001660134us-gaap:SubsequentEventMemberokta:ConvertibleSeniorNotesDue2023Membersrt:ScenarioForecastMemberus-gaap:SeniorNotesMember2021-02-012021-02-010001660134okta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2019-02-012020-01-310001660134us-gaap:AdditionalPaidInCapitalMemberokta:ConvertibleSeniorNotesDue2023Memberus-gaap:SeniorNotesMember2021-01-310001660134okta:ConvertibleSeniorNotesDue2023Member2021-01-310001660134okta:ConvertibleSeniorNotesDue2023Member2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2023Member2019-09-300001660134okta:ConvertibleSeniorNotesDue2023Member2020-06-300001660134okta:ConvertibleSeniorNotesDue2023Member2019-09-012019-09-300001660134okta:ConvertibleSeniorNotesDue2023Member2020-06-012020-06-300001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:SeniorNotesMember2019-09-300001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:SeniorNotesMember2019-09-012019-09-300001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:SeniorNotesMember2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:SeniorNotesMember2019-02-012020-01-310001660134okta:ConvertibleSeniorNotesDue2025Memberus-gaap:AdditionalPaidInCapitalMemberus-gaap:SeniorNotesMember2021-01-310001660134us-gaap:ConvertibleDebtSecuritiesMemberokta:ConvertibleSeniorNotesDue2025Member2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2025Member2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2026Memberus-gaap:SeniorNotesMember2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2026Member2020-02-012021-01-310001660134okta:ConvertibleSeniorNotesDue2026Memberus-gaap:AdditionalPaidInCapitalMemberus-gaap:SeniorNotesMember2021-01-310001660134us-gaap:ConvertibleDebtSecuritiesMemberokta:ConvertibleSeniorNotesDue2026Member2020-02-012021-01-310001660134okta:SanFranciscoTenYearLeaseMember2021-01-31okta:renewalOption0001660134us-gaap:LetterOfCreditMember2021-01-310001660134us-gaap:LetterOfCreditMember2020-01-31okta:vote0001660134us-gaap:CommonClassAMember2020-02-012021-01-310001660134us-gaap:CommonClassBMember2020-02-012021-01-310001660134okta:StockOptionsAndRestrictedStockUnitsMember2021-01-310001660134us-gaap:EmployeeStockMember2021-01-310001660134us-gaap:CommonClassAMemberus-gaap:ContributionOfNonmonetaryAssetsToCharitableOrganizationMember2020-02-012021-01-310001660134us-gaap:CommonClassAMemberus-gaap:ContributionOfNonmonetaryAssetsToCharitableOrganizationMember2019-02-012020-01-310001660134us-gaap:CommonClassAMemberus-gaap:ContributionOfNonmonetaryAssetsToCharitableOrganizationMember2018-02-012019-01-310001660134us-gaap:EmployeeStockOptionMember2020-02-012021-01-310001660134us-gaap:EmployeeStockOptionMember2019-02-012020-01-310001660134us-gaap:EmployeeStockOptionMember2018-02-012019-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2020-02-012021-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2019-02-012020-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2018-02-012019-01-310001660134us-gaap:EmployeeStockMember2020-02-012021-01-310001660134us-gaap:EmployeeStockMember2019-02-012020-01-310001660134us-gaap:EmployeeStockMember2018-02-012019-01-310001660134us-gaap:RestrictedStockMember2020-02-012021-01-310001660134us-gaap:RestrictedStockMember2019-02-012020-01-310001660134us-gaap:RestrictedStockMember2018-02-012019-01-310001660134okta:RestrictedCommonStockMember2020-02-012021-01-310001660134okta:RestrictedCommonStockMember2019-02-012020-01-310001660134okta:RestrictedCommonStockMember2018-02-012019-01-310001660134okta:CostofServicesLicensesandServicesMember2020-02-012021-01-310001660134okta:CostofServicesLicensesandServicesMember2019-02-012020-01-310001660134okta:CostofServicesLicensesandServicesMember2018-02-012019-01-310001660134okta:TechnologyServicesCostsMember2020-02-012021-01-310001660134okta:TechnologyServicesCostsMember2019-02-012020-01-310001660134okta:TechnologyServicesCostsMember2018-02-012019-01-310001660134us-gaap:ResearchAndDevelopmentExpenseMember2020-02-012021-01-310001660134us-gaap:ResearchAndDevelopmentExpenseMember2019-02-012020-01-310001660134us-gaap:ResearchAndDevelopmentExpenseMember2018-02-012019-01-310001660134us-gaap:SellingAndMarketingExpenseMember2020-02-012021-01-310001660134us-gaap:SellingAndMarketingExpenseMember2019-02-012020-01-310001660134us-gaap:SellingAndMarketingExpenseMember2018-02-012019-01-310001660134us-gaap:GeneralAndAdministrativeExpenseMember2020-02-012021-01-310001660134us-gaap:GeneralAndAdministrativeExpenseMember2019-02-012020-01-310001660134us-gaap:GeneralAndAdministrativeExpenseMember2018-02-012019-01-31okta:incentive_plan0001660134okta:A2017EquityIncentivePlanMemberus-gaap:CommonClassAMember2021-01-310001660134us-gaap:CommonClassBMemberokta:A2017EquityIncentivePlanMember2021-01-310001660134us-gaap:ShareBasedCompensationAwardTrancheOneMemberus-gaap:EmployeeStockOptionMember2020-02-012021-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2020-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2021-01-31okta:offering_period0001660134srt:MinimumMemberus-gaap:EmployeeStockMember2020-02-012021-01-310001660134srt:MaximumMemberus-gaap:EmployeeStockMember2020-02-012021-01-310001660134srt:MinimumMemberus-gaap:EmployeeStockMember2019-02-012020-01-310001660134srt:MaximumMemberus-gaap:EmployeeStockMember2019-02-012020-01-310001660134srt:MinimumMemberus-gaap:EmployeeStockMember2018-02-012019-01-310001660134srt:MaximumMemberus-gaap:EmployeeStockMember2018-02-012019-01-310001660134us-gaap:EmployeeStockMember2020-01-310001660134us-gaap:DomesticCountryMember2021-01-310001660134us-gaap:StateAndLocalJurisdictionMember2021-01-310001660134country:GB2021-01-310001660134us-gaap:DomesticCountryMemberus-gaap:ResearchMember2021-01-310001660134us-gaap:StateAndLocalJurisdictionMemberus-gaap:ResearchMember2021-01-310001660134us-gaap:StateAndLocalJurisdictionMemberokta:CaliforniaEnterpriseZoneCreditMember2021-01-310001660134us-gaap:CommonClassAMember2019-02-012020-01-310001660134us-gaap:CommonClassBMember2019-02-012020-01-310001660134us-gaap:CommonClassAMember2018-02-012019-01-310001660134us-gaap:CommonClassBMember2018-02-012019-01-310001660134us-gaap:EmployeeStockOptionMember2020-02-012021-01-310001660134us-gaap:EmployeeStockOptionMember2019-02-012020-01-310001660134us-gaap:EmployeeStockOptionMember2018-02-012019-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2020-02-012021-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2019-02-012020-01-310001660134us-gaap:RestrictedStockUnitsRSUMember2018-02-012019-01-310001660134us-gaap:RestrictedStockMember2020-02-012021-01-310001660134us-gaap:RestrictedStockMember2019-02-012020-01-310001660134us-gaap:RestrictedStockMember2018-02-012019-01-310001660134okta:UnvestedCommonStockSubjectToRepurchaseMember2020-02-012021-01-310001660134okta:UnvestedCommonStockSubjectToRepurchaseMember2019-02-012020-01-310001660134okta:UnvestedCommonStockSubjectToRepurchaseMember2018-02-012019-01-310001660134okta:RestrictedCommonStockMember2020-02-012021-01-310001660134okta:RestrictedCommonStockMember2019-02-012020-01-310001660134okta:RestrictedCommonStockMember2018-02-012019-01-310001660134us-gaap:EmployeeStockMember2020-02-012021-01-310001660134us-gaap:EmployeeStockMember2019-02-012020-01-310001660134us-gaap:EmployeeStockMember2018-02-012019-01-310001660134us-gaap:ConvertibleDebtSecuritiesMember2020-02-012021-01-310001660134us-gaap:ConvertibleDebtSecuritiesMember2019-02-012020-01-310001660134us-gaap:ConvertibleDebtSecuritiesMember2018-02-012019-01-310001660134okta:A2023ConvertibleSeniorNotesMember2020-02-012021-01-310001660134okta:A2023ConvertibleSeniorNotesMember2019-02-012020-01-310001660134okta:A2023ConvertibleSeniorNotesMember2018-02-012019-01-310001660134okta:SharesRelatedto2025ConvertibleSeniorNotesMember2020-02-012021-01-310001660134okta:SharesRelatedto2025ConvertibleSeniorNotesMember2019-02-012020-01-310001660134okta:SharesRelatedto2025ConvertibleSeniorNotesMember2018-02-012019-01-310001660134okta:SharesRelatedTo2026ConvertibleSeniorNotesMember2020-02-012021-01-310001660134okta:SharesRelatedTo2026ConvertibleSeniorNotesMember2019-02-012020-01-310001660134okta:SharesRelatedTo2026ConvertibleSeniorNotesMember2018-02-012019-01-310001660134okta:Auth0Memberus-gaap:SubsequentEventMember2021-03-032021-03-030001660134okta:Auth0Memberus-gaap:SubsequentEventMember2021-03-03

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 10-K

(Mark One)

☒			ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended January 31, 2021

or

☐			TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from              to             

Commission File Number: 001-38044

Okta, Inc.

(Exact name of Registrant as specified in its charter)

Delaware

100 First Street, Suite 600

26-4175727

(State or Other Jurisdiction of Incorporation or Organization)

San Francisco

(I.R.S. Employer Identification Number)

California

94105

(Address of Principal executive offices)

___________________________________________________

Securities registered pursuant to Section 12(b) of the Act:

(Title of each class)

Trading Symbol(s)

(Name of each exchange on which registered)

Class A common stock, par value $0.0001 per share

OKTA

The Nasdaq Stock Market LLC

Securities registered pursuant to Section 12(g) of the Act: None

___________________________________________________

Indicate by check mark if the Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☒ No ☐

Indicate by check mark if the Registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes ☐

  No  ☒

Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes  ☒    No  ☐

Indicate by check mark whether the Registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the Registrant was required to submit such files).    Yes  ☒    No  ☐

Large Accelerated Filer

☒

Accelerated filer

☐

Non-accelerated filer

☐

Smaller reporting company

☐

Emerging growth company

☐

If an emerging growth company, indicate by check mark if the Registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the Registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒

DOCUMENTS INCORPORATED BY REFERENCE

Okta, Inc.

Form 10-K

For the Fiscal Year Ended January 31, 2021

TABLE OF CONTENTS

						Page
Part I
Item 1.			Business			6
Item 1A.			Risk Factors			15
Item 1B.			Unresolved Staff Comments			50
Item 2.			Properties			50
Item 3.			Legal Proceedings			50
Item 4.			Mine Safety Disclosures			50
Part II
Item 5.			Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities			51
Item 6.			Removed and Reserved
Item 7.			Management’s Discussion and Analysis of Financial Condition and Results of Operations			54
Item 7A.			Quantitative and Qualitative Disclosures About Market Risk			73
Item 8.			Financial Statements and Supplementary Data			75
Item 9.			Changes in and Disagreements with Accountants on Accounting and Financial Disclosure			115
Item 9A.			Controls and Procedures			115
Item 9B.			Other Information			115
Part III
Item 10.			Directors, Executive Officers and Corporate Governance			116
Item 11.			Executive Compensation			116
Item 12.			Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters			116
Item 13.			Certain Relationships and Related Transactions, and Director Independence			116
Item 14.			Principal Accountant Fees and Services			116
Part IV
Item 15.			Exhibits, Financial Statement Schedules			116
Item 16.			Form 10-K Summary			116

Special Note Regarding Forward-Looking Statements 

This Annual Report on Form 10-K contains "forward-looking statements" within the meaning of the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to, statements regarding our financial outlook, product development, business strategy, plans, market trends, opportunities, positioning, and the anticipated impact on our business of the COVID-19 pandemic, related public health measures and any associated economic downturn. These forward-looking statements are made as of the date they were first issued and were based on current expectations, estimates, forecasts and projections as well as the beliefs and assumptions of management. Words such as “expect,” “anticipate,” “should,” “believe,” “hope,” “target,” “project,” “goals,” “estimate,” “potential,” “predict,” “may,” “will,” “might,” “could,” “intend,” “shall” and variations of these terms or the negative of these terms and similar expressions are intended to identify these forward-looking statements, although not all forward-looking statements include these identifying words. The forward-looking statements are contained principally in “Management’s Discussion and Analysis of Financial Condition and Result of Operations” and “Risk Factors."

Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about:

•our future financial performance, including our revenue, costs of revenue, gross profits, margins and operating expenses;

•the impact of the global COVID-19 pandemic on our business and operations;

•trends in our key business metrics;

•our growth strategy and ability to compete;

•the sufficiency of our cash and cash equivalents, investments and cash provided by sales of our products and services to meet our liquidity needs;

•market or other opportunities arising from business combinations;

•our ability to maintain the security and availability of our internal networks and platform;

•our ability to increase our number of customers;

•our ability to sell additional products to and retain our existing customers;

•our ability to successfully expand in our existing markets and into new markets;

•our ability to effectively manage our growth and future expenses;

•our ability to expand our network of channel partners;

•our ability to form and expand partnerships with independent software vendors and system integrators;

•our ability to introduce new products, enhance existing products and address new use cases;

•our ability to add new integration partners;

•our ability to grow our international business;

•our ability to maintain, protect and enhance our intellectual property;

•our ability to comply with modified or new laws and regulations applying to our business;

•the attraction and retention of qualified employees and key personnel;

•our anticipated investments in sales and marketing and research and development;

•our ability to comply with modified or new laws and regulations applying to our business, including GDPR (as defined below), and other privacy regulations that may be implemented in the future;

•the impact of recent accounting pronouncements on our financial statements;

•our ability to successfully defend litigation brought against us; and

•our ability to successfully integrate and realize the benefits of strategic acquisitions or investments, including our proposed acquisition of Auth0, Inc. (Auth0).

Forward-looking statements are subject to a number of risks and uncertainties, many of which involve factors or circumstances that are beyond our control. Our actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in “Risk Factors” in this Annual Report on Form 10-K as well as other documents that may be filed by us from time to time with the Securities and Exchange Commission. Moreover, we operate in a very competitive and rapidly changing environment. New risks emerge from time to time. It is not possible for our management to predict all risks, nor can

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that the future results, levels of activity, performance or events and circumstances reflected in the forward-looking statements will be achieved or occur. Moreover, except as required by law, neither we nor any other person assumes responsibility for the accuracy and completeness of the forward-looking statements. We undertake no obligation to update publicly any forward-looking statements for any reason after the date of this Annual Report on Form 10-K to conform these statements to actual results or to changes in our expectations.

Overview

Okta is the leading independent identity management platform for the enterprise. Our vision is to enable everyone to safely use any technology, and we believe identity is the key to making that happen. Our mission is to bring simple and secure digital access to people and organizations everywhere. The Okta Identity Cloud is powered by our category-defining platform that enables our customers to securely connect the right people to the right technologies and services at the right time.

The Okta Identity Cloud helps organizations effectively harness the power of cloud, mobile and web technologies by securing users and connecting them with the applications and technology they use. We designed the Okta Identity Cloud to provide organizations an integrated approach to managing and securing every identity in an organization. Every day, thousands of organizations and millions of people use Okta to securely access a wide range of cloud, mobile and web applications, on-premises servers, application program interfaces (APIs), IT infrastructure providers and services from a multitude of devices. Developers leverage our platform to securely and efficiently embed identity into the software they build, allowing them to focus on their core mission. Employees and contractors sign into the Okta Identity Cloud to seamlessly and securely access the applications they need to do their most important work. Organizations use our platform to collaborate with their partners, and to provide their customers with more modern and secure experiences online and via mobile devices. As we add new customers, users, developers and integrations to our platform, our business, customers, partners and users benefit from powerful network effects that increase the value and security of the Okta Identity Cloud.

The acceleration of digital transformations, cloud modernization and changing consumer expectations to simple, secure digital experiences are driving a shift in how organizations manage consumer identities on the internet. Organizations are building secure consumer-facing applications and are turning to identity to optimize seamless and private user experiences. Our approach provides organizations with the scale, efficiency and security they need to build customer facing applications.

Given the growth trends in the number of applications and cloud adoption, and the movement to remote workforces, identity is becoming the most critical layer of an organization’s security. As organizations shift from network-based security models to a Zero Trust security model focusing on adaptive and context-aware controls, identity has become the most reliable way to manage user access and protect digital assets. Our approach to identity allows our customers to simplify and efficiently scale their security infrastructures across internal IT systems and external customer facing applications.

We designed the Okta Identity Cloud to provide organizations an integrated approach to managing and securing all of their identities. Our platform allows our customers to easily provision their customers, employees, contractors, and partners, enabling any user to connect to any device, cloud or application, all with a simple, intuitive and consumer-like user experience.

As of January 31, 2021, more than 10,000 customers across nearly every industry used the Okta Identity Cloud to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises, to small and medium-sized businesses, universities, non-profits and government agencies. We partner with leading application, infrastructure and security vendors, such as Amazon Web Services, Cisco, CrowdStrike, Google Cloud, Microsoft, Netskope, Proofpoint, Salesforce, ServiceNow, VMware and Workday. We had over 7,000 integrations with cloud, mobile and web applications and IT infrastructure providers as of January 31, 2021, which while not directly correlated to revenue, shows the breadth and acceptance of our platform.

We employ a Software-as-a-Service (SaaS) business model, and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings. We focus on acquiring and retaining our customers and increasing their spending with us through expanding the number of users who access the Okta Identity Cloud and up-selling additional products. We sell our products directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including resellers, system integrators and other distribution partners.

On March 3, 2021, we entered into a definitive agreement to acquire Auth0, Inc. (Auth0) pursuant to an Agreement and Plan of Merger (the Merger Agreement). Upon consummation of the transaction contemplated by the Merger Agreement, all outstanding shares of Auth0 capital stock, options, warrants, convertible securities, phantom equity and other outstanding equity interests will be cancelled in exchange for aggregate consideration of $6.5 billion in the form of shares of Class A common stock of the Company and assumed awards of corresponding Company equity interests, subject to customary purchase price adjustments and certain customary cash payouts in lieu of shares of Company Class A common stock, as provided by the Merger Agreement. The purchase price payable in shares of Class A common stock will be valued at $276.2147 per share (which price was calculated based on the daily volume-weighted average sales price per share of Company Class A common stock for the 20 trading days ending on February 26, 2021). The per share price of these shares has been fixed as of the Merger Agreement signing date, and the aggregate value of these shares will fluctuate based on changes in our share price between the signing and closing dates.

Auth0 is an identity management platform for application developers that provides solutions to add authorization and authentication services to developer applications. The proposed transaction is expected to close during the Company’s second quarter of fiscal 2022, the quarter ending July 31, 2021. The closing of this transaction is subject to certain customary closing conditions and approvals.

The Okta Identity Cloud

The Okta Identity Cloud is an independent and neutral cloud-based identity solution that allows our customers to integrate with nearly any application, service or cloud that they choose through our secure, reliable and scalable platform and cloud infrastructure. Our technological neutrality allows our customers to easily adopt the best technologies, and our platform is designed to securely connect users to the technology that they choose. We prioritize the compatibility of the Okta Identity Cloud with public clouds, on-premises infrastructures and hybrid clouds. Our customers use the Okta Identity Cloud to secure their workforces, to create solutions that make their partner networks more collaborative, and to provide more seamless and secure experiences for their customers or end users, which combined with our open approach, enables our customers to future-proof their environments.

The Okta Identity Cloud can be used as the central system for an organization’s connectivity, access, authentication and identity lifecycle management needs spanning all of its users, technology and applications.

We enable our customers to easily deploy, manage and secure applications and devices, and to provision and support users across their IT environments, with a simple, intuitive, consumer-like user experience. Developers are similarly able to leverage a robust set of tools through the platform to quickly build custom cloud, mobile and web application experiences that leverage the breadth and depth of capabilities within the Okta Identity Cloud. Once deployed, we enable administrators to enforce contextual access management decisions based on conditions such as user identity, device, location, application identity, IP reputation and time of day.

The Okta Identity Cloud for Workforce Identity

The Okta Identity Cloud for Customer Identity

In customer identity use cases, the Okta Identity Cloud enables organizations to transform their own customers’ experiences by empowering development teams to rapidly and securely build customer-facing cloud, mobile or web applications. We enable an organization’s product team to layer our powerful identity platform into their cloud, web and mobile applications. This makes it easier for them to authenticate, manage, scale and secure their connections, enabling rapid time to market for the business. Organizations are able to centrally manage policy and API-level access across all their applications, leading to more seamless customer experiences that are personalized, engaging and secure.

Okta Platform Services

In order to enable customers and partners to address a wide range of identity use cases, we have built a set of modular components, called Okta Platform Services, which can be combined to build new features and tailored experiences faster. Okta Platform Services are available in Okta packaged products through APIs and software development kits (SDKs). Okta Platform Services can be used across both workforce and customer identity use cases. We expect to use Okta Platform Services to continue to enable new and expanded use cases and enable customers or third-party developers to build their own solutions based on an industry use case or unique customer need. Okta Platform Services include Okta’s Identity Engine, Workflows, Devices, Integrations and Insights.

Growth Strategy

Key elements of our growth strategy are to:

Execute with Our Platform

•Drive New Customer Growth.   To increase our market share, we intend to continue to grow our customer base using a land-and-expand sales model, with a focus on key markets by size of customers, as well as key verticals, including highly-regulated sectors.

•Deepen Relationships Within Our Existing Customer Base.   We plan to further increase revenue from our existing customers by cross-selling and up-selling additional and new products. We also believe we can expand our footprint by focusing on current customers that have deployed the Okta Identity Cloud for workforce identity, and expanding those customers’ use of our platform for customer identity, or vice versa.

•Expand Our Channel Partner Ecosystem. We also plan to expand our indirect sales network to leverage the sales efforts of resellers, system integrators and other distribution partners, and to increase the contribution we receive from these channel partners.

•Expand Our International Footprint.   With 16% of our revenue generated outside of the United States in fiscal 2021, and our international revenue growing 46% from fiscal 2020 to fiscal 2021, we believe there is significant opportunity to continue to grow our international business. We believe global demand for our products will continue to be a long-term opportunity as organizations outside the United States fully embrace the transition to cloud computing, and larger international organizations take advantage of technology consolidation within their global locations.

Increase Our Opportunities

•Innovate and Extend Our Platform with New Products.   We intend to continue making significant investments in research and development, hiring top technical talent and maintaining an agile organization. In addition, we intend to selectively pursue acquisitions and strategic investments in businesses and technologies to extend our platform. By continuing to innovate, introduce new products and extend our platform to additional use cases, we believe that we can offer increasing value to our existing and potential customers.

•Extend Our Accessible Market with New Use Cases. As technology and our customers’ needs evolve, we plan to use our platform to help our customers address new challenges, regulatory requirements and use cases.

•Leverage Our Integrations.   The Okta Integration Network is an extensive partner ecosystem, which includes over 7,000 integrations with cloud, mobile and web applications and IT infrastructure

providers. We plan to continue these partnerships as well as add new integration partners to enrich our user experience and expand our customer base. We view our investment in these partnerships as a force multiplier that enables us to build and promote complementary capabilities that benefit our customers.

•Expand our Developer Ecosystem. We want to empower every application developer to use the Okta Identity Platform to securely build authentication into any application. We believe that our secure and seamless access solutions enable developers to focus their time and attention on building their core application capabilities while relying on the Okta Identity Platform for their identity related requirements. We currently offer a free developer license, and we plan to create additional SDKs and APIs to make our platform more extensible and allow developers to build applications and services that extend its functionality.

•Leverage Our Unique Data Assets with Powerful Analytics. Our position at the intersection of people, devices, applications and infrastructure gives us unique access to powerful data, and the opportunity to provide differentiated insights based on that data, as well as predictive capabilities based on that data to help keep customers more secure. We expect the value of our analytics to our customer base will increase as customers continue to connect more devices, applications and users to their networks and as we add more customers. We also expect that our analytics ability will enable our customers to use our data and third-party data from our partners, to help customers make more informed and secure access decisions. We do not currently derive direct revenue from our unique data assets, but we may explore opportunities for monetization in the future.

•Mergers and Acquisitions and Investments. From time to time, we evaluate opportunities to acquire or invest in emerging and adjacent technologies to complement our organic investments and improve our products, services and customers’ experiences. We will continue to use these types of strategic levers as opportunities arise.

Our Products

The Okta Identity Cloud consists of an independent platform with a suite of products and services to manage and secure identities. We are continuously enhancing these products and services. Most of our products can be used for both customer identity and for workforce identity use cases. Our workforce identity products are consumed through web and mobile interfaces, and provide simple ways for IT organizations to manage identities for their employees, contractors and partners. For customer identity, our APIs are also used by developers to embed Okta identity functionality into their own customer-facing mobile or web applications. We continuously improve the Okta Identity Cloud through the release and development of additional products, features and services.

Products

•Universal Directory.  Universal Directory provides a centralized, cloud-based system of record to store and secure user, application and device profiles for an organization. Users and profiles stored in the directory can be used with our Single Sign-On product to manage passwords and authentication, or can be used by developers to store and authenticate the users of their applications. When used for workforce identity, Universal Directory becomes a customer’s system of record for all of its employees, contractors and partners. When used for customer identity, Universal Directory becomes a customer's secure system of record for management of all of its users.

•Single Sign-On.  When used to manage and secure identities for a customer’s workforce, Single Sign-On enables users to access all of their applications, whether in the cloud or on-premise, from any device, with a single entry of their user credentials. We combine secure access, modern protocols, flexible policies and a consumer-like user experience to permit organizations to easily allow customers or partners to sign in to their applications with their existing identity information. Single Sign-On also enables built-in reporting and analytics that provide real-time search functionalities across users, devices, applications and the associated access and usage activity. When used for customer identity, Single Sign-On enables secure authentication for applications by external customers.

•Adaptive Multi-Factor Authentication.  Adaptive Multi-Factor Authentication is a comprehensive, but simple-to-use, product that provides an additional layer of security for an organization’s cloud, mobile and web applications and data. We offer an intelligent approach to security, built on contextual data. Adaptive Multi-Factor Authentication includes a policy framework that is integrated with a broad set of cloud

and on-premises applications and network infrastructures. It offers adaptive, risk-based authentication that leverages data intelligence from across the Okta network of thousands of organizations.

•Lifecycle Management.  Lifecycle Management enables IT organizations or developers to manage a user's identity throughout its entire lifecycle. It automates IT processes and ensures user accounts are created and deactivated at the appropriate times, including the workflow and policies needed to power those processes. With Okta Lifecycle Management, organizations can securely manage the entire identity lifecycle, from on-boarding to off-boarding, and ensure compliance requirements are met as user roles evolve and access levels change.

•API Access Management.  API Access Management enables organizations to secure APIs as systems connect to each other. Access to these APIs is managed based on the user, which enables organizations to centrally maintain one set of permissions for any employee, partner or customer across every point of access. API Access Management reduces development time, boosts security, helps in achieving compliance and enables seamless end-user experiences by providing a unified portable service for authorizing secure and always available access to any API.

•Access Gateway.  Access Gateway enables organizations to extend the Okta Identity Cloud, which is a cloud native platform, from the cloud to their existing on-premises applications, so that they can harness the benefits of Okta to manage all of their critical systems, whether in the cloud, on-premises or hybrid. Extending the benefits of the Okta Identity Cloud to hybrid IT environments delivers a single point of management for our customers’ administrators and a single location from which end users can access their critical applications.

•Advanced Server Access.  Advanced Server Access offers continuous, contextual access management to secure cloud infrastructure. Organizations can continuously manage and secure access to on-premises Windows and Linux servers and across leading Infrastructure-as-a-Service vendors, including Amazon Web Services, Google Cloud Platform and Microsoft Azure. Advanced Server Access enables our customers to centralize access controls in a seamless manner to better mitigate the risk of credential theft, reuse, sprawl and abandoned administrative accounts.

By focusing on identity, the one constant in an ever-changing technology and threat landscape, the Okta Identity Cloud provides our customers with a solution to solve their IT and security challenges, facilitate their adoption of a Zero Trust security model and enable their digital transformation.

Our Technology

We focus on engineering an intuitive, but comprehensive, platform to solve complex problems. Our pure cloud architecture is multi-tenant, encrypted and third-party validated. Our service also allows us to integrate into our customers’ on-premises components and hybrid configurations.

One Platform with Differentiated Administration, User and Developer Experience

The Okta Identity Cloud is built on one common platform and user interface framework, offering administrators and users a consistent, easy-to-use, consumer-like experience across our products. Our technology integrates with industry-leading browsers and mobile applications to provide seamless access to nearly any web or native mobile application. We also heavily leverage operating system management and security technologies across desktops, laptops and mobile devices to provide a transparent, but secure experience for users across a range of devices. These integrations allow us to seamlessly deliver connectivity use cases that previously required significant custom development to achieve.

Robust Security

Security is a mission-critical issue for Okta and for our customers. Our approach to security spans day-to-day operational practices to the design and development of our software to how customer data is segmented and secured within our multi-tenant platform. We ensure that access to our platform is securely delegated across an organization. Our source code is updated weekly, and there are audited and verifiable security checkpoints to ensure source code fidelity and continuous security review. We have attained multiple SOC 2 Type II Attestations, CSA Star Level 2 Attestation, ISO/IEC 27001:2013, ISO/IEC 27018:2019 and Health Insurance Portability and Accountability Act (HIPAA) certifications and multiple agency Federal Risk and Authorization Management Program (FedRAMP) Moderate Authorities to Operate. We also support FIPS 140-2 validated encryption in our Okta Verify MFA product.

Scalability and Uptime

Our technical operations and engineering teams are designed around the concept of an always-on, highly redundant and available platform that we can upgrade without customer disruption. Our products and architecture were built entirely in and for the cloud with availability and scalability at the center of the design and were built to be agnostic with respect to the underlying infrastructure. Our maintenance windows do not require any downtime.

Our proprietary cell architecture includes redundant, active-active availability zones with cross-continental disaster recovery centers, real-time database replication and geo-distributed storage. If one of our systems goes down, another is quickly promoted. Our architecture is designed to scale both vertically by increasing the size of the application tiers and horizontally by adding new geo-distributed cells.

The Okta Identity Cloud is monitored not only at the infrastructure level but also at the application and third-party integration level. Synthetic transaction monitoring allows our technical operations team to detect and resolve issues proactively.

The Okta Integration Network contains over 7,000 integrations with cloud, mobile and web applications, IoT devices and IT infrastructure providers, including Amazon Web Services, Atlassian, Cisco, F5 Networks, Google Cloud Platform, Microsoft Office 365, NetSuite, Oracle, Palo Alto Networks, Proofpoint, Salesforce, SAP, ServiceNow, Slack, Splunk, VMware, Workday and Zoom. At the core of the Okta Integration Network is a patented technology that allows our customers to seamlessly connect to any application or type of device that is already integrated into our network. In addition, customers can extend the Okta Integration Network by creating their own integrations to both cloud and on-premises proprietary applications.

Our Customers

As of January 31, 2021, we had more than 10,000 customers on our platform, including more than 1,950 customers with an annual contract value greater than $100,000. Our customers span nearly all industry verticals and range from small organizations with fewer than 100 employees to companies in the Fortune 50, with up to hundreds of thousands of employees, some of which use the Okta Identity Cloud to manage millions of their customers' identities.

Sales and Marketing

Sales

We sell directly to customers through our inside and field sales force and also indirectly through our extensive ecosystem of channel partners. Once a sale is made, we leverage our land-and-expand sales model to generate incremental revenue, often within the term of the initial agreement, through the addition of new users and the sale of additional products. In many instances, we find that initial customer success with our platform results in key internal decision makers expanding their deployments, for example, from initial use for workforce identity to expanded use for their customer identity needs. Furthermore, as our customers are successful in their businesses and increase headcount or the number of their customers, we share in their growth as the number of identities that we manage increases.

Our sales organization is structured to address the specific needs of each segment of our target market. Our sales team is divided by geography, customer size and industry vertical. Our direct sales force is supported by our sales engineers, security team, cloud architects, professional services team and other technical resources.

Marketing

Our most valuable marketing features our customers and their successes, and is informed by a deeply data-driven approach, giving us insights into the efficacy of our efforts. Our marketing efforts focus on promoting our

A centerpiece of our marketing strategy is our annual customer conference, Oktane, that features customers sharing their success stories, new product and feature announcements and hands-on product labs. We also host a number of other events, such as Okta Showcase, a key event for product and feature announcements, where we engage with both existing customers and new prospects, as well as deliver product training.

Research and Development

Our research and development organization is responsible for the design, architecture, creation and the quality of the Okta Identity Cloud. The research and development organization also works closely with our technical operations team to ensure the successful deployment and monitoring of our platform. We use test automation and application monitoring to ensure the Okta Identity Cloud is always-on.

Customer Support and Professional Services

Our products are designed for ease of use and fast deployments. As part of our customer first strategy, we are focused on customer success and offer several programs to help our customers maximize their success with our products. These programs leverage the expertise and best practices that we have built while helping thousands of Okta customers to adopt and deploy our products.

Intellectual Property

We protect our intellectual property through a combination of trademarks, domain names, copyrights, trade secrets and patents, as well as contractual provisions and restrictions on access to our proprietary technology.

As of January 31, 2021, we had twenty issued patents in the United States, which expire between 2030 and 2037 and cover various aspects of our products. In addition, as of such date, we also had five issued patents in Australia which expire between 2033 and 2037, five issued patents in New Zealand which expire between 2034 and 2037, and five issued European patents which have each been validated in Germany, France and Great Britain and expire between 2033 and 2036.

We have registered “Okta” as a trademark in the United States, Australia, Canada, China, the European Union, Japan and the United Kingdom. We also have filed other trademark applications pending in the United States and China. We also have registered in the United States the trademarks "Okta Your Cloud, Covered," "Enterprise Identity, Delivered," "Work Outside the Perimeter," "Oktane," "Never Build Auth Again" and "Zero Trusts Given."

We are the registered holder of a variety of domestic and international domain names that include “Okta” and similar variations.

In addition to the protection provided by our intellectual property rights, we enter into confidentiality and proprietary rights or similar agreements with our employees, consultants and contractors. Our employees,

Additional information regarding certain risks related to our intellectual property is included in Part I, Item 1A “Risk Factors” of this Annual Report on Form 10-K.

Our Competitors

The markets for our products are rapidly evolving, highly competitive and subject to shifting customer needs and frequent introductions of new competing technologies. As the markets in which we operate continue to mature and new technologies and competitors enter those markets, we expect competition to intensify. Our competitor categories include:

•Authentication providers;

•Lifecycle Management providers;

•Multi-factor Authentication providers;.

•Infrastructure-as-a-service providers;

•Other customer identity and access management providers; and

•Solutions developed in-house by our potential customers.

We compete with both cloud-based and on-premise enterprise application software providers. Our competitors vary in size and in the breadth and scope of the products and services offered. However, many of our competitors have substantial competitive advantages such as significantly greater financial, technical, sales and marketing, distribution, customer support or other resources, longer operating histories, greater resources to make strategic acquisitions and greater name recognition than we do. Our principal competitor is Microsoft.

Due to the flexibility and breadth of our platform, we can and often do co-exist alongside our competitors’ products within our customer base.

Principal competitive factors in our markets include flexibility, independence, product capabilities, total cost of ownership, time to value, scalability, user experience, number of pre-built integrations, customer satisfaction, global reach and ease of integration, management and use. We believe our product strategy, platform architecture, technology and independence as well as our company culture allow us to compete favorably on each of these factors.

We expect competition to increase as other established and emerging companies enter our markets, as customer requirements evolve, and as new products and technologies are introduced. We expect this to be particularly true as we are a cloud-based offering, and our competitors may also seek to acquire new offerings or repurpose their existing offerings to provide identity management solutions with subscription models. With the continuing merger and acquisition activity in the technology industry, particularly transactions involving security or identity and access management technologies, there is a greater likelihood that we will compete with other large technology companies in the future in both the workforce identity and customer identity markets.

Human Capital Resources

Our core values – love our customers, never stop innovating, act with integrity, be transparent and empower our people – inform and guide our human capital initiatives and objectives. In order to continue to innovate and drive customer success, it is crucial that we continue to attract, develop and retain exceptional talent. To that end, we strive to make Okta a diverse and inclusive workplace, with opportunities for our employees to grow and develop in their careers, supported by fair and competitive compensation, benefits and wellness programs, and by initiatives that foster connections between and among our employees and their communities.

As of January 31, 2021, we had 2,806 employees, of which approximately 83% were in the United States and 17% were in our international locations. We have not experienced any work stoppages, and we consider our relations with our employees to be good.

We encourage you to review the “Diversity, Inclusion and Belonging,” “Responsibility,” “Careers” and “Okta for Good” pages of our website at www.okta.com for more detailed information regarding our human capital programs and initiatives. Additional information on our diversity, inclusion and belonging strategy, diversity metrics and programs can be found in our State of Inclusion at Okta Annual Report located on our website at www.okta.com/state-of-inclusion-at-okta. The information contained on, or that can be accessed through, our website is not incorporated by reference into this Annual Report on Form 10-K.

We are committed to fostering a culture of inclusion and belonging, and to building a diverse workforce to drive innovation and collective growth, which we believe is critical to our success. Over the past few years, we have prioritized our diversity, inclusion and belonging (DIB) program at Okta. Our DIB initiatives – spearheaded by our DIB department, Inclusion Council and employee resource groups (ERGs), in partnership with various other teams – focus on DIB in our workforce, in our workplace and in the community.

We employ inclusive recruitment and hiring practices to source diverse talent and mitigate potential bias throughout the hiring process. We also continue to recruit from a broad range of colleges and engage with organizations that support diverse students and jobseekers through our social impact arm, Okta for Good.

Growth and Development

We invest significant resources to develop talent and actively foster a learning culture where employees are empowered to drive their personal and professional growth. We offer extensive onboarding and training programs to prepare our employees at all levels for career progression and individual development.

Compensation, Benefits and Wellness

We provide robust compensation, benefits and wellness programs that help support the varying needs of our employees. In addition to market-competitive base pay, short-term bonus incentives and long-term equity incentives, our total rewards program includes comprehensive employee benefits and a variety of other health and wellness resources. We are committed to fair compensation and opportunity in our workplace.

We help our employees succeed by providing flexibility in where and how they work. Over the past few years, we introduced and began transitioning our workforce to a “Dynamic Work” framework, based on the premise that enabling our employees to work from anywhere can increase employee empowerment, satisfaction and productivity, drive efficiency and enable us to hire from a broader, more diverse pool of talent. In response to the COVID-19 pandemic, we accelerated our move to Dynamic Work to protect the health, safety and wellness of our employees.

The mission of our social impact arm, Okta for Good, is to strengthen the connections between people, technology and community, which we believe fosters a more meaningful, fulfilling and enjoyable workplace. Our employees are passionate about many causes and Okta for Good connects them with numerous giving and volunteering opportunities in service of our communities. Okta for Good's core focus areas are:

•Developing technology for good ecosystems;

•Expanding economic opportunity and pathways into the technology sector;

•Supporting non-profits addressing critical needs in our global communities; and

•Empowering our employees to become changemakers.

Through Okta for Good, which is a part of our company and not a separate legal entity, we donate and discount access to our service for non-profit organizations, who use the Okta Identity Cloud to make their teams more efficient, allowing them to focus on making a meaningful impact in the world. Our employee volunteer program enables global team members to donate time to support charitable organizations worldwide.

Financial Information

The financial information required under this Item 1 is incorporated herein by reference to the section of this Annual Report on Form 10-K titled “Part II-Item 8-Financial Statements and Supplementary Data.” For financial information regarding our business, see “Part II-Item 7-Management’s Discussion and Analysis of Financial Condition and Results of Operations” of this Annual Report on Form 10-K and our consolidated audited financial statements and related notes included elsewhere in this Annual Report on Form 10-K.

Corporate Information

We were incorporated in 2009 as Saasure Inc., a California corporation, and were later reincorporated in 2010 under the name Okta, Inc. as a Delaware corporation. Our principal executive offices are located at 100 First Street, Suite 600, San Francisco, California 94105, and our telephone number is (888) 722-7871. Our website address is www.okta.com. Information contained on, or that can be accessed through, our website does not constitute part of this Annual Report on Form 10-K.

Additional Information

The following filings are available through our investor relations website after we file them with the Securities and Exchange Commission (SEC): Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and our Proxy Statement for our annual meeting of stockholders. These filings are also available for download free of charge on our investor relations website. Our investor relations website is located at investor.okta.com. The SEC also maintains an internet website that contains reports, proxy statements and other information about issuers, like us, that file electronically with the SEC. The address of that website is www.sec.gov.

We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations website. Additionally, we provide notifications of news or announcements regarding our financial performance, including SEC filings, investor events, press and earnings releases, and blogs as part of our investor relations website. Further corporate governance information, including our corporate governance guidelines and code of conduct, is also available on our investor relations website under the heading "Corporate Governance." The contents of our websites are not intended to be incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.

Item 1A. Risk Factors

A description of the risks and uncertainties associated with our business is set forth below. You should carefully consider the risks and uncertainties described below, as well as the other information in this Annual Report on Form 10-K, including our consolidated financial statements and the related notes and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The occurrence of any of the events or developments described below, or of additional risks and uncertainties not presently known to us or that we currently deem immaterial, could materially and adversely affect our business, results of operations, financial condition and growth prospects. In such an event, the market price of our Class A common stock could decline and you could lose all or part of your investment.

•The effects of the COVID-19 pandemic have affected how we and our customers are operating our businesses, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain.

•Adverse general economic and market conditions and reductions in workforce identity and customer identity spending may reduce demand for our products, which could harm our revenue, results of operations and cash flows.

•We have experienced rapid growth in recent periods, which makes it difficult to forecast our revenue and evaluate our business and future prospects.

•Our recent growth rates may not be indicative of our future growth. As our costs increase, we may not be able to generate sufficient revenue to achieve and, if achieved, maintain profitability.

•We have a history of losses, and we expect to incur losses for the foreseeable future.

•If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges.

•We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

•If we are unable to attract new customers, sell additional products to our existing customers or develop new products and enhancements to our products that achieve market acceptance, our revenue growth and profitability will be harmed.

•Our business depends on our customers renewing their subscriptions and purchasing additional licenses or subscriptions from us. Any material decline in our Dollar-Based Net Retention Rate would harm our future results of operations.

•Customer growth could fall below expectations.

•We may experience quarterly fluctuations in our results of operations due to a number of factors that make our future results difficult to predict and could cause our results of operations to fall below analyst or investor expectations.

•If there are interruptions or performance problems associated with our technology or infrastructure, our existing customers may experience service outages, and our new customers may experience delays in the deployment of our platform.

•An application, data security or network incident may allow unauthorized access to our systems or data or our customers’ data, disable access to our service, harm our reputation, create additional liability and adversely impact our financial results.

•Any actual or perceived failure by us to comply with the privacy or security provisions of our privacy policy, our contracts and/or legal or regulatory requirements could result in proceedings, actions or penalties against us.

•There are risks related to our proposed acquisition of Auth0, including our ability to complete the acquisition in a timely manner, successfully integrate Auth0 and realize potential benefits from the acquisition.

•The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of our IPO, including our directors, executive officers, and their affiliates, who held in the aggregate 48% of the voting power of our capital stock as of January 31, 2021. This will limit or preclude your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval.

•Servicing our debt may require a significant amount of cash. We may not have sufficient cash flow from our business to pay our indebtedness.

Risks Related to Our Business and Industry

The effects of the COVID-19 pandemic have materially affected how we and our customers are operating our businesses, and the duration and extent to which this will impact our future results of operations and overall financial performance remains uncertain.

In December 2019, a novel coronavirus (COVID-19) was reported in China, in January 2020, the World Health Organization (WHO) declared it a Public Health Emergency of International Concern and in March 2020, the WHO declared it a pandemic. This contagious disease outbreak has continued to spread across the globe and is impacting worldwide economic activity and financial markets, resulting in an economic downturn that became a global recession. The extent of the impact of COVID-19 on our future operational and financial performance will depend on certain developments, including the duration and spread of the outbreak, the effectiveness, distribution and acceptance of COVID-19 vaccines, including the vaccines’ efficacy against emerging COVID-19 variants, related public health measures, and their impact on the global economy, our customers, employees and vendors. In the absence of mass distribution and acceptance of effective COVID-19 vaccines, we expect to see continued fluctuations in business openings and closures as communities respond to local outbreaks. This pandemic has resulted in a widespread health crisis that is adversely affecting broader economies and financial markets.

As a result of the COVID-19 pandemic, we have temporarily closed our offices, required our employees to work from home and implemented significant travel restrictions. We shifted our annual user conference, Oktane20 Live, held in the spring of 2020, to a virtual-only conference and in the near-term we have changed our customer, employee and industry events, including Oktane21 Live, to virtual-only formats. The conditions caused by the COVID-19 pandemic have and may continue to affect the rate of IT spending and have and could adversely affect our current and potential customers’ ability or willingness to purchase our offerings. It has and could continue to delay current and prospective customers’ purchasing decisions, adversely impact our ability to provide professional services to our customers, delay the provisioning of our offerings, lengthen payment terms, reduce the value or duration of our subscription contracts, or affect customer attrition rates, all of which could adversely affect our future sales, operating results and overall financial performance.

Our operations have also begun to be negatively affected by a range of external factors related to the COVID-19 pandemic that are not within our control. For example, many cities, counties, states and countries have imposed or may impose a wide range of restrictions on our employees’, partners’, customers’ and potential customers’ physical movement to limit the spread of COVID-19. If the COVID-19 pandemic has a substantial impact on our employees’, partners’, customers’ or potential customers’ attendance or productivity, our results of operations and overall financial performance may be harmed.

The duration and extent of the impact from the COVID-19 pandemic depends on future developments that cannot be accurately predicted at this time, such as the efficacy, availability and acceptance of COVID-19 vaccines, the severity and transmission rate of the virus, and emerging variants, the extent and effectiveness of containment actions and the impact of these and other factors on our employees, customers, partners and vendors as well as the global economy. Despite our best efforts to manage the impact of such events effectively, our business still may be harmed.

Adverse general economic and market conditions and reductions in workforce identity and customer identity spending may reduce demand for our products, which could harm our revenue, results of operations and cash flows.

Our revenue, results of operations and cash flows depend on the overall demand for our products. Concerns about the COVID-19 pandemic, the systemic impact of a related widespread recession (in the United States or internationally), energy costs, geopolitical issues or the availability and cost of credit have and could continue to lead to increased market volatility, decreased consumer confidence and diminished growth expectations in the U.S. economy and abroad, which in turn could result in reductions in workforce identity and customer identity spending by our existing and prospective customers. These economic conditions can occur abruptly. Prolonged economic slowdowns may result in customers requesting us to renegotiate existing contracts on less advantageous terms to us than those currently in place or defaulting on payments due on existing contracts or not renewing at the end of the contract term.

Our customers may merge with other entities who use alternative identity solutions and, during weak economic times, there is an increased risk that one or more of our customers will file for bankruptcy protection, either of which may harm our revenue, profitability and results of operations. We also face risk from international customers that file for bankruptcy protection in foreign jurisdictions, particularly given that the application of foreign

bankruptcy laws may be more difficult to predict. In addition, we may determine that the cost of pursuing any claim may outweigh the recovery potential of such claim. As a result, if economic growth in countries where we do business slows or if such countries experience further economic recession, it could harm our business, revenue, results of operations and cash flows.

We have experienced rapid growth in recent periods, which makes it difficult to forecast our revenue and evaluate our business and future prospects.

Much of our growth has occurred in recent periods, which makes it difficult to forecast our revenue and evaluate our business and future prospects. We have encountered and will continue to encounter risks and uncertainties frequently experienced by growing companies in rapidly changing industries, including the risks and uncertainties described in this document. Additionally, the sales cycle for the evaluation and implementation of our platform, which typically extends for multiple months for enterprise deals, may also cause us to experience a delay between increasing operating expenses and the generation of corresponding revenue, if any. Accordingly, we may be unable to prepare accurate internal financial forecasts or replace anticipated revenue that we do not receive as a result of delays arising from these factors, and our results of operations in future reporting periods may be below the expectations of investors. If we do not address these risks successfully, our results of operations could differ materially from our estimates and forecasts or the expectations of investors, causing our business to suffer and our stock price to decline.

We have experienced rapid growth in recent periods, and our recent growth rates may not be indicative of our future growth. As our costs increase, we may not be able to generate sufficient revenue to achieve and, if achieved, maintain profitability.

From fiscal 2019 to fiscal 2020, our revenue grew from $399.3 million to $586.1 million, an increase of 47%, and from fiscal 2020 to fiscal 2021, our revenue grew from $586.1 million to $835.4 million, an increase of 43%. In future periods, we may not be able to sustain revenue growth consistent with recent history, or at all. We believe our revenue growth depends on a number of factors, such as macroeconomic conditions and the economic impact of the COVID-19 pandemic, as well as, but not limited to, our ability to:

•price our platform effectively so that we are able to attract and retain customers without compromising our profitability;

•attract new customers, successfully deploy and implement our platform, upsell or otherwise increase our existing customers’ use of our platform, obtain customer renewals and provide our customers with excellent customer support;

•increase our network of channel partners, which include resellers, system integrators and other distribution partners and independent software vendors (ISVs);

•adequately expand our sales force, and maintain or increase our sales force’s productivity;

•successfully identify and enter into agreements with suitable acquisition targets, integrate any acquisitions and integrate acquired technologies into our existing products or use them to develop new products;

•successfully introduce new products, enhance existing products and address new use cases;

•introduce our platform to new markets outside of the United States;

•successfully compete against larger companies and new market entrants; and

•increase awareness of our brand on a global basis.

If we are unable to accomplish any of these tasks, our revenue growth will be harmed. We also expect our operating expenses to increase in future periods, and if our revenue growth does not increase to offset these anticipated increases in our operating expenses, our business, financial position and results of operations will be harmed, and we may not be able to achieve or maintain profitability.

We have a history of losses, and we expect to incur losses for the foreseeable future.

We have incurred significant net losses in each year since our inception, including net losses of $125.5 million, $208.9 million and $266.3 million in fiscal 2019, 2020 and 2021, respectively. We expect to continue to incur net losses for the foreseeable future. Because the market for our platform is rapidly evolving and has not yet reached widespread adoption, it is difficult for us to predict our future results of operations. We expect our operating expenses to significantly increase over the next several years as we hire additional personnel, particularly in sales and marketing, expand and improve the effectiveness of our distribution channels, expand our operations and infrastructure, both domestically and internationally, pursue business combinations and continue to develop our platform. As we continue to develop as a public company, we may incur additional legal, accounting and other expenses that we did not incur historically. If our revenue does not increase to offset these increases in our operating expenses, we will not be profitable in future periods. While historically, our total revenue has grown, not all components of our total revenue have grown consistently. Further, in future periods, our revenue growth could slow or our revenue could decline for a number of reasons, including slowing demand for our software, increasing competition, any failure to gain or retain channel partners, a decrease in the growth of our overall market, or our failure, for any reason, to continue to capitalize on growth opportunities. As a result, our past financial performance should not be considered indicative of our future performance. Any failure by us to achieve or sustain profitability on a consistent basis could cause the value of our common stock to decline.

If we fail to manage our growth effectively, we may be unable to execute our business plan, maintain high levels of service and customer satisfaction or adequately address competitive challenges.

We have experienced, and may continue to experience, rapid growth and organizational change, which has placed, and may continue to place, significant demands on our management and our operational and financial resources. For example, our headcount has grown from 2,248 employees as of January 31, 2020 to 2,806 employees as of January 31, 2021. We have also experienced significant growth in the number of customers, users and logins and in the amount of data that our SaaS infrastructure supports. Finally, our organizational structure is becoming more complex as we improve our operational, financial and management controls as well as our reporting systems and procedures. We will require significant capital expenditures and the allocation of valuable management resources to grow and change in these areas without undermining our culture of rapid innovation, teamwork and attention to customer success, which has been central to our growth so far. If we fail to manage our anticipated growth and change in a manner that preserves the key aspects of our corporate culture, the quality of our platform may suffer, which could negatively affect our brand and reputation and harm our ability to retain and attract customers and employees.

We have established international offices, including offices in the United Kingdom, the Netherlands, Sweden, France, Germany, Canada, Australia, Singapore and Japan, and we plan to continue to expand our international operations into other countries in the future. Our expansion has placed, and our expected future growth will continue to place, a significant strain on our managerial, customer operations, research and development, marketing and sales, administrative, financial and other resources. If we are unable to manage our continued growth successfully, our business and results of operations could suffer.

In addition, as we expand our business, it is important that we continue to maintain a high level of customer service and satisfaction. As our customer base continues to grow, we will need to expand our account management, customer service and other personnel, and our network of ISVs, system integrators and other channel partners, to provide personalized account management and customer service. If we are not able to continue to provide high levels of customer service, our reputation, as well as our business, results of operations and financial condition, could be harmed.

We face intense competition, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

•Authentication providers;

•Access and lifecycle management providers;

•Multi-factor authentication providers;

•Infrastructure-as-a-service providers;

•Other customer identity and access management providers; and

•Solutions developed in-house by our potential customers.

In addition, some of our larger competitors have substantially broader product offerings and leverage their relationships based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products, including through selling at zero or negative margins, product bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. These larger competitors often have broader product lines and market focus and as a result are not as susceptible to downturns in a particular market. Our competitors may also seek to acquire new offerings or repurpose their existing offerings to provide identity solutions with subscription models. Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering by our competitors or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products. In addition, some of our competitors may enter into new alliances with each other or may establish or strengthen cooperative relationships with systems integrators, third-party consulting firms or other parties. Any such consolidation, acquisition, alliance or cooperative relationship could lead to pricing pressure and our loss of market share and could result in a competitor with greater financial, technical, marketing, service and other resources, all of which could harm our ability to compete. Furthermore, organizations may be more willing to incrementally add solutions to their existing infrastructure from competitors than to replace their existing infrastructure with our products. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, increased net losses, and loss of market share. Any failure to meet and address these factors could harm our business, results of operations and financial condition.

If we are unable to attract new customers, sell additional products to our existing customers or develop new products and enhancements to our products that achieve market acceptance, our revenue growth and profitability will be harmed.

In addition, our ability to attract new customers and increase revenue from existing customers depends in large part on our ability to enhance and improve our existing products and to introduce compelling new products that reflect the changing nature of our markets. The success of any enhancement to our products depends on several factors, including timely completion and delivery, competitive pricing, adequate quality testing, integration with existing technologies and our platform and overall market acceptance. If we are unable to successfully develop

Further, to grow our business, we must convince developers to adopt and build their applications using our APIs and products. We believe that these developer-built applications facilitate greater usage and customization of our products. If these developers stop developing on or supporting our platform, we will lose the benefit of network effects that have contributed to the growth in our number of customers, and our business (including the performance levels of our products), results of operations and financial condition could be harmed.

Our business depends on our customers renewing their subscriptions and purchasing additional licenses or subscriptions from us. Any material decline in our Dollar-Based Net Retention Rate would harm our future results of operations.

To continue to grow our business, it is important that our customers renew their subscriptions when existing contract terms expire and that we expand our commercial relationships with our existing customers. Our customers have no obligation to renew their subscriptions, and our customers may decide not to renew their subscriptions with a similar contract period, at the same prices and terms or with the same or a greater number of users. We have experienced significant growth in the number of users of our platform, but we do not know whether we will continue to achieve similar user growth rates in the future. In the past, some of our customers have elected not to renew their agreements with us, and it is difficult to accurately predict long-term customer retention and expansion rates. Our customer retention and expansion may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our products, our product support, our prices and pricing plans, particularly in light of COVID-19-related economic conditions, the prices of competing software products, reductions in our customers’ spending levels, user adoption of our platform, deployment success, utilization rates by our customers, new product releases and changes to the packaging of our product offerings. If our customers do not purchase additional subscriptions or renew their subscriptions, renew on less favorable terms or fail to add more users, our revenue may decline or grow less quickly than anticipated, which would harm our future results of operations. Furthermore, if our contractual subscription terms were to shorten it could lead to increased volatility of, and diminished visibility into, future recurring revenue. If our sales of new or recurring subscriptions and software-related support service contracts decline from existing customers, our revenue and revenue growth may decline, and our business will suffer.

Customer growth could fall below expectations.

We have experienced significant growth in the number of our customers in recent periods. As our customer base continues to grow and as we increase our focus on sales to the world’s largest organizations, we do not expect customer growth to continue at the same pace as it has previously. These factors could cause customer growth to fall below analyst or investor expectations. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our Class A common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.

We may experience quarterly fluctuations in our results of operations due to a number of factors that make our future results difficult to predict and could cause our results of operations to fall below analyst or investor expectations.

Our quarterly results of operations fluctuate from quarter to quarter as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including, but not limited to:

•the level of demand for our platform;

•our ability to attract new customers, obtain renewals from existing customers and upsell or otherwise increase our existing customers’ use of our platform;

•health epidemics, such as COVID-19, influenza and other highly communicable diseases or viruses;

•the timing and success of new product introductions by us or our competitors or any other change in the competitive landscape of our market;

•pricing pressure as a result of competition, COVID-19 or otherwise;

•seasonal buying patterns for IT spending;

•the mix of revenue attributable to larger transactions as opposed to smaller transactions, and the associated volatility and timing of our transactions;

•changes in remaining performance obligations (RPO) due to seasonality, the timing of and compounding effects of renewals, invoice duration, size and timing, new business linearity between quarters and within a quarter, average contract term or fluctuations due to foreign currency movements, all of which may impact implied growth rates;

•errors in our forecasting of the demand for our products, which could lead to lower revenue, increased costs or both;

•increases in and timing of sales and marketing and other operating expenses that we may incur to grow and expand our operations and to remain competitive;

•significant security breaches of, technical difficulties with, or interruptions to, the delivery and use of our platform and products;

•our ability to comply with privacy laws and requirements, including the General Data Protection Regulation and California Consumer Privacy Act;

•costs related to the acquisition of businesses, talent, technologies or intellectual property, including potentially significant amortization costs and possible write-downs;

•credit or other difficulties confronting our channel partners;

•adverse litigation judgments, settlements of litigation and other disputes or other litigation-related or dispute-related costs;

•the impact of new accounting pronouncements and associated system implementations;

•changes in the legislative or regulatory environment;

•fluctuations in foreign currency exchange rates;

•expenses related to real estate, including our office leases, and other fixed expenses; and

•general economic conditions in either domestic or international markets, including geopolitical uncertainty and instability.

Any one or more of the factors above may result in significant fluctuations in our results of operations. You should not rely on our past results as an indicator of our future performance.

The variability and unpredictability of our quarterly results of operations or other operating metrics could result in our failure to meet our expectations or those of analysts that cover us or investors with respect to revenue or other metrics for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our Class A common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.

Our ability to introduce new products and features is dependent on adequate research and development resources and our ability to successfully complete acquisitions. If we do not adequately fund our research and development efforts or complete acquisitions successfully, we may not be able to compete effectively and our business and results of operations may be harmed.

To remain competitive, we must continue to develop new products, applications and enhancements to our existing platform. This is particularly true as we further expand and diversify our capabilities. Maintaining adequate research and development resources, such as the appropriate personnel and development technology, to meet the demands of the market is essential. If we elect not to or are unable to develop products internally, we may choose to expand into a certain market or strategy via an acquisition for which we could potentially pay too much or fail to successfully integrate into our operations. Further, many of our competitors expend a considerably greater amount of funds on their respective research and development programs, and those that do not may be acquired by larger companies that could allocate greater resources to our competitors’ research and development programs. Our failure to maintain adequate research and development resources or to compete effectively with the research and

Future acquisitions, investments, partnerships or alliances could be difficult to identify and integrate, divert the attention of management personnel, disrupt our business, dilute stockholder value and harm our results of operations and financial condition.

We have in the past acquired, and we may in the future seek to acquire or invest in, businesses, products or technologies that we believe could complement or expand our current platform, enhance our technical capabilities or otherwise offer growth opportunities. For example, we have entered into the proposed acquisition of Auth0. If that transaction closes, our stockholders will incur substantial dilution. For further risks related to the proposed acquisition of Auth0, please see below under “Risks Related to the Acquisition of Auth0.” The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses in identifying, investigating and pursuing suitable acquisitions, whether or not they are consummated. In addition, we have limited experience in acquiring other businesses. If we acquire additional businesses, we may not be able to successfully integrate and retain the acquired personnel, integrate the acquired operations and technologies, adequately test and assimilate the internal control processes of the acquired business in accordance with the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley Act), or effectively manage the combined business following the acquisition.

We may not be able to find and identify desirable acquisition targets or we may not be successful in entering into an agreement with any particular target. Acquisitions could also result in dilutive issuances of equity securities, use of our available cash or the incurrence of debt, or in adverse tax consequences or unfavorable accounting treatment, which could harm our results of operations.

In addition, from time to time we invest in private growth stage companies for strategic reasons and to support key business initiatives, and we may not realize a return on these investments. All of our venture investments are subject to a risk of partial or total loss of investment capital.

Acquisitions and strategic transactions involve numerous risks, including:

•delays or reductions in customer purchases for both us and the acquired business;

•disruption of partner and customer relationships;

•potential loss of key employees of the acquired company;

•claims by and disputes with the acquired company’s employees, customers, stockholders or third parties;

•unknown liabilities or risks associated with the acquired business, product or technology, such as contractual obligations, potential security vulnerabilities of the acquired company and its products and services, potential intellectual property infringement, costs arising from the acquired company’s failure to comply with legal or regulatory requirements and litigation matters;

•acquired technologies or products may not comply with legal or regulatory requirements and may require us to make additional investments to make them compliant;

•acquired technologies or products may not be able to provide the same support service levels that we generally offer with our other products;

•they could be viewed unfavorably by our partners, our customers, our stockholders or securities analysts;

•unforeseen integration or other expenses; and

•future impairment of goodwill or other acquired intangible assets.

In addition, if an acquired business fails to meet our expectations, our business, results of operations and financial condition could suffer.

If we fail to adapt to rapid technological change, our ability to remain competitive could be impaired.

The industry in which we compete is characterized by rapid technological change, frequent introductions of new products and evolving industry standards. Our ability to attract new customers and increase revenue from existing customers will depend in significant part on our ability to anticipate industry standards and trends and continue to enhance existing products or introduce or acquire new products on a timely basis to keep pace with technological developments. The success of any enhancement or new product depends on several factors, including the timely completion and market acceptance of the enhancement or new product. Any new product we develop or acquire might not be introduced in a timely or cost-effective manner and might not achieve the broad market acceptance necessary to generate significant revenue. If any of our competitors implements new technologies before we are able to implement them, those competitors may be able to provide more effective products than ours at lower prices. Any delay or failure in the introduction of new or enhanced products could harm our business, results of operations and financial condition.

Our financial results may fluctuate due to increasing variability in our sales cycles.

We plan our expenses based on certain assumptions about the length and variability of our sales cycle. These assumptions are based upon historical trends for sales cycles and conversion rates associated with our existing customers. As we continue to focus on sales to larger organizations and in light of the current COVID-19 environment, our sales cycles are lengthening in certain circumstances and becoming less predictable, which may harm our financial results. Other factors that may influence the length and variability of our sales cycle include, among other things:

•the need to raise awareness about the uses and benefits of our platform, including our customer identity products;

•the need to allay privacy, regulatory and security concerns;

•the discretionary nature of purchasing and budget cycles and decisions;

•the competitive nature of evaluation and purchasing processes;

•announcements or planned introductions of new products, features or functionality by us or our competitors; and

•often lengthy purchasing approval processes.

Our increasing focus on sales to larger organizations may further increase the variability of our financial results. If we are unable to close one or more of such expected significant transactions in a particular period, or if such an expected transaction is delayed until a subsequent period, our results of operations for that period, and for any future periods in which revenue from such transaction would otherwise have been recognized, may be harmed.

Our growth depends, in part, on the success of our strategic relationships with third parties.

To grow our business, we anticipate that we will continue to depend on relationships with third parties, such as channel partners. Identifying partners, and negotiating and documenting relationships with them, requires significant time and resources. Our competitors may be effective in causing third parties to favor their products or services over subscriptions to our platform. In addition, acquisitions of such partners by our competitors could result in a decrease in the number of our current and potential customers, as these partners may no longer facilitate the adoption of our applications by potential customers. Further, some of our partners are or may become competitive with certain of our products and may elect to no longer integrate with our platform. If we are unsuccessful in establishing or maintaining our relationships with third parties, our ability to compete in the marketplace or to grow our revenue could be impaired, and our results of operations may suffer. Even if we are successful, we cannot ensure that these relationships will result in increased customer usage of our applications or increased revenue.

Failure to effectively develop and expand our marketing and sales capabilities could harm our ability to increase our customer base and achieve broader market acceptance of our products.

Our ability to increase our customer base and achieve broader market acceptance of our products will depend to a significant extent on our ability to expand our marketing and sales operations. We plan to continue expanding our direct sales force and engaging additional channel partners, both domestically and internationally. This expansion will require us to invest significant financial and other resources. Our business will be harmed if our

efforts do not generate a corresponding increase in revenue. We may not achieve anticipated revenue growth from expanding our direct sales force if we are unable to hire and develop talented direct sales personnel, if our new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time or if we are unable to retain our existing direct sales personnel. We also may not achieve anticipated revenue growth from our channel partners if we are unable to attract and retain additional motivated channel partners, if any existing or future channel partners fail to successfully market, resell, implement or support our products for their customers, or if they represent multiple providers and devote greater resources to market, resell, implement and support the products and solutions of these other providers. For example, some of our channel partners also sell or provide integration and administration services for our competitors’ products, and if such channel partners devote greater resources to marketing, reselling and supporting competing products, this could harm our business, results of operations and financial condition.

Various factors may cause our product implementations to be delayed, inefficient or otherwise unsuccessful.

Our business depends upon the successful implementation of our products by our customers. Increasingly, we, as well as our customers, rely on our network of partners to deliver implementation services, and there may not be enough qualified implementation partners available to meet customer demand. Various factors may cause implementations to be delayed, inefficient or otherwise unsuccessful. For example, changes in the functional requirements of our customers, delays in timeline, or deviation from recommended best practices may occur during the course of an implementation project. As a result of these and other risks, we or our customers may incur significant implementation costs in connection with the purchase, implementation and enablement of our products. Some customer implementations may take longer than planned or fail to meet our customers’ expectations, which may delay our ability to sell additional products or result in customers canceling or failing to renew their subscriptions before our products have been fully implemented. Unsuccessful, lengthy or costly customer implementation and integration projects could result in claims from customers, harm to our reputation and opportunities for competitors to displace our products, each of which could have an adverse effect on our business and results of operations.

A portion of our revenues are generated by sales to government entities, which are subject to a number of challenges and risks.

A portion of our sales are to partners that resell our services to government agencies, and we have made, and may continue to make, investments to support future sales opportunities in the government sector. Government demand for our products could be impacted by budgetary cycles, and there may be governmental certification requirements for our products. Further, we may be subject to audits and investigations regarding our role as a subcontractor in government contracts, and violations could result in penalties and sanctions, including termination of the contract, refunding or forfeiting payments, fines, and suspension or debarment from future government business. Selling to these entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will successfully complete a sale. Government entities often require contract terms that differ from our standard arrangements and impose compliance requirements that are complicated, increased attention to pricing practices, termination rights tied to funding availability, or are otherwise time consuming and expensive to satisfy. Government entities may also have statutory, contractual or other legal rights to terminate contracts with our partners for convenience, for lack of funding or due to a default, and any such termination may adversely impact our future results of operations. If we represent that we meet special standards or requirements and do not meet them, we could be subject to increased liability from our customers, investigation by regulators or termination rights. Even if we do meet them, the additional costs associated with providing our service to government entities could harm our margins. Moreover, changes in the underlying regulatory conditions that affect these types of customers could harm our ability to efficiently provide our service to them and to grow or maintain our customer base. Any of these risks related to contracting with government entities could adversely impact our future sales and results of operations, or make them more difficult to predict.

If we fail to enhance our brand cost-effectively, our ability to expand our customer base will be impaired and our business, results of operations and financial condition may suffer.

We believe that developing and maintaining awareness of our brand in a cost-effective manner is critical to achieving widespread acceptance of our existing and future products and is an important element in attracting new customers. Furthermore, we believe that the importance of brand recognition will increase as competition in our market increases. Successful promotion of our brand will depend largely on the effectiveness of our marketing efforts and on our ability to provide reliable and useful products at competitive prices. In the past, our efforts to build our brand have involved significant expenses. Brand promotion activities may not yield increased revenue, and even if they do, any increased revenue may not offset the expenses we incur in building our brand. If we fail to successfully promote and maintain our brand, or incur substantial expenses in an unsuccessful attempt to promote and maintain our brand, we may fail to attract new customers or retain our existing customers to the extent necessary to realize a sufficient return on our brand-building efforts, and our business, results of operations and financial condition could suffer.

We may not set optimal prices for our products.

In the past, we have at times adjusted our prices either for individual customers in connection with long-term agreements or for a particular product. We expect that we may need to change our pricing in future periods and potentially in response to COVID-19 pricing pressures. Further, as competitors introduce new products that compete with ours or reduce their prices, we may be unable to attract new customers or retain existing customers based on our historical pricing. As we expand internationally, we also must determine the appropriate price to enable us to compete effectively internationally. In addition, if our mix of products sold changes, then we may need to, or choose to, revise our pricing. As a result, we may be required or choose to reduce our prices or change our pricing model, which could harm our business, results of operations and financial condition.

Because our long-term success depends, in part, on our ability to expand the sales of our products to customers located outside of the United States, our business will be susceptible to risks associated with international operations.

We currently have sales personnel outside the United States and maintain offices outside the United States in the United Kingdom, the Netherlands, Sweden, France, Germany, Canada, Australia, Singapore and Japan, and we plan to expand our international operations.

In each of fiscal 2020 and 2021, our international revenue was 16% of our total revenue. Any international expansion efforts that we may undertake may not be successful. In addition, conducting international operations subjects us to new risks, some of which we have not generally faced in the United States. These risks include, among other things:

•health epidemics, such as COVID-19, influenza and other highly communicable diseases or viruses;

•macroeconomic conditions and the economic impact of the COVID-19 pandemic;

•unexpected costs and errors in the localization of our products, including translation into foreign languages and adaptation for local practices and regulatory requirements;

•lack of familiarity and burdens of complying with foreign laws, legal standards, privacy standards, regulatory requirements, tariffs and other barriers;

•laws and business practices favoring local competitors or commercial parties;

•costs and liabilities related to compliance with the EU General Data Protection Regulation 2016/679 and disparate data privacy standards and enforcement;

•greater risk that our foreign employees or partners will fail to comply with U.S. and foreign laws;

•practical difficulties of enforcing intellectual property rights in countries with fluctuating laws and standards and reduced or varied protection for intellectual property rights in some countries;

•restrictive governmental actions focusing on cross-border trade, including taxes, trade laws, tariffs, import and export restrictions or quotas, barriers, sanctions, custom duties or other trade restrictions;

•unexpected changes in legal and regulatory requirements;

•difficulties in managing systems integrators and technology partners;

•differing technology standards;

•longer accounts receivable payment cycles and difficulties in collecting accounts receivable;

•difficulties in managing and staffing international operations and differing employer/employee relationships and local employment laws;

•political, economic and social instability, war, armed conflict or terrorist activities;

•global economic uncertainty caused by global political events, including the United Kingdom's exit from the European Union, and similar geopolitical developments;

•fluctuations in exchange rates that may increase the volatility of our foreign-based revenue and expense; and

•potentially adverse tax consequences, including the complexities of foreign value added tax (or other tax) systems and restrictions on the repatriation of earnings.

Additionally, operating in international markets also requires significant management attention and financial resources. We cannot be certain that the investment and additional resources required in establishing operations in other countries will produce desired levels of revenue or profitability.

We have not engaged in currency hedging activities to limit risk of exchange rate fluctuations. Changes in exchange rates affect our costs and earnings, and may also affect the book value of our assets located outside the United States and the amount of our stockholders’ equity.

We have limited experience in marketing, selling and supporting our platform abroad. Our limited experience in operating our business internationally increases the risk that any potential future expansion efforts that we may undertake will not be successful. If we invest substantial time and resources to expand our international operations and are unable to do so successfully and in a timely manner, our business and results of operations will suffer.

Our failure to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies in the future could reduce our ability to compete successfully and harm our results of operations.

We may need to raise additional funds, and we may not be able to obtain additional debt or equity financing on favorable terms, if at all. If we raise additional equity or convertible debt financing, our security holders may experience significant dilution of their ownership interests. If we engage in additional debt financing, we may be required to accept terms that restrict our ability to incur additional indebtedness, force us to maintain specified liquidity or other ratios or restrict our ability to pay dividends or make acquisitions. If we need additional capital and cannot raise it on acceptable terms, or at all, we may not be able to, among other things:

•develop and enhance our products;

•continue to expand our product development, sales and marketing organizations;

•hire, train and retain employees;

•respond to competitive pressures or unanticipated working capital requirements; or

•pursue acquisition opportunities.

Our inability to do any of the foregoing could reduce our ability to compete successfully and harm our business, results of operations and financial condition.

We may be subject to liability claims if we breach our contracts and our insurance may be inadequate to cover our losses.

We are subject to numerous obligations in our contracts with our customers and partners. Despite the procedures, systems and internal controls we have implemented to comply with our contracts, we may breach these commitments, whether through a weakness in these procedures, systems and internal controls, negligence or the willful act of an employee or contractor. Our insurance policies, including our errors and omissions insurance, may be inadequate to compensate us for the potentially significant losses that may result from claims arising from breaches of our contracts, disruptions in our service, including those caused by cybersecurity incidents, failures or disruptions to our infrastructure, catastrophic events and disasters or otherwise. In addition, such insurance may not be available to us in the future on economically reasonable terms, or at all. Further, our insurance may not cover all claims made against us and defending a suit, regardless of its merit, could be costly and divert management’s attention.

If there are interruptions or performance problems associated with our technology or infrastructure, our existing customers may experience service outages, and our new customers may experience delays in the deployment of our platform.

Our continued growth depends, in part, on the ability of our existing and potential customers to access our platform 24 hours a day, seven days a week, without interruption or degradation of performance. We may experience disruptions, data loss, outages and other performance problems with our infrastructure due to a variety of factors, including infrastructure and functionality changes, human or software errors, capacity constraints or security-related incidents. In some instances, we may not be able to identify the cause or causes of these performance problems immediately or in short order. We may not be able to maintain the level of service uptime and performance required by our customers, especially during peak usage times and as our products become more complex and our user traffic increases. If our platform is unavailable or if our customers are unable to access our products or deploy them within a reasonable amount of time, or at all, our business would be harmed. Since our customers rely on our service to access and complete their work, any outage on our platform would impair the ability of our customers to perform their work, which would negatively impact our brand, reputation and customer satisfaction. Moreover, we depend on services from various third parties to maintain our infrastructure and distribute our products via the internet. If a service provider fails to provide sufficient capacity to support our platform or otherwise experiences service outages, such failure could interrupt our customers’ access to our service, which could adversely affect their perception of our platform's reliability and our revenues. Any disruptions in these services, including as a result of actions outside of our control, would significantly impact the continued performance of our products. In the future, these services may not be available to us on commercially reasonable terms, or at all. Any loss of the right to use any of these services could result in decreased functionality of our products until equivalent technology is either developed by us or, if available from another provider, is identified, obtained and integrated into our infrastructure. If we do not accurately predict our infrastructure capacity requirements, our customers could experience service shortfalls. We may also be unable to effectively address capacity constraints, upgrade our systems as needed, and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology.

Any of the above circumstances or events may harm our reputation, cause customers to terminate their agreements with us, impair our ability to obtain subscription renewals from existing customers, impair our ability to grow our customer base, result in the expenditure of significant financial, technical and engineering resources, subject us to financial penalties and liabilities under our service level agreements, and otherwise harm our business, results of operations and financial condition.

An application, data security or network incident may allow unauthorized access to our systems or data or our customers’ data, disable access to our service, harm our reputation, create additional liability and adversely impact our financial results.

Increasingly, companies are subject to a wide variety of attacks on their systems and networks on an ongoing basis. In addition to threats from traditional computer “hackers,” malicious code (such as malware, viruses, worms and ransomware), employee or contractor theft or misuse, password spraying, phishing and denial-of-service attacks, we and our third-party service providers now also face threats from sophisticated nation-state and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to our systems (including those hosted on AWS or other cloud services), internal networks, our customers’ systems

Our customers’ use of Okta to access business systems and store data concerning, among others, their employees, contractors, partners and customers is essential to their use of our platform, which stores, transmits and processes customers’ proprietary information and personal data. If a breach of customer data on our platform were to occur, as a result of third-party action, technology limitations, employee or contractor error, malfeasance or otherwise, and the confidentiality, integrity or availability of our customers’ data or systems was disrupted, we could incur significant liability to our customers and to individuals or businesses whose information was being stored by our customers, and our platform may be perceived as less desirable, which could negatively affect our business and damage our reputation. Because techniques used to obtain unauthorized access to, or to sabotage, systems change frequently and generally are not recognized until launched against a target, we, our third-party service providers and our customers may be unable to anticipate these techniques or to implement adequate preventive measures. Further, because we do not control our third-party service providers, or the processing of data by our third-party service providers, we cannot ensure the integrity or security of measures they take to protect customer information and prevent data loss.

In addition, security breaches impacting our platform could result in a risk of loss or unauthorized disclosure of this information, or the denial of access to this information, which, in turn, could lead to enforcement actions, litigation, regulatory or governmental audits, investigations and possible liability, and increased requests by individuals regarding their personal data. Security breaches could also damage our relationships with and ability to attract customers and partners, and trigger service availability, indemnification and other contractual obligations. Security incidents may also cause us to incur significant investigation, mitigation, remediation, notification and other expenses. Furthermore, as a well-known provider of identity and security solutions, any such breach, including a breach of our customers’ systems, could compromise systems secured by our products, creating system disruptions or slowdowns and exploiting security vulnerabilities of our or our customers’ systems, and the information stored on our or our customers’ systems could be accessed, publicly disclosed, altered, lost or stolen, which could subject us to liability and cause us financial harm. While we maintain cybersecurity insurance, our insurance may be insufficient to cover all liabilities incurred in these incidents, and any incidents may result in loss of, or increased costs of, our cybersecurity insurance. These breaches, or any perceived breach, of our systems, our customers’ systems, or other systems or networks secured by our products, whether or not any such breach is due to a vulnerability in our platform, may also undermine confidence in our platform or our industry and result in damage to our reputation and brand, negative publicity, loss of ISVs and other channel partners, customers and sales, increased costs to remedy any problem, costly litigation and other liability. In addition, a breach of the security measures of one of our key ISVs or other channel partners could result in the exfiltration of confidential corporate information or other data that may provide additional avenues of attack, and if a high profile security breach occurs with respect to a comparable cloud technology provider, our customers and potential customers may lose trust in the security of the cloud business model generally, which could adversely impact our ability to retain existing customers or attract new ones, potentially causing a negative impact on our business. Any of these negative outcomes could adversely impact market acceptance of our products and could harm our business, results of operations and financial condition.

Third parties may attempt to fraudulently induce employees, contractors, customers or our customers’ users into disclosing sensitive information such as user names, passwords or other information or otherwise compromise the security of our internal networks, electronic systems and/or physical facilities in order to gain access to our data or our customers’ data, which could result in significant legal and financial exposure, a loss of confidence in the security of our platform, interruptions or malfunctions in our operations, account lock outs and, ultimately, harm to our future business prospects and revenue. We may be required to expend significant capital and financial resources to protect against such threats or to alleviate problems caused by breaches in security.

Any actual or perceived failure by us to comply with the privacy or security provisions of our privacy policy, our contracts and/or legal or regulatory requirements could result in proceedings, actions or penalties against us.

Our customers’ storage and use of data concerning, among others, their employees, contractors, partners and customers is essential to their use of our platform. We have implemented various features intended to enable our customers to better comply with applicable privacy and security requirements in their collection and use of data within our online service, but these features do not ensure their compliance and may not be effective against all potential privacy or related regulatory concerns.

Many jurisdictions have enacted or are considering enacting or revising privacy and/or data security legislation, including laws and regulations applying to the collection, use, storage, transfer, disclosure and/or processing of personal data. The costs of compliance with, and other burdens imposed by, such laws and regulations that are applicable to the operations of our customers may limit the use and adoption of our service and reduce overall demand for it. These privacy and data security related laws and regulations are evolving and may result in increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. In addition, we are subject to certain contractual obligations regarding the collection, use, storage, transfer, disclosure and/or processing of personal data. Although we are working to comply with those federal, state and foreign laws and regulations, industry standards, contractual obligations and other legal obligations that apply to us, those laws, regulations, standards and obligations are evolving and may be modified, interpreted and applied in an inconsistent manner from one jurisdiction to another, and may conflict with one another, other requirements or legal obligations, our practices or the features of our platform. In addition, some of our customers rely on our authorization under FedRAMP to help satisfy their own legal and regulatory compliance requirements which, in addition to state or international regulations, may require us to undertake additional actions and expense to ensure compliance.

We also expect that there will continue to be new proposed laws, regulations, self-regulatory and industry standards concerning privacy, data protection and information security in the United States, the European Union and other jurisdictions, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. For example, the California Consumer Privacy Act (CCPA) took effect on January 1, 2020, which broadly defines personal information and gives California residents expanded privacy rights and protections and provides for civil penalties for violations and a private right of action for data breaches. In addition, on November 3, 2020, California voters passed the California Privacy Rights Act (CPRA) into law. The CPRA will take substantial effect on January 1, 2023 with enforcement scheduled for July 1, 2023 and will significantly modify the CCPA and create a new state agency that will be vested with authority to implement and enforce the CCPA and the CPRA. Some observers have noted the CCPA and CPRA could mark the beginning of a trend toward more stringent United States federal privacy legislation, which could increase our potential liability and adversely affect our business. Future laws, regulations, standards and other obligations, and changes in the interpretation of existing laws, regulations, standards and other obligations could impair our or our customers’ ability to collect, use or disclose information relating to consumers, which could decrease demand for our applications, restrict our business operations, or increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. Such laws and regulations may require companies to implement privacy and security policies, permit users to exercise various data rights, inform individuals of security breaches that affect their personal data, and, in some cases, obtain individuals’ consent to use personal data for certain purposes. If we, or the third parties on which we rely, fail to comply with federal, state and international data privacy laws and regulations our ability to successfully operate our business and pursue our business goals could be harmed.

Any failure or perceived failure by us to comply with federal, state or foreign laws or regulations, industry standards, contractual obligations or other legal obligations, compliance frameworks that Okta has contractually committed to comply with, or any actual or suspected privacy or security incident, even if unfounded, whether or not resulting in unauthorized access to, or acquisition, release or transfer of personal data or other data, may result in enforcement actions and prosecutions, private litigation, fines, penalties and censure, claims for damages by customers and other affected individuals, or adverse publicity and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.

We publicly post our privacy policies and practices concerning our processing, use and disclosure of the personal data provided to us by our website visitors and by our customers, and other individuals with whom we interact. Our publication of our privacy policies and other statements we publish that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be unfair, deceptive or misrepresentative of our practices.

If our platform is perceived to cause, or is otherwise unfavorably associated with, violations of privacy or data security requirements, it may subject us or our customers to public criticism and potential legal liability. Existing and potential privacy laws and regulations concerning privacy and data security and increasing sensitivity of consumers to unauthorized processing of personal data may create negative public reactions to technologies, products and services such as ours. Public concerns regarding personal data processing, privacy and security may cause some of our customers’ end users to be less likely to visit their websites or otherwise interact with them. If enough end users choose not to visit our customers’ websites or otherwise interact with them, our customers could stop using our platform. This, in turn, may reduce the value of our service, and slow or eliminate the growth of our business, or cause our business to contract.

We may face particular privacy, data security and data protection risks in Europe due to stringent data protection and privacy laws, including the European General Data Protection Regulation, and increased scrutiny over EU-U.S. data transfers.

We are subject to the EU General Data Protection Regulation 2016/679 (GDPR) that took effect on May 25, 2018, and, as a result of the United Kingdom’s exit from the European Union, as of January 1, 2021, the UK General Data Protection Regulation and Data Protection Act 2018 (UK Data Protection Laws). The GDPR and UK Data Protection Laws have enhanced data protection obligations for processors and controllers of personal data, including, for example, expanded disclosures about how personal data is to be used, limitations on retention of information, mandatory data breach notification requirements and onerous new obligations on services providers. Non-compliance with the GDPR can trigger fines of up to €20 million, or 4% of total worldwide annual revenue, whichever is higher. The UK Data Protection Laws mirror the fines under the GDPR. Given the breadth and depth of changes in data protection obligations, complying with its requirements has caused us to expend significant resources and such expenditures are likely to continue into the near future as we respond to new interpretations and enforcement actions following the effective date of the regulation and as we continue to negotiate data processing agreements with our customers and business partners. Separate EU laws and regulations (and member states’ implementations of them) govern the protection of consumers and of electronic communications and these are also evolving. A draft of the new ePrivacy Regulation extends the strict opt-in marketing rules with limited exceptions to business-to-business communications, alters rules on third-party cookies, web beacons and similar technology and significantly increases penalties. We cannot yet determine the impact that such future laws, regulations and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions. We may incur substantial expense in complying with any new obligations and we may be required to make significant changes in our business operations and product and services development, all of which may adversely affect our revenues and our business overall.

In addition, the GDPR restricts transfers outside of the EU to third countries deemed to lack adequate privacy protections (such as the United States), unless an appropriate safeguard specified by the GDPR is implemented, such as the Standard Contractual Clauses (SCCs) approved by the European Commission and, until July 16, 2020, the Privacy Shield for EU-U.S. data transfers. On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield Framework (Privacy Shield) under which personal data could be transferred from the EEA to U.S. entities who had self-certified under the Privacy Shield scheme. While the CJEU upheld the adequacy of the SCCs (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism, and potential alternative to the Privacy Shield), it made clear that reliance on them alone may not necessarily be sufficient in all circumstances. Use of the SCCs must now be assessed on a case-by-case basis taking into account the legal regime applicable in the destination country, in particular applicable surveillance laws and rights of individuals and additional measures and/or contractual provisions may need to be put in place, however, the nature of these additional measures is currently uncertain. The CJEU went on to state that if a competent supervisory authority believes that the standard contractual clauses cannot be complied with in the destination country and the required level of protection cannot be secured by other means, such supervisory authority is under an obligation to suspend or prohibit that transfer. There are few viable alternatives to the SCCs, and the law in this area remains dynamic. These recent developments will require us to review and may require us to amend the legal mechanisms by which we make and/or receive personal data transfers to/in the United States.

We also continue to see jurisdictions imposing data localization laws, which require personal information, or certain subcategories of personal information to be stored in the jurisdiction of origin. These regulations may deter customers from using cloud-based services such as ours, and may inhibit our ability to expand into those markets or prohibit us from continuing to offer services in those markets without significant additional costs.

We and our customers are at risk of enforcement actions taken by certain EU data protection authorities until such point in time that we may be able to ensure that all transfers of personal data to us in the United States from

We function as a HIPAA Business Associate for certain of our customers and, as such, are subject to strict privacy and data security requirements. If we fail to comply with any of these requirements, we could be subject to significant liability, all of which can adversely affect our business as well as our ability to attract and retain new customers.

The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), and their respective implementing regulations under HIPAA, imposes specified requirements relating to the privacy, security and transmission of individually identifiable health information. Among other things, HITECH makes HIPAA’s security standards directly applicable to business associates. We function as a business associate for certain of our customers that are HIPAA covered entities and service providers, and in that context we are regulated as a business associate for the purposes of HIPAA. The HIPAA-covered entities and service providers to which we provide services require us to enter into HIPAA-compliant business associate agreements with them. These agreements impose stringent data security obligations on us. If we are unable to comply with our obligations as a HIPAA business associate or under the terms of the business associate agreements we have executed, we could face substantial civil and even criminal liability as well as contractual liability under the applicable business associate agreement, all of which can have an adverse impact on our business and generate negative publicity, which, in turn, can have an adverse impact on our ability to attract and retain new customers. Modifying the already stringent penalty structure that was present under HIPAA prior to HITECH, HITECH created four new tiers of civil monetary penalties and gave state attorneys general new authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, many state laws govern the privacy and security of health information in certain circumstances, many of which differ from HIPAA and each other in significant ways and may not have the same effect.

In addition, the U.S. Department of Health & Human Services recently proposed additional draft HIPAA guidance which is subject to public comment before being finalized. We will continue to monitor whether the final guidance may obligate us to change our practices. Significant changes to HIPAA, including interpretation and application of HIPAA, could negatively impact our business.

We provide service level commitments under our customer contracts. If we fail to meet these contractual commitments, we could be obligated to provide credits for future service, or face contract termination with refunds of prepaid amounts related to unused subscriptions, which could harm our business, results of operations and financial condition.

Our customer agreements contain service level commitments, under which we guarantee specified availability of our platform. Any failure of or disruption to our infrastructure could make our platform unavailable to our customers. If we are unable to meet the stated service level commitments to our customers or suffer extended periods of unavailability of our platform, we may be contractually obligated to provide affected customers with service credits for future subscriptions. Our revenue, other results of operations and financial condition could be harmed if we suffer unscheduled downtime that exceeds the service level commitments under our agreements with our customers, and any extended service outages could adversely affect our business and reputation as customers may elect not to renew and we could lose future sales.

If we are unable to ensure that our products integrate or interoperate with a variety of operating systems and software applications that are developed by others, our platform may become less competitive and our results of operations may be harmed.

The number of people who access the internet through mobile devices and access cloud-based software applications through mobile devices, including smartphones and handheld tablets or laptop computers, has increased significantly in the past several years and is expected to continue to increase. While we have created mobile applications and mobile versions of our products, if these mobile applications and products do not perform well, our business may suffer. We are also dependent on third-party application stores that may prevent us from timely updating our current products or uploading new products. In addition, our products interoperate with servers, mobile devices and software applications predominantly through the use of protocols, many of which are created and maintained by third parties. As a result, we depend on the interoperability of our products with such third-party services, mobile devices and mobile operating systems, as well as cloud-enabled hardware, software, networking, browsers, database technologies and protocols that we do not control. Any changes in such technologies that degrade the functionality of our products or give preferential treatment to competitive services could adversely affect adoption and usage of our platform. Also, we may not be successful in developing or maintaining relationships with key participants in the mobile industry or in developing products that operate effectively with a range of operating systems, networks, devices, browsers, protocols and standards. In addition, we may face different fraud, security and regulatory risks from transactions sent from mobile devices than we do from personal computers. If we are unable to effectively anticipate and manage these risks, or if it is difficult for our customers to access and use our platform, our business, results of operations and financial condition may be harmed.

Our success also depends on the willingness of third-party developers and technology providers to build applications and provide integrations that are complementary to our service. Without the development of these applications and integrations, both current and potential customers may not find our service sufficiently attractive, and our business, results of operations and financial condition could suffer.

Interruptions or delays in the services provided by third-party data centers or internet service providers could impair the delivery of our platform and our business could suffer.

We host our platform using AWS data centers, a provider of cloud infrastructure services. All of our products use resources operated by us in these locations. Our operations depend on protecting the virtual cloud infrastructure hosted in AWS by maintaining its configuration, architecture and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans that use multiple AWS locations, any incident affecting their infrastructure that may be caused by fire, flood, severe storm, earthquake, power loss, telecommunications failures, unauthorized intrusion, computer viruses and disabling devices, natural disasters, war, criminal act, military actions, terrorist attacks and other similar events beyond our control could negatively affect our platform. A prolonged AWS service disruption affecting our platform for any of the foregoing reasons could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use.

AWS enables us to order and reserve server capacity in varying amounts and sizes distributed across multiple regions. AWS provides us with computing and storage capacity pursuant to an agreement that continues until terminated by either party. AWS may terminate the agreement by providing 30 days prior written notice and may, in some cases, terminate the agreement immediately for cause upon notice.

Our platform is accessed by a large number of customers, often at the same time. As we continue to expand the number of our customers and products available to our customers, we may not be able to scale our technology to accommodate the increased capacity requirements, which may result in interruptions or delays in service. In addition, the failure of AWS data centers, or third-party internet service providers, or other third-party service providers whose services are integrated with our platform, to meet our capacity requirements could result in interruptions or delays in access to our platform or impede our ability to scale our operations. In the event that our AWS service agreements are terminated, or there is a lapse of service, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as delays and additional expense in arranging new facilities and services.

Our success depends, in part, on the integrity and scalability of our systems and infrastructures. System interruption and the lack of integration, redundancy and scalability in these systems and infrastructures may harm our business, results of operations and financial condition.

Our success depends, in part, on our ability to maintain the integrity of our systems and infrastructure, including websites, information and related systems. System interruption and a lack of integration and redundancy in our information systems and infrastructure may adversely affect our ability to operate websites, process and fulfill transactions, respond to customer inquiries and generally maintain cost-efficient operations. We may experience occasional system interruptions that make some or all systems or data unavailable or prevent us from efficiently providing access to our platform. We also rely on third-party computer systems, broadband and other communications systems and service providers in connection with providing access to our platform generally. Any interruptions, outages or delays in our systems and infrastructure, our business and/or third parties, or deterioration in the performance of these systems and infrastructure, could impair our ability to provide access to our platform. Fire, flood, power loss, telecommunications failure, hurricanes, tornadoes, earthquakes, other natural disasters, acts of war or terrorism and similar events or disruptions may damage or interrupt computer, broadband or other communications systems and infrastructure at any time. Any of these events could cause system interruption, delays and loss of critical data, and could prevent us from providing access to our platform. While we have backup systems for certain aspects of these operations, disaster recovery planning by its nature cannot be sufficient for all eventualities. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. If any of these events were to occur, it could harm our business, results of operations and financial condition.

We rely on software and services from other parties. Defects in or the loss of access to software or services from third parties could increase our costs and adversely affect the quality of our products.

We rely on technologies from third parties to operate critical functions of our business, including cloud infrastructure services and customer relationship management services. Our business would be disrupted if any of the third-party software or services we use, or functional equivalents, were unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices. In each case, we would be required to either seek licenses to software or services from other parties and redesign our products to function with such software or services or develop substitutes ourselves, which would result in increased costs and could result in delays in our product launches and the release of new product offerings until equivalent technology can be identified, licensed or developed, and integrated into our products. Furthermore, we might be forced to limit the features available in our current or future products. These delays and feature limitations, if they occur, could harm our business, results of operations and financial condition.

Real or perceived errors, failures, vulnerabilities or bugs in our products, including deployment complexity, could harm our business and results of operations.

Errors, failures, vulnerabilities or bugs may occur in our products, especially when updates are deployed or new products are rolled out. Our platform is often used in connection with large-scale computing environments with different operating systems, system management software, equipment and networking configurations, which may cause errors or failures of products, or other aspects of the computing environment into which our products are deployed. In addition, deployment of our products into complicated, large-scale computing environments may expose errors, failures, vulnerabilities or bugs in our products. Any such errors, failures, vulnerabilities or bugs may not be found until after they are deployed to our customers. Real or perceived errors, failures, vulnerabilities or bugs in our products, or delays in or difficulties implementing our product releases, could result in negative publicity, loss of customer data, loss of or delay in market acceptance of our products, a decrease in customer satisfaction or adoption rates, loss of competitive position, or claims by customers for losses sustained by them, all of which could harm our business, results of operations and financial condition.

If we fail to adequately protect our proprietary rights, our competitive position could be impaired and we may lose valuable assets, generate less revenue and incur costly litigation to protect our rights.

Our success is dependent, in part, upon protecting our proprietary information and technology. We rely on a combination of patents, copyrights, trademarks, service marks, trade secret laws and contractual restrictions to establish and protect our proprietary rights. However, the steps we take to protect our intellectual property may be inadequate. We will not be able to protect our intellectual property if we are unable to enforce our rights or if we do not detect unauthorized use of our intellectual property. Despite our precautions, it may be possible for unauthorized third parties to copy our products and use information that we regard as proprietary to create products that compete with ours. Some contract provisions protecting against unauthorized use, copying, transfer and disclosure of our products may be unenforceable under the laws of certain jurisdictions and foreign countries. Further, the laws of some countries do not protect proprietary rights to the same extent as the laws of the United States, and mechanisms for enforcement of intellectual property rights in some foreign countries may be inadequate. To the extent we expand our international activities, our exposure to unauthorized copying and use of our products and proprietary information may increase. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our technology and intellectual property.

We rely in part on trade secrets, proprietary know-how and other confidential information to maintain our competitive position. Although we enter into confidentiality and invention assignment agreements with our employees and consultants and enter into confidentiality agreements with the parties with whom we have strategic relationships and business alliances, no assurance can be given that these agreements will be effective in controlling access to and distribution of our products and proprietary information. Further, these agreements do not prevent our competitors from independently developing technologies that are substantially equivalent or superior to our products.

To protect our intellectual property rights, we may be required to spend significant resources to monitor and protect these rights. Litigation may be necessary in the future to enforce our intellectual property rights and to protect our trade secrets. Such litigation could be costly, time consuming and distracting to management and could result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Our inability to protect our proprietary technology against unauthorized copying or use, as well as any costly litigation or diversion of our management’s attention and resources, could delay further sales or the implementation of our products, impair the functionality of our products, delay introductions of new products, result in our substituting inferior or more costly technologies into our products, or injure our reputation. In addition, we may be required to license additional technology from third parties to develop and market new products, and we cannot ensure that we can license that technology on commercially reasonable terms or at all, and our inability to license this technology could harm our ability to compete.

Our results of operations may be harmed if we are subject to an infringement claim or a claim that results in a significant damage award.

There is considerable patent and other intellectual property development activity in our industry, and we expect that software companies will increasingly be subject to infringement claims as the number of products and competitors grows and the functionality of products in different industry segments overlaps. In addition, the patent portfolios of many of our competitors are larger than ours, and this disparity may increase the risk that our competitors may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. Other companies have claimed in the past, and may claim in the future, that we infringe upon their intellectual property rights. A claim may also be made relating to technology that we acquire or license from third parties. Further, we may be unaware of the intellectual property rights of others that may cover some or all of our technology.

Any claim of infringement, regardless of its merit or our defenses, could:

•require costly litigation to resolve and/or the payment of substantial damages, ongoing royalty payments or other amounts to settle such disputes;

•require significant management time and attention;

•cause us to enter into unfavorable royalty or license agreements, if such arrangements are available at all;

•require us to discontinue the sale of some or all of our products, remove or reduce features or functionality of our products or comply with other unfavorable terms;

•require us to indemnify our customers or third-party service providers; and/or

•require us to expend additional development resources to redesign our products.

Any one or more of the above could harm our business, results of operations and financial condition.

We use open source software in our products, which could negatively affect our ability to offer our products and subject us to litigation or other actions.

We use open source software in our products and expect to use more open source software in the future. From time to time, there have been claims challenging the ownership of open source software against companies that incorporate open source software into their products. However, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products. As a result, we could be subject to lawsuits by parties claiming ownership of what we believe to be open source software. Litigation could be costly for us to defend, have a negative effect on our results of operations and financial condition or require us to devote additional research and development resources to change our products. In addition, if we were to combine our proprietary software products with open source software in a certain manner, we could, under certain of the open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with less development effort and time. If we inappropriately use open source software, or if the license terms for open source software that we use change, we may be required to re-engineer our products, incur additional costs, discontinue the sale of some or all of our products or take other remedial actions.

In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or assurance of title or controls on origin of the software. In addition, many of the risks associated with usage of open source software, such as the lack of warranties or assurances of title, cannot be eliminated, and could, if not properly addressed, negatively affect our business. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source software, but we cannot be sure that all of our use of open source software is in a manner that is consistent with our current policies and procedures, or will not subject us to liability.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.

Our agreements with customers and other third parties may include indemnification or other provisions under which we agree to indemnify or otherwise be liable to them for losses suffered or incurred as a result of claims of intellectual property infringement, damages caused by us to property or persons, or other liabilities relating to or arising from the use of our platform or other acts or omissions. The term of these contractual provisions often survives termination or expiration of the applicable agreement. As we continue to grow, the possibility of infringement claims and other intellectual property rights claims against us may increase. For any intellectual property rights indemnification claim against us or our customers, we will incur significant legal expenses and may have to pay damages, settlement fees, license fees and/or stop using technology found to be in violation of the third party’s rights. Large indemnity payments could harm our business, results of operations and financial condition. We may also have to seek a license for the infringing or allegedly infringing technology. Such license may not be available on reasonable terms, if at all, and may significantly increase our operating expenses or may require us to restrict our business activities and limit our ability to deliver certain products. As a result, we may also be required to develop alternative non-infringing technology, which could require significant effort and expense and/or cause us to alter our platform, which could negatively affect our business.

From time to time, customers require us to indemnify or otherwise be liable to them for breach of confidentiality, violation of applicable law or failure to implement adequate security measures with respect to their data stored, transmitted, or accessed using our platform. Although we normally contractually limit our liability with respect to such obligations, the existence of such a dispute may have adverse effects on our customer relationship and reputation and we may still incur substantial liability related to them.

Any assertions by a third party, whether or not successful, with respect to such indemnification obligations could subject us to costly and time-consuming litigation, expensive remediation and licenses, divert management attention and financial resources, harm our relationship with that customer and other current and prospective customers, reduce demand for our platform, and harm our brand, business, results of operations and financial condition.

Risks Related to the Acquisition of Auth0

The proposed acquisition of Auth0 may cause a disruption in our business.

The proposed acquisition (the Acquisition) of Auth0 could cause disruptions to our business or business relationships, which could have an adverse impact on results of operations. Parties with which we have business relationships may experience uncertainty as to the future of such relationships and may delay or defer certain business decisions, seek alternative relationships with third parties or seek to alter their present business relationships with us. Parties with whom we otherwise may have sought to establish business relationships may seek alternative relationships with third parties.

The pursuit of the Acquisition, the preparation for the transition and the integration of Auth0 may place a significant burden on our management and internal resources. The diversion of management’s attention away from day-to-day business concerns and any difficulties encountered in the transition and integration process could adversely affect our financial results.

We have incurred and expect to continue to incur significant costs, expenses and fees for professional services and other transaction costs in connection with the Acquisition. We may also incur unanticipated costs in the integration of Auth0’s business with our business. The substantial majority of these costs will be non-recurring expenses relating to the Acquisition, and many of these costs are payable regardless of whether or not the Acquisition is consummated. We also could be subject to litigation related to the proposed Acquisition, which could result in significant costs and expenses.

Failure to complete the Acquisition in a timely manner or at all could negatively impact the market price of our Class A common stock, as well as our future business and our financial condition, results of operations and cash flows.

We currently anticipate the Acquisition will be completed in the second quarter of fiscal 2022, the quarter ending July 31, 2021, but we cannot be certain when or if the conditions for the Acquisition will be satisfied or (if permissible under applicable law) waived. The Acquisition cannot be completed until certain customary conditions to closing are satisfied or (if permissible under applicable law) waived. Our obligation to complete the Acquisition is also subject to, among other conditions, the absence of regulatory authorities requiring certain actions on our part.

The satisfaction of the required conditions could delay the completion of the Acquisition for a significant period of time or prevent it from occurring. Further, there can be no assurance that the conditions to the closing of the Acquisition will be satisfied or waived or that the Acquisition will be completed.

If the Acquisition is not completed in a timely manner or at all, our ongoing business may be adversely affected as follows:

•we may experience negative reactions from the financial markets, and our stock price could decline to the extent that the current market price reflects an assumption that the transaction will be completed;

•we may experience negative reactions from employees, customers, suppliers or other third parties;

•management’s focus may have been diverted from pursuing other opportunities that could have been beneficial to us; and

•our costs of pursuing the Acquisition may be higher than anticipated.

If the Acquisition is not consummated, there can be no assurance that these risks will not materialize and will not materially adversely affect our stock price, business, financial condition, results of operations or cash flows.

We may not realize potential benefits from the Acquisition because of difficulties related to integration, the achievement of synergies, and other challenges.

We and Auth0 have operated and, until completion of the Acquisition, will continue to operate, independently, and there can be no assurances that our businesses can be combined in a manner that allows for the achievement of substantial benefits. Any integration process may require significant time and resources, and we may not be able to manage the process successfully as our ability to acquire and integrate larger or more complex companies, products or technologies in a successful manner is unproven. If we are not able to successfully integrate Auth0’s businesses with ours or pursue our customer and product strategy successfully, the anticipated benefits of the Acquisition may not be realized fully or may take longer than expected to be realized. Further, it is possible that there could be a loss of our and/or Auth0’s key employees and customers, disruption of either company’s or both companies’ ongoing businesses or unexpected issues, higher than expected costs and an overall post‑completion process that takes longer than originally anticipated. Specifically, the following issues, among others, must be addressed in combining Auth0’s operations with ours in order to realize the anticipated benefits of the Acquisition so the combined company performs as the parties hope:

•combining the companies’ corporate functions;

•combining Auth0’s business with our business in a manner that permits us to achieve the synergies anticipated to result from the Acquisition, the failure of which would result in the anticipated benefits of the Acquisition not being realized in the timeframe currently anticipated or at all;

•maintaining existing agreements with customers, distributors, providers, talent and vendors and avoiding delays in entering into new agreements with prospective customers, distributors, providers, talent and vendors;

•determining whether and how to address possible differences in corporate cultures and management philosophies;

•integrating the companies’ administrative and information technology infrastructure;

•developing products and technology that allow value to be unlocked in the future;

•evaluating and forecasting the financial impact of the Acquisition transaction, including accounting charges; and

•effecting potential actions that may be required in connection with obtaining regulatory approvals.

In addition, at times the attention of certain members of our management and resources may be focused on completion of the Acquisition and integration planning of the businesses of the two companies and diverted from day‑to‑day business operations, which may disrupt our ongoing business and the business of the combined company.

We may incur significant, non‑recurring costs in connection with the Acquisition and integrating the operations of Okta and Auth0, including costs to maintain employee morale and to retain key employees. Management cannot ensure that the elimination of duplicative costs or the realization of other efficiencies will offset the transaction and integration costs in the long term or at all.

Purchase price accounting in connection with our Acquisition requires estimates that may be subject to change and could impact our consolidated financial statements and future results of operations and financial position.

Pursuant to the acquisition method of accounting, the purchase price we will pay for Auth0 will be allocated to the underlying Auth0 tangible and intangible assets acquired and liabilities assumed based on their respective fair market values with any excess purchase price allocated to goodwill. The acquisition method of accounting is dependent upon certain valuations and other studies that are preliminary. Accordingly, the purchase price allocation as of the Acquisition date will be preliminary. We currently anticipate that all the information needed to identify and measure values assigned to the assets acquired and liabilities assumed will be obtained and finalized during the one‑year measurement period following the date of completion of the Acquisition. Differences between these preliminary estimates and the final acquisition accounting may occur, and these differences could have a material impact on the consolidated financial statements and the combined company’s future results of operations and financial position.

Auth0 may have liabilities that are not known to us.

Auth0 may have liabilities that we failed, or were unable, to discover, or that we underestimated, in the course of performing our due diligence investigations of Auth0’s business and we, as the successor owner of such acquired company, might be responsible for those liabilities. Such potential liabilities could include employment-, retirement- or severance-related obligations under applicable law or other benefits arrangements, legal or regulatory claims, tax liabilities, warranty or similar liabilities to customers, product liabilities, claims related to infringement of third-party intellectual property rights, and claims by or amounts owed to vendors or other third parties. We cannot assure you that the indemnification available to us under the Merger Agreement with respect to the Acquisition in connection with such agreement will be sufficient in amount, scope or duration to fully offset the possible liabilities associated with Auth0’s business or property that we will assume upon consummation of the Acquisition. We may learn additional information about Auth0 that materially adversely affects us, such as unknown or contingent liabilities and liabilities related to compliance with applicable laws. Any such liabilities, individually or in the aggregate, could have a material adverse effect on our business, results of operations and financial condition.

While the Acquisition is pending, we and Auth0 will be subject to business uncertainties that could adversely affect our respective businesses, results of operations and financial conditions.

Our success following the announcement of the Acquisition will depend in part upon the ability of us and Auth0 to maintain our respective business relationships. Uncertainty about the effect of the Acquisition on customers, suppliers, employees and other constituencies may have a material adverse effect on us and Auth0. Customers, suppliers and others who deal with us or Auth0 may delay or defer business decisions, decide to terminate, modify or renegotiate their relationships or take other actions as a result of the Acquisition that could negatively affect the revenues, earnings and cash flows of our company or Auth0. If we are unable to maintain these business and operational relationships, our financial position, results of operations or cash flows could be materially affected.

Risks Related to Legal, Accounting and Tax Matters

Because we generally recognize revenue from our subscriptions and support services over the term of the relevant service period, a decrease in sales during a reporting period may not be immediately reflected in our results of operations for that period.

We generally recognize revenue from subscriptions and related support services revenue ratably over the relevant service period. Net new revenue from new subscriptions, upsells and renewals entered into during a period can generally be expected to generate revenue for the duration of the service period. As a result, most of the revenue we report in each period is derived from the recognition of deferred revenue relating to subscriptions and support services contracts entered into during previous periods. Consequently, a decrease in new or renewed subscriptions in any single reporting period will have a limited impact on our revenue for that period. In addition, our ability to adjust our cost structure in the event of a decrease in new or renewed subscriptions may be limited.

Further, a decline in new subscriptions or renewals in a given period may not be fully reflected in our revenue for that period, but will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our services, and changes in our rate of renewals, may not be fully reflected in our results of operations until future periods. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers is generally recognized over the applicable service period. Additionally, due to the complexity of certain of our customer contracts, the actual revenue recognition treatment required under Accounting Standards Update No. 2014-09, Revenue from Contracts with Customers (Topic 606), or ASC 606, will depend on contract-specific terms and may result in greater variability in revenue from period to period.

In addition, a decrease in new subscriptions or renewals in a reporting period may not have an immediate impact on billings for that period.

We may face exposure to foreign currency exchange rate fluctuations.

Today, a vast majority of our customer contracts are denominated in U.S. dollars. Over time, however, an increasing portion of our international customer contracts may be denominated in local currencies. In addition, the majority of our international costs are denominated in local currencies. As a result, fluctuations in the value of the U.S. dollar and foreign currencies may affect our results of operations when translated into U.S. dollars. We do not currently engage in currency hedging activities to limit the risk of exchange rate fluctuations. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.

We are subject to anti-corruption, anti-bribery and similar laws, and non-compliance with such laws can subject us to criminal penalties or significant fines and harm our business and reputation.

We are subject to anti-corruption and anti-bribery and similar laws, such as the U.S. Foreign Corrupt Practices Act of 1977, as amended (FCPA), the U.S. domestic bribery statute contained in 18 U.S.C. § 201, U.S. Travel Act, the USA PATRIOT Act, the U.K. Bribery Act 2010 and other anti-corruption, anti-bribery and anti-money laundering laws in countries in which we conduct activities. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly and prohibit companies and their employees and agents from promising, authorizing, making or offering improper payments or other benefits to government officials and others in the private sector. As we increase our international sales and business, our risks under these laws may increase.

In addition, we use channel partners to sell our products and conduct business on our behalf abroad. We or such partners may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and under certain circumstances we could be held liable for the corrupt or other illegal activities of such partners and our employees, representatives, contractors, partners and agents, even if we do not explicitly authorize such activities. We have implemented an anti-corruption compliance program but cannot ensure that all our employees and agents, as well as those companies to which we outsource certain of our business operations, will not take actions in violation of our policies and applicable law, for which we may be ultimately held responsible.

Noncompliance with the FCPA, other applicable anti-corruption laws, or anti-money laundering laws could subject us to investigations, whistleblower complaints, sanctions, settlements, prosecution, and other enforcement actions. Any violation of these laws could result in disgorgement of profits, significant fines, damages, other civil and criminal penalties or injunctions, adverse media coverage, loss of export privileges, severe criminal or civil sanctions, suspension or debarment from U.S. government contracts and other consequences, any of which could have a material adverse effect on our reputation, business, results of operations and financial condition.

We are subject to governmental export controls and economic sanctions laws that could impair our ability to compete in international markets and subject us to liability if we are not in full compliance with applicable laws.

Our business activities are subject to various restrictions under U.S. export controls and trade and economic sanctions laws, including the U.S. Commerce Department’s Export Administration Regulations and economic and trade sanctions regulations maintained by the U.S. Treasury Department’s Office of Foreign Assets Control. The U.S. export control laws and U.S. economic sanctions laws include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities and also require authorization for the export of encryption items. In addition, various countries regulate the import of certain encryption technology, including through import and licensing requirements, and have enacted laws that could limit our ability to distribute our service or could limit our customers’ ability to implement our service in those countries. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to civil or criminal penalties, including the possible loss of export privileges and monetary penalties. Obtaining the necessary authorizations, including any required license, for a particular transaction may be time-consuming, is not guaranteed, and may result in the delay or loss of sales opportunities. Although we take precautions to prevent our products from being provided in violation of such laws, our products may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. This could result in negative consequences to us, including government investigations, penalties and harm to our reputation.

Our international operations may give rise to potentially adverse tax consequences.

We are expanding our international operations and staff to better support our growth into the international markets. Our corporate structure and associated transfer pricing policies anticipate future growth into the international markets. The amount of taxes we pay in different jurisdictions may depend on the application of the tax laws of the various jurisdictions, including the United States, to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The taxing authorities of the jurisdictions in which we operate may challenge our methodologies for pricing intercompany transactions, which are generally required to be computed on an arm’s-length basis pursuant to intercompany arrangements or disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a challenge or disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. Our financial statements could fail to reflect adequate reserves to cover such a contingency.

Changes in tax laws or regulations in the various tax jurisdictions we are subject to that are applied adversely to us or our customers could increase the costs of our products and harm our business.

New income, sales, use or other tax laws, statutes, rules, regulations or ordinances could be enacted at any time. Those enactments could harm our domestic and international business operations, and our business and financial performance. Further, existing tax laws, statutes, rules, regulations or ordinances could be interpreted, changed, modified or applied adversely to us. These events could require us or our customers to pay additional tax amounts on a prospective or retroactive basis, as well as require us or our customers to pay fines and/or penalties and interest for past amounts deemed to be due. If we raise our prices to offset the costs of these changes, existing and potential future customers may elect not to purchase our products in the future. Additionally, new, changed, modified or newly interpreted or applied tax laws could increase our customers’ and our compliance, operating and other costs, as well as the costs of our products. Further, these events could decrease the capital we have available to operate our business. Any or all of these events could harm our business and financial performance.

As a multinational organization, we may be subject to taxation in several jurisdictions around the world with increasingly complex tax laws, the application of which can be uncertain. The amount of taxes we pay in these jurisdictions could increase substantially as a result of changes in the applicable tax principles, including increased tax rates, new tax laws or revised interpretations of existing tax laws and precedents, which could harm our liquidity and results of operations. In addition, the authorities in these jurisdictions could review our tax returns and impose additional tax, interest and penalties, and the authorities could claim that various withholding requirements apply to us or our subsidiaries or assert that benefits of tax treaties are not available to us or our subsidiaries, any of which could harm us and our results of operations.

Our business may be subject to additional obligations to collect and remit sales tax and other taxes, and we may be subject to tax liability for past sales. Any successful action by state, foreign or other authorities to collect additional or past sales tax could harm our business.

States and some local taxing jurisdictions have differing rules and regulations governing sales and use taxes, and these rules and regulations are subject to varying interpretations that may change over time. In particular, the applicability of sales taxes to our platform in various jurisdictions is unclear. It is possible that we could face sales tax audits and that our liability for these taxes could exceed our estimates as state tax authorities could still assert that we are obligated to collect additional amounts as taxes from our customers and remit those taxes to those authorities. We could also be subject to audits in states and international jurisdictions for which we have not accrued tax liabilities. A successful assertion that we should be collecting additional sales or other taxes on our service in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our products or otherwise harm our business, results of operations and financial condition.

We file sales tax returns in certain states within the United States as required by law and certain customer contracts for a portion of the products that we provide. We do not collect sales or other similar taxes in other states and many of such states do not apply sales or similar taxes to the vast majority of the products that we provide. However, one or more states or foreign authorities could seek to impose additional sales, use or other tax collection and record-keeping obligations on us or may determine that such taxes should have, but have not been, paid by us. Liability for past taxes may also include substantial interest and penalty charges. Any successful action by state,

Our ability to use our net operating loss carry-forwards and certain other tax attributes may be limited.

If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we have expended, and anticipate that we will continue to expend, significant resources, including accounting-related costs and significant management oversight. If any of these new or improved controls and systems do not perform as expected, we may experience material weaknesses or significant deficiencies in our controls.

Our controls may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to maintain effective controls could harm our results of operations or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to maintain effective internal control over financial reporting also could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in our periodic reports that are filed with the SEC. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the Nasdaq. We are required to provide an annual management report on the effectiveness of our internal control over financial reporting.

Our independent registered public accounting firm is required to formally attest to the effectiveness of our internal control over financial reporting annually. Our independent registered public accounting firm may issue a report that is adverse in the event it is not satisfied with the level at which our internal control over financial reporting is documented, designed, or operating. Any failure to maintain effective disclosure controls and internal control over financial reporting could harm our business and results of operations and could cause a decline in the price of our Class A common stock.

Changes in existing financial accounting standards or practices, or taxation rules or practices, may harm our results of operations.

Changes in existing accounting or taxation rules or practices, new accounting pronouncements or taxation rules, or varying interpretations of current accounting pronouncements or taxation practice could harm our results of operations or the manner in which we conduct our business. Further, such changes could potentially affect our reporting of transactions completed before such changes are effective.

Accounting principles generally accepted in the United States (GAAP) are subject to interpretation by the Financial Accounting Standards Board (FASB), the SEC and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results, and could affect the reporting of transactions completed before the announcement of a change. Adoption of such new standards and any difficulties in implementation of changes in accounting principles, including the ability to modify our accounting systems, could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.

If our estimates or judgments relating to our critical accounting policies prove to be incorrect, our results of operations could be adversely affected.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in our consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The results of these estimates form the basis for making judgments about the carrying values of assets, liabilities and equity, and the amount of revenue and expenses that are not readily apparent from other sources. Significant assumptions and estimates used in preparing our consolidated financial statements include, but are not limited to those related to revenue recognition, period of benefit for deferred commissions, incremental borrowing rates for operating leases, effective interest rates for convertible notes, valuation of deferred income taxes, business combination and valuation of goodwill and purchased intangible assets. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below the expectations of securities analysts and investors, resulting in a decline in the trading price of our Class A common stock.

Risks Related to Ownership of Our Class A Common Stock

The stock price of our Class A common stock may be volatile or may decline.

Prior to our IPO, there was no public market for shares of our Class A common stock. The market prices of the securities of other newly public companies have historically been highly volatile, and our stock price has been volatile since our IPO. The market price of our Class A common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including, but not limited to:

•overall performance of the equity markets and/or publicly-listed technology companies;

•actual or anticipated fluctuations in our revenue or other financial or operating metrics;

•changes in the financial projections we provide to the public or our failure to meet these projections;

•failure of securities analysts to initiate or maintain coverage of us, changes in financial estimates and/or recommendations by any securities analysts who follow our company;

•our failure to meet the estimates or the expectations of securities analysts or investors;

•recruitment or departure of key personnel;

•significant security breaches, technical difficulties or interruptions of our service;

•the economy as a whole and market conditions in our industry;

•rumors and market speculation involving us or other companies in our industry;

•announcements by us or our competitors of significant innovations, acquisitions, strategic partnerships, joint ventures or capital commitments;

•new laws or regulations or new interpretations of existing laws or regulations applicable to our business;

•lawsuits threatened or filed against us;

•other events or factors, including those resulting from war, incidents of terrorism, or responses to these events; and

•sales of additional shares of our Class A common stock by us, our directors, our officers or our stockholders.

In addition, stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. Stock prices of many companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have instituted securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business, and harm our business.

The dual class structure of our common stock has the effect of concentrating voting control with those stockholders who held our capital stock prior to the completion of our IPO, including our directors, executive officers, and their affiliates, who held in the aggregate 48% of the voting power of our capital stock as of January 31, 2021. This will limit or preclude your ability to influence corporate matters, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval.

Our Class B common stock has ten votes per share, and our Class A common stock has one vote per share. As of January 31, 2021, our directors, executive officers and their affiliates held in the aggregate 48% the voting power of our capital stock. Because of the ten-to-one voting ratio between our Class B and Class A common stock, the holders of our Class B common stock collectively could continue to control nearly a majority of the combined voting power of our common stock and be able to effectively control all matters submitted to our stockholders for approval until April 12, 2027, the date that is the ten year anniversary of the closing of our IPO. This concentrated control may limit or preclude your ability to influence corporate matters for the foreseeable future, including the election of directors, amendments of our organizational documents, and any merger, consolidation, sale of all or substantially all of our assets, or other major corporate transaction requiring stockholder approval. In addition, this may prevent or discourage unsolicited acquisition proposals or offers for our capital stock that you may feel are in your best interest as one of our stockholders.

Future transfers by holders of Class B common stock will generally result in those shares converting to Class A common stock, subject to limited exceptions, such as certain transfers effected for estate planning purposes. The conversion of Class B common stock to Class A common stock will have the effect, over time, of increasing the relative voting power of those holders of Class B common stock who have retained their shares.

Sales of a substantial number of shares of our Class A common stock in the public markets, or the perception that sales might occur, could cause the market price of our Class A common stock to decline.

Sales of a substantial number of shares of our Class A common stock into the public market, particularly sales by our directors, executive officers and principal stockholders, or the perception that these sales might occur, could cause the market price of our Class A common stock to decline.

In addition, we have options outstanding that, if fully exercised, would result in the issuance of shares of our Class A and Class B common stock. We also have restricted stock units (RSUs) outstanding that, if vested and settled, would result in the issuance of shares of Class A common stock. All of the shares of Class A and Class B common stock issuable upon the exercise of stock options and vesting of RSUs and the shares reserved for future issuance under our equity incentive plans, are registered for public resale under the Securities Act of 1933, as amended (Securities Act). Accordingly, these shares will be able to be freely sold in the public market upon issuance, subject to applicable vesting requirements.

Furthermore, a substantial number of shares of our Class A common stock is reserved for issuance upon the exercise of the Notes (as defined below) and the Warrants (as defined below) issued at the time of the issuance of the 2023 Notes (as defined below). If we elect to satisfy our conversion obligation on the Notes solely in shares of our Class A common stock upon conversion of the notes, we will be required to deliver the shares of our Class A common stock, together with cash for any fractional share, on the second business day following the relevant conversion date.

If securities or industry analysts do not publish or cease publishing research, or publish inaccurate or unfavorable research, about our business, the price of our Class A common stock and trading volume could decline.

The trading market for our Class A common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. If industry analysts do not publish or cease publishing research on our company, the trading price for our Class A common stock would be negatively affected. If one or more of the analysts who cover us downgrade our Class A common stock or publish inaccurate or unfavorable research about our business, our Class A common stock price would likely decline. If one or more of these analysts cease coverage of us or fail to publish reports on us on a regular basis, demand for our Class A common stock could decrease, which might cause our Class A common stock price and trading volume to decline.

We do not intend to pay dividends for the foreseeable future.

We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the operation of our business and for general corporate purposes. Any determination to pay dividends in the future will be at the discretion of our board of directors. Accordingly, investors must rely on sales of their Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Provisions in our charter documents and under Delaware law could make an acquisition of our company more difficult, limit attempts by our stockholders to replace or remove our current board of directors, and limit the market price of our Class A common stock.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may have the effect of delaying or preventing a change of control or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws include provisions that:

•provide that our board of directors is classified into three classes of directors with staggered three-year terms;

•permit the board of directors to establish the number of directors and fill any vacancies and newly-created directorships;

•require super-majority voting to amend some provisions in our amended and restated certificate of incorporation and amended and restated bylaws;

•authorize the issuance of “blank check” preferred stock that our board of directors could use to implement a stockholder rights plan;

•provide that only the Chairperson of our board of directors, our Chief Executive Officer, or a majority of our board of directors are authorized to call a special meeting of stockholders;

•provide for a dual class common stock structure in which holders of our Class B common stock have the ability to effectively control the outcome of matters requiring stockholder approval, even if they own significantly less than a majority of the outstanding shares of our Class A and Class B common stock, including the election of directors and significant corporate transactions, such as a merger or other sale of our company or its assets;

•prohibit stockholder action by written consent, which requires all stockholder actions to be taken at a meeting of our stockholders;

•provide that the board of directors is expressly authorized to make, alter or repeal our bylaws; and

•advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon by stockholders at annual stockholder meetings.

Moreover, Section 203 of the Delaware General Corporation Law may discourage, delay or prevent a change in control of our company. Section 203 imposes certain restrictions on mergers, business combinations and other transactions between us and holders of 15% or more of our common stock.

Our amended and restated bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit stockholders’ ability to obtain a favorable judicial forum for disputes with us.

Our amended and restated bylaws provide that the Court of Chancery of the State of Delaware will be the exclusive forum for:

•any derivative action or proceeding brought on our behalf;

•any action asserting a breach of fiduciary duty;

•any action asserting a claim against us arising pursuant to the Delaware General Corporation Law, our amended and restated certificate of incorporation, or our amended and restated bylaws; or

•any action asserting a claim against us that is governed by the internal affairs doctrine.

This choice of forum provision may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or any of our directors, officers, or other employees, which may discourage lawsuits with respect to such claims. Alternatively, if a court were to find the choice of forum provision contained in our amended and restated certificate of incorporation to be inapplicable or unenforceable in an action, we may incur additional costs associated with resolving such action in other jurisdictions, which could harm our business, results of operations and financial condition.

Servicing our debt may require a significant amount of cash. We may not have sufficient cash flow from our business to pay our indebtedness.

We may not have the ability to raise the funds necessary for cash settlement upon conversion of the Notes or to repurchase the Notes for cash upon a fundamental change, and our future debt may contain limitations on our ability to pay cash upon conversion of the Notes or to repurchase the Notes.

Holders of the Notes have the right to require us to repurchase their Notes upon the occurrence of a fundamental change (as defined in the Indentures governing their respective Notes) at a repurchase price equal to 100% of the principal amount of the Notes to be repurchased, plus accrued and unpaid interest, if any. Upon conversion of the Notes, unless we elect to deliver solely shares of our Class A common stock to settle such conversion (other than paying cash in lieu of delivering any fractional share), we will be required to make cash payments in respect of the Notes being converted. We may not have enough available cash or be able to obtain financing at the time we are required to make repurchases of Notes surrendered or Notes being converted. In

In addition, our indebtedness, combined with our other financial obligations and contractual commitments, could have other important consequences. For example, it could:

•make us more vulnerable to adverse changes in general U.S. and worldwide economic, industry and competitive conditions and adverse changes in government regulation;

•limit our flexibility in planning for, or reacting to, changes in our business and our industry;

•place us at a disadvantage compared to our competitors who have less debt;

•limit our ability to borrow additional amounts to fund acquisitions, for working capital and for other general corporate purposes; and

•make an acquisition of our company less attractive or more difficult.

Any of these factors could harm our business, results of operations and financial condition. In addition, if we incur additional indebtedness, the risks related to our business and our ability to service or repay our indebtedness would increase.

The conditional conversion feature of the Notes, if triggered, may adversely affect our financial condition and results of operations.

In the event the conditional conversion feature of the Notes is triggered, holders of the Notes will be entitled to convert the Notes, as applicable, at any time during specified periods at their option. If one or more holders elect to convert their Notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our Class A common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. As disclosed in Note 9 to our consolidated financial statements, the conditional conversion features of the 2023 Notes and 2025 Notes were triggered as of January 31, 2021, and the 2023 Notes and 2025 Notes are currently convertible at the option of the holders, in whole or in part, between February 1, 2021 and April 30, 2021. Whether the 2023 Notes or 2025 Notes will be convertible following such fiscal quarter will depend on the continued satisfaction of this condition or another conversion condition in the future. From the date of issuance through January 31, 2021, the conditions allowing holders of the 2026 Notes to convert were not met.

In addition, even if holders do not elect to convert their Notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of the notes as a current rather than long-term liability, which would result in a material reduction of our net working capital. The 2023 Notes and 2025 Notes were classified as current liabilities on the consolidated balance sheet as of January 31, 2021.

Transactions relating to our Notes may affect the value of our Class A common stock.

The conversion of some or all of the Notes would dilute the ownership interests of existing stockholders to the extent we satisfy our conversion obligation by delivering shares of our Class A common stock upon any conversion of such Notes. Our Notes may become in the future convertible at the option of their holders under certain circumstances. If holders of our Notes elect to convert their notes, we may settle our conversion obligation by delivering to them a significant number of shares of our Class A common stock, which would cause dilution to our existing stockholders.

The accounting method for convertible debt securities that may be settled in cash, such as the Notes, could have a material effect on our reported financial results.

Under FASB Accounting Standards Codification 470-20, Debt with Conversion and Other Options (ASC 470-20), an entity must separately account for the liability and equity components of convertible debt instruments (such as the Notes) that may be settled entirely or partially in cash upon conversion in a manner that reflects the issuer’s economic interest cost. ASC 470-20 requires the value of the conversion options of the Notes, representing the equity component, to be recorded as additional paid-in capital within stockholders’ equity in our consolidated balance sheet and as a discount to the Notes, which reduces their initial carrying value. The carrying value of the Notes, net of the applicable discount recorded, will be accreted up to the principal amount of the Notes, as the case may be, from the issuance date until maturity, which will result in non-cash charges to interest expense in our consolidated statement of operations. Accordingly, we will report lower net income or higher net loss in our financial results because ASC 470-20 requires interest to include both the current period’s accretion of the debt discount and the instrument’s coupon interest, which could adversely affect our reported or future financial results, the trading price of our Class A common stock and the respective trading price of the Notes.

Accounting standards in the future will result in changes to the current ASC 470-20 accounting model. The FASB issued an accounting standards update that eliminates the liability and equity component separation model for convertible debt instruments with a cash conversion feature. Among other potential impacts, this change is expected to reduce reported interest expense, increase reported net income or lower net loss and result in a reclassification of certain balance sheet amounts from stockholders' equity to liabilities as it relates to the Notes.

General Risk Factors

We depend on our executive officers and other key employees, and the loss of one or more of these employees or an inability to attract and retain other highly skilled employees could harm our business.

Our success depends largely upon the continued services of our executive officers and other key employees. We rely on our leadership team in the areas of research and development, operations, security, marketing, sales, customer support, general and administrative functions, and on individual contributors in our research and development and operations functions. From time to time, there may be changes in our executive management team resulting from the hiring or departure of executives, such as the recent retirement of our former President, Worldwide Field Operations and upcoming retirement of our Chief Financial Officer, which could disrupt our business. We do not have employment agreements with our executive officers or other key personnel that require them to continue to work for us for any specified period and they could terminate their employment with us at any time. The loss of one or more of our executive officers or key employees, and any failure to have in place and execute an effective succession plan for key executives, could harm our business. Changes in our executive management team may also cause disruptions in, and harm to, our business.

In addition, to execute our growth plan, we must attract and retain highly qualified personnel. Competition for these personnel in the San Francisco Bay Area, where our headquarters is located, and in other locations where we maintain offices, is intense, especially for engineers experienced in designing and developing software and SaaS applications and experienced sales professionals. We have from time to time experienced, and we expect to continue to experience, difficulty in hiring and retaining employees with appropriate qualifications, and may not be able to fill positions in the desired regions, or at all. Our efforts to attract new personnel may be compounded by intensified restriction on travel (including during the COVID-19 pandemic), changes to immigration policy or the availability of work visas. Many of the companies with which we compete for experienced personnel have greater resources than we have. If we hire employees from competitors or other companies, their former employers may attempt to assert that these employees or we have breached their legal obligations, resulting in a diversion of our time and resources. In addition, job candidates and existing employees often consider the value of the equity awards they receive in connection with their employment. If the perceived value of our equity awards declines, it may harm our ability to recruit and retain highly skilled employees. If we fail to attract new personnel or fail to retain and motivate our current personnel, our business and future growth prospects could be harmed.

Catastrophic events may disrupt our business.

Natural disasters or other catastrophic events may cause damage or disruption to our operations, international commerce and the global economy, and thus could harm our business. We have a large employee presence in San Francisco, California and the west coast of the United States contains active earthquake and wildfire zones which have the potential to disrupt our business. For example, in the fall of 2019 and 2020, PG&E shut off power to certain cities in the San Francisco Bay Area in order to reduce the risk of wildfires and this resulted in many of our employees being unable to work remotely. In the event of a major earthquake, hurricane or catastrophic event such as fire, power loss, telecommunications failure, vandalism, cyber-attack, war, terrorist attack or health epidemic (including COVID-19), we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our application development, lengthy interruptions in our products, breaches of data security and loss of critical data, all of which could harm our business, results of operations and financial condition. In addition, the insurance we maintain may be insufficient to cover our losses resulting from disasters, cyber-attacks or other business interruptions, and any incidents may result in loss of, or increased costs of, such insurance.

Our corporate headquarters is located in San Francisco, California, where we currently lease approximately 266,366 square feet and 19,129 square feet under a lease, as amended, that expires in October 2028 and a sublease that expires in August 2021, respectively. The Company is entitled to two five-year options to extend the lease with an October 2028 expiry date, subject to certain requirements.

We also lease space in various locations in North America, Europe and Asia-Pacific.

We believe that our facilities are suitable to meet our current needs. We intend to expand our facilities or add new facilities as we add employees and enter new geographic markets, and we believe that suitable additional or alternative space will be available as needed to accommodate any such growth. 

We are not a party to any material legal proceedings on the date of this report. See Note 11 to our consolidated financial statements "Commitments and Contingencies" for information related to legal proceedings.

Our Class A common stock has been listed on the Nasdaq Global Select Market under the symbol "OKTA" since April 7, 2017. Prior to that date, there was no public trading market for our Class A common stock. Our Class B common stock is not listed or traded on any stock exchange.

As of February 28, 2021, we had 37 holders of record of our Class A common stock and 26 holders of record of our Class B common stock. The actual number of Class A beneficial stockholders is substantially greater than the number of holders of record because a large portion of our Class A common stock is held in street name by brokers and other nominees.

We have never declared or paid cash dividends on our capital stock. We currently intend to retain any future earnings for use in the operation of our business and do not intend to declare or pay any cash dividends in the foreseeable future. Any further determination to pay dividends on our capital stock will be at the discretion of our board of directors, subject to applicable laws, and will depend on our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors considers relevant.

This performance graph shall not be deemed "soliciting material" or to be "filed" with the Securities and Exchange Commission (SEC) for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the Exchange Act), or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Okta, Inc. under the Securities Act or the Exchange Act.

We have presented below the cumulative total return to our stockholders from April 7, 2017 (the date our Class A common stock commenced trading on the Nasdaq) through January 31, 2021 in comparison to the Standard & Poor’s 500 Index and Standard & Poor Information Technology Index. All values assume a $100 initial investment and data for the Standard & Poor’s 500 Index and Standard & Poor Information Technology Index assume reinvestment of dividends. The comparisons are based on historical data and are not indicative of, nor intended to forecast, the future performance of our Class A common stock.

Company/Index						Base period 4/7/2017						1/31/2018						1/31/2019						1/31/2020						1/31/2021
Okta						$	100.00					$	125.27					$	350.62					$	544.66					$	1,101.70
S&P 500 Index						100.00						119.88						114.80						136.93						157.68
S&P 500 Information Technology Index						100.00						132.07						129.11						185.80						251.86

Securities Authorized for Issuance under Equity Compensation Plans

The information required by this item with respect to our equity compensation plans is incorporated by reference to our Proxy Statement for the 2021 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission within 120 days of the fiscal year ended January 31, 2021.

Unregistered Sales of Equity Securities

(a)Unregistered Sales of Equity Securities

In connection with the partial repurchase of the convertible notes due in 2023 (2023 Notes) in June 2020 and the conversion of certain 2023 Notes in August 2020, the Company issued 1,445,927 shares and 214,177 shares of Company Class A common stock on June 12, 2020 and August 31, 2020, respectively. These issuances were made in reliance on the exemption from registration provided by Section 4(a)(2) of the Securities Act of 1933, as amended (Securities Act). The Company relied on this exemption from registration based in part on representations made by the holders of the 2023 Notes in the exchange agreements pursuant to which the shares of Class A Common Stock were issued.

(b)    Issuer Purchases of Equity Securities

None.

Overview

Okta is the leading independent identity management platform for the enterprise. The Okta Identity Cloud is powered by our category-defining platform that enables our customers to securely connect the right people to the right technologies and services at the right time. Every day, thousands of organizations and millions of people use Okta to securely access a wide range of cloud, mobile and web applications, on-premises servers, application program interfaces (APIs), IT infrastructure providers and services from a multitude of devices. Developers leverage our platform to securely and efficiently embed identity into the software they build, allowing them to focus on their core mission. Employees and contractors sign into the Okta Identity Cloud to seamlessly and securely access the applications they need to do their most important work. Organizations use our platform to collaborate with their partners, and to provide their customers with more modern and secure experiences online and via mobile devices. Given the growth trends in the number of applications and cloud adoption, and the movement to remote workforces, identity is becoming the most critical layer of an organization’s security. Our approach to identity allows our customers to simplify and efficiently scale their security infrastructures across internal IT systems and external customer facing applications.

As of January 31, 2021, more than 10,000 customers across nearly every industry used the Okta Identity Cloud to secure and manage identities around the world. Our customers consist of leading global organizations ranging from the largest enterprises, to small and medium-sized businesses, universities, non-profits and government agencies. We also partner with leading application, infrastructure and security vendors through our Okta Integration Network. As of January 31, 2021, we had over 7,000 integrations with these cloud, mobile and web applications and IT infrastructure providers.

We employ a Software-as-a-Service (SaaS) business model, and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings. We focus on acquiring and retaining our customers and increasing their spending with us through expanding the number of users who access the Okta Identity Cloud and up-selling additional products. We sell our products directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including resellers, system integrators and other distribution partners. Our subscription fees include the use of our service and our technical support and management of our platform. We base subscription fees primarily on the products used and the number of users on our platform. We typically invoice customers in advance in annual installments for subscriptions to our platform.

On March 3, 2021, we entered into a definitive agreement to acquire Auth0, Inc. (Auth0) pursuant to an Agreement and Plan of Merger (the Merger Agreement). Upon consummation of the transaction contemplated by the Merger Agreement, all outstanding shares of Auth0 capital stock, options, warrants, convertible securities, phantom equity and other outstanding equity interests will be cancelled in exchange for aggregate consideration of $6.5 billion in the form of shares of Class A common stock of the Company and assumed awards of corresponding Company equity interests, subject to customary purchase price adjustments and certain customary cash payouts in lieu of shares of Company Class A common stock, as provided by the Merger Agreement. The purchase price payable in shares of Class A common stock will be valued at $276.2147 per share (which price was calculated based on the daily volume-weighted average sales price per share of Company Class A common stock for the 20 trading days ending on February 26, 2021). The per share price of these shares has been fixed as of the Merger Agreement signing date, and the aggregate value of these shares will fluctuate based on changes in our share price between the signing and closing dates.

The proposed transaction is expected to close during the Company’s second quarter of fiscal 2022, the quarter ending July 31, 2021. The closing of this transaction is subject to certain customary closing conditions and approvals. If consummated, the acquisition of Auth0 may have a significant impact on our liquidity, financial condition and results of operations. The following discussion and analysis of our results of operations and our liquidity and capital resources focuses on our existing operations exclusive of the impact of the proposed acquisition of Auth0. Any forward-looking statements contained herein do not take into account the impact of the proposed acquisition.

Financial Information and Segments

We operate our business as one reportable segment. Our revenue has grown significantly. For the years ended January 31, 2021, 2020 and 2019, our revenue was $835.4 million, $586.1 million and $399.3 million, respectively, representing a growth rate of 43% and 47%, respectively. For the years ended January 31, 2021, 2020 and 2019, we generated net losses of $266.3 million, $208.9 million and $125.5 million, respectively. Our accumulated deficit as of January 31, 2021 was $967.5 million.

Key Business Metrics 

We review a number of operating and financial metrics, including the following key metrics, to evaluate our business, measure our performance, identify trends affecting our business, formulate business plans, and make strategic decisions.

			As of January 31,
			2021						2020						2019
			(dollars in thousands)
Customers with annual contract value (ACV) above $100,000			1,950						1,467						1,038
Dollar-based net retention rate for the trailing 12 months ended			121		%				119		%				120		%
Current remaining performance obligations			$	841,797					$	592,309					$	385,600
Remaining performance obligations			$	1,796,949					$	1,209,659					$	728,900

			Year Ended January 31,
			2021						2020						2019
			(in thousands)
Calculated billings			$	975,994					$	703,558					$	488,217

Total Customers and Number of Customers with Annual Contract Value Above $100,000

As of January 31, 2021, we had over 10,000 customers on our platform. We believe that our ability to increase the number of customers on our platform is an indicator of our market penetration, the growth of our business, and our potential future business opportunities. Increasing awareness of our platform and capabilities, coupled with the mainstream adoption of cloud technology, has expanded the diversity of our customer base to include organizations of all sizes across all industries. Over time, larger customers have constituted a greater share of our total revenue, which has contributed to an increase in average revenue per customer. The number of customers who have greater than $100,000 in ACV with us was 1,950, 1,467 and 1,038 as of January 31, 2021, 2020 and 2019, respectively. We expect this trend to continue as larger enterprises recognize the value of our platform and replace their legacy identity access management infrastructure. We define a customer as a separate and distinct buying entity, such as a company, an educational or government institution, or a distinct business unit of a large company that has an active contract with us or one of our partners to access our platform.

Dollar-Based Net Retention Rate

Our ability to generate revenue is dependent upon our ability to maintain our relationships with our customers and to increase their utilization of our platform. We believe we can achieve these goals by focusing on delivering value and functionality that enables us to both retain our existing customers and expand the number of users and products used within an existing customer. We assess our performance in this area by measuring our Dollar-Based Net Retention Rate. Our Dollar-Based Net Retention Rate measures our ability to increase revenue across our existing customer base through expansion of users and products associated with a customer as offset by churn and contraction in the number of users and/or products associated with a customer.

Our Dollar-Based Net Retention Rate is based upon our ACV which is calculated based on the terms of that customer’s contract and represents the total contracted annual subscription amount as of that period end. We calculate our Dollar-Based Net Retention Rate as of a period end by starting with the ACV from all customers as of twelve months prior to such period end (Prior Period ACV). We then calculate the ACV from these same customers as of the current period end (Current Period ACV). Current Period ACV includes any upsells and is net of contraction or churn over the trailing twelve months but excludes ACV from new customers in the current period. We then divide the Current Period ACV by the Prior Period ACV to arrive at our Dollar-Based Net Retention Rate.

Remaining Performance Obligations

Remaining performance obligations (RPO) represent all future, non-cancellable, contracted revenue under our subscription contracts with customers that has not yet been recognized, inclusive of deferred revenue that has

been invoiced and non-cancellable amounts that will be invoiced and recognized as revenue in future periods. Current RPO represents the portion of RPO expected to be recognized during the next 12 months. RPO fluctuates due to a number of factors, including the timing, duration and dollar amount of customer contracts.

Calculated Billings

Calculated Billings represent our total revenue plus the change in deferred revenue and less the change in unbilled receivables in the period. Calculated Billings in any particular period reflect sales to new customers plus subscription renewals and upsells to existing customers, and represent amounts invoiced for subscription, support and professional services. We typically invoice customers in advance in annual installments for subscriptions to our platform.

Calculated Billings increased 39% in the year ended January 31, 2021 over the year ended January 31, 2020. As our Calculated Billings continue to grow in absolute terms, we expect our Calculated Billings growth rate to trend down over time. See the section titled “Non-GAAP Financial Measures” for additional information and a reconciliation of Calculated Billings to total revenue.

Components of Results of Operations

Revenue

Subscription Revenue.    Subscription revenue primarily consists of fees for access to and usage of our cloud-based platform and related support. Subscription revenue is driven primarily by the number of customers, the number of users per customer and the products used. We typically invoice customers in advance in annual installments for subscriptions to our platform.

Professional Services and Other.    Professional services revenue includes fees from assisting customers in implementing and optimizing the use of our products. These services include application configuration, system integration and training services.

Overhead Allocation and Employee Compensation Costs

We allocate shared costs, such as facilities costs (including rent, utilities and depreciation on assets shared by all departments), certain information technology costs, and recruiting costs to all departments based on headcount. As such, allocated shared costs are reflected in each cost of revenue and operating expense category. Employee compensation costs include salaries, bonuses, benefits and stock-based compensation for each cost of revenue and operating expense category, sales commissions for sales and marketing and any compensation related taxes.

Cost of Revenue and Gross Margin

Cost of Subscription.    Cost of subscription primarily consists of expenses related to hosting our services and providing support. These expenses include employee-related costs associated with our cloud-based infrastructure and our customer support organization, third-party hosting fees, software and maintenance costs, outside services associated with the delivery of our subscription services, travel-related costs, amortization expense associated with capitalized internal-use software and acquired technology, and allocated overhead.

We intend to continue to invest additional resources in our platform infrastructure and our platform support organizations. As we continue to invest in technology innovation, we anticipate that capitalized internal-use software costs and related amortization may increase. We expect our investment in technology to expand the capability of our platform, enabling us to improve our gross margin over time. The level and timing of investment in these areas could affect our cost of subscription revenue in the future.

Cost of Professional Services and Other.    Cost of professional services consists primarily of employee-related costs for our professional services delivery team, travel-related costs, and costs of outside services associated with supplementing our professional services delivery team. The cost of providing professional services has historically been higher than the associated revenue we generate.

Gross Margin.    Gross margin is gross profit expressed as a percentage of total revenue. Our gross margin may fluctuate from period to period as a result of the timing and amount of investments to expand our hosting capacity, our continued efforts to build platform support and professional services teams, increased stock-based compensation expenses, as well as the amortization of costs associated with capitalized internal-use software and acquired intangible assets.

Operating Expenses

Research and Development.    Research and development expenses consist primarily of employee compensation costs and allocated overhead. We believe that continued investment in our platform is important for our growth. We expect our research and development expenses will increase in absolute dollars as our business grows.

Sales and Marketing.    Sales and marketing expenses consist primarily of employee compensation costs, costs of general marketing and promotional activities, travel-related expenses and allocated overhead. Commissions earned by our sales force that are considered incremental and recoverable costs of obtaining a contract with a customer are deferred and then amortized on a straight-line basis over a period of benefit that we have determined to be generally five years. We expect our sales and marketing expenses will increase in absolute dollars and continue to be our largest operating expense category for the foreseeable future as we expand our sales and marketing efforts. However, we expect our sales and marketing expenses to decrease as a percentage of our total revenue as our total revenue grows.

General and Administrative.   General and administrative expenses consist primarily of employee compensation costs for finance, accounting, legal, information technology and human resources personnel. In addition, general and administrative expenses include non-personnel costs, such as legal, accounting and other professional fees, charitable contributions, and all other supporting corporate expenses, such as information technology, not allocated to other departments. We expect our general and administrative expenses will increase in absolute dollars as our business grows.

Interest and Other, Net

Interest and other, net consists of interest expense, which primarily includes amortization of debt discount and issuance costs and contractual interest expense for our 2023 Notes, convertible notes due in 2025 (2025 Notes) and convertible notes due in 2026 (2026 Notes, together with the 2023 Notes and 2025 Notes, the Notes), interest income from our investment holdings and loss on early extinguishment and conversion of debt.

Provision for (Benefit from) Income Taxes

Results of Operations

The following table sets forth our results of operations for the periods presented in dollars:

			Year Ended January 31,
			2021						2020						2019
			(in thousands)
Revenue
Subscription			$	796,613					$	552,688					$	370,855
Professional services and other			38,811						33,379						28,399
Total revenue			835,424						586,067						399,254
Cost of revenue
Subscription(1)			170,095						116,445						77,354
Professional services and other(1)			47,586						42,937						36,067
Total cost of revenue			217,681						159,382						113,421
Gross profit			617,743						426,685						285,833
Operating expenses
Research and development(1)			222,826						159,269						102,385
Sales and marketing(1)			427,350						340,356						227,960
General and administrative(1)			171,726						112,892						75,110
Total operating expenses			821,902						612,517						405,455
Operating loss			(204,159)						(185,832)						(119,622)
Interest expense			(72,660)						(27,017)						(15,072)
Interest income and other, net			12,891						17,089						9,180
Loss on early extinguishment and conversion of debt			(2,263)						(14,572)						—
Interest and other, net			(62,032)						(24,500)						(5,892)
Loss before provision for (benefit from) income taxes			(266,191)						(210,332)						(125,514)
Provision for (benefit from) income taxes			141						(1,419)						(17)
Net loss			$	(266,332)					$	(208,913)					$	(125,497)

(1)    Includes stock-based compensation expense as follows:

			Year Ended January 31,
			2021						2020						2019
			(in thousands)
Cost of subscription revenue			$	21,895					$	12,923					$	7,837
Cost of professional services and other revenue			8,083						7,164						4,983
Research and development			63,270						37,683						22,642
Sales and marketing			53,802						38,077						22,916
General and administrative			49,131						30,777						17,942
Total stock-based compensation expense			$	196,181					$	126,624					$	76,320

The following table sets forth our results of operations for the periods presented as a percentage of our total revenue:

			Year Ended January 31,
			2021						2020						2019
Revenue
Subscription			95		%				94		%				93		%
Professional services and other			5						6						7
Total revenue			100						100						100
Cost of revenue
Subscription			20						20						19
Professional services and other			6						7						9
Total cost of revenue			26						27						28
Gross profit			74						73						72
Operating expenses:
Research and development			27						27						26
Sales and marketing			51						58						57
General and administrative			20						20						19
Total operating expenses			98						105						102
Operating loss			(24)						(32)						(30)
Interest expense			(9)						(5)						(3)
Interest income and other, net			1						3						2
Loss on early extinguishment and conversion of debt			—						(2)						—
Interest and other, net			(8)						(4)						(1)
Loss before provision for (benefit from) income taxes			(32)						(36)						(31)
Provision for (benefit from) income taxes			—						—						—
Net loss			(32)		%				(36)		%				(31)		%

A discussion regarding our financial condition and results of operations for the year ended January 31, 2021 compared to the year ended January 31, 2020 is presented below. A discussion regarding our financial condition and results of operations for the year ended January 31, 2020 compared to the year ended January 31, 2019 can be found under Item 7 in our Annual Report on Form 10-K for the fiscal year ended January 31, 2020, filed with the SEC on March 6, 2020, which is available free of charge on the SEC’s website at www.sec.gov and our Investor Relations website at investor.okta.com.

Comparison of the Years Ended January 31, 2021 and 2020

Revenue

			Year Ended January 31,
			2021						2020						$ Change						% Change
			(dollars in thousands)
Revenue:
Subscription			$	796,613					$	552,688					$	243,925					44		%
Professional services and other			38,811						33,379						5,432						16
Total revenue			$	835,424					$	586,067					$	249,357					43		%
Percentage of revenue:
Subscription			95		%				94		%
Professional services and other			5						6
Total			100		%				100		%

Subscription revenue increased by $243.9 million, or 44%, for the year ended January 31, 2021 compared to the year ended January 31, 2020. The increase was primarily due to the addition of new customers as well as an increase in users and sales of additional products to existing customers.

Professional services and other revenue increased by $5.4 million, or 16%, for the year ended January 31, 2021 compared to the year ended January 31, 2020. The increase in professional services revenue was primarily related to an increase in implementation and other services associated with an increase in the number of new customers purchasing our subscription services.

			Year Ended January 31,
			2021						2020						$ Change						% Change
			(dollars in thousands)
Cost of revenue:
Subscription			$	170,095					$	116,445					$	53,650					46		%
Professional services and other			47,586						42,937						4,649						11
Total cost of revenue			$	217,681					$	159,382					$	58,299					37		%
Gross profit			$	617,743					$	426,685					$	191,058					45		%
Gross margin:
Subscription			79		%				79		%
Professional services and other			(23)						(29)
Total gross margin			74		%				73		%

Cost of subscription revenue increased by $53.7 million, or 46%, for the year ended January 31, 2021 compared to the year ended January 31, 2020, primarily due to an increase of $34.7 million in employee compensation costs related to higher headcount to support the growth in our subscription services, an increase of $6.8 million in software license costs and an increase of $6.7 million in third-party hosting costs as we increased capacity to support our growth.

Our gross margin for subscription revenue remained consistent at 79% during the year ended January 31, 2021, compared to the year ended January 31, 2020. While our gross margins for subscription revenue may fluctuate in the near-term as we invest in our growth, we expect our subscription revenue gross margin to improve over the long-term as we achieve additional economies of scale.

Cost of professional services and other revenue increased by $4.6 million, or 11%, for the year ended January 31, 2021, compared to the year ended January 31, 2020, primarily due to an increase of $3.7 million in employee compensation costs related to higher headcount.

Our gross margin for professional services and other revenue improved to (23)% during the year ended January 31, 2021 from (29)% during the year ended January 31, 2020 primarily due to increases in professional services and other revenue at a faster rate than increases in associated costs.

Research and Development Expenses

			Year Ended January 31,
			2021						2020						$ Change						% Change
			(dollars in thousands)
Research and development			$	222,826					$	159,269					$	63,557					40		%
Percentage of revenue			27		%				27		%

Research and development expenses increased $63.6 million, or 40%, for the year ended January 31, 2021 compared to the year ended January 31, 2020. The increase was primarily due to an increase of $57.6 million in employee compensation costs due to higher headcount.

Sales and Marketing Expenses

			Year Ended January 31,
			2021						2020						$ Change						% Change
			(dollars in thousands)
Sales and marketing			$	427,350					$	340,356					$	86,994					26		%
Percentage of revenue			51		%				58		%

General and Administrative Expenses

			Year Ended January 31,
			2021						2020						$ Change						% Change
			(dollars in thousands)
General and administrative			$	171,726					$	112,892					$	58,834					52		%
Percentage of revenue			20		%				20		%

General and administrative expenses increased $58.8 million, or 52%, for the year ended January 31, 2021 compared to the year ended January 31, 2020. The increase was primarily due to an increase of $41.3 million in employee compensation costs related to higher headcount to support our continued growth and an increase in non-cash charitable contributions of $7.5 million, partially offset by a decrease of $3.4 million in acquisition costs.

			Year Ended January 31,
			2021						2020						$ Change						% Change
			(dollars in thousands)
Interest expense			$	(72,660)					$	(27,017)					$	(45,643)					169		%
Interest income and other, net			12,891						17,089						(4,198)						(25)
Loss on early extinguishment and conversion of debt			(2,263)						(14,572)						12,309						(84)
Interest and other, net			$	(62,032)					$	(24,500)

Interest expense increased $45.6 million or 169% for the year ended January 31, 2021 compared to the year ended January 31, 2020, primarily related to an increase of $23.1 million and $31.5 million for the 2025 Notes and 2026 Notes, respectively, partially offset by a decrease of $9.0 million for the 2023 Notes, due to the partial repurchase of the 2023 Notes in September 2019 (First Partial Repurchase of 2023 Notes) and the partial repurchase of the 2023 Notes in June 2020 (Second Partial Repurchase of 2023 Notes, and together with the First Partial Repurchase of the 2023 Notes, the 2023 Notes Partial Repurchases).

Interest income and other, net decreased $4.2 million, or (25)% for the year ended January 31, 2021 compared to the year ended January 31, 2020, primarily due to lower interest rates, resulting in lower interest income earned on higher cash and cash equivalents and short-term investment balances.

Loss on early extinguishment and conversion of debt decreased $12.3 million for the year ended January 31, 2021 primarily due to differences in the loss on early extinguishment of debt recognized for the First Partial Repurchase of 2023 Notes in the year ended January 31, 2020 compared to the Second Partial Repurchase of 2023 Notes in the year ended January 31, 2021.

Non-GAAP Financial Measures

In addition to our results determined in accordance with U.S. generally accepted accounting principles, or GAAP, we believe the following non-GAAP measures are useful in evaluating our operating performance. We use the below referenced non-GAAP financial information, collectively, to evaluate our ongoing operations and for internal planning and forecasting purposes. We believe that non-GAAP financial information, when taken collectively with GAAP financial measures, may be helpful to investors because it provides consistency and comparability with past financial performance, and assists in comparisons with other companies, some of which use similar non-GAAP financial information to supplement their GAAP results. The non-GAAP financial information is presented for supplemental informational purposes only, and should not be considered a substitute for financial information presented in accordance with GAAP, and may be different from similarly-titled non-GAAP measures used by other companies. The principal limitation of these non-GAAP financial measures is that they exclude significant expenses that are required by GAAP to be recorded in our financial statements. In addition, they are subject to inherent limitations as they reflect the exercise of judgment by our management about which expenses are excluded or included in determining these non-GAAP financial measures. A reconciliation is provided below for each non-GAAP financial measure to the most directly comparable financial measure stated in accordance with GAAP. Investors are encouraged to review the related GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures, and not to rely on any single financial measure to evaluate our business.

Non-GAAP Gross Profit and Non-GAAP Gross Margin

We define non-GAAP gross profit and non-GAAP gross margin as GAAP gross profit and GAAP gross margin, adjusted for stock-based compensation expense included in cost of revenue and amortization of acquired intangibles.

			Year Ended January 31,
			2021						2020						2019
			(dollars in thousands)
Gross profit			$	617,743					$	426,685					$	285,833
Add:
Stock-based compensation expense included in cost of revenue			29,978						20,087						12,820
Amortization of acquired intangibles			6,373						5,488						832
Non-GAAP gross profit			$	654,094					$	452,260					$	299,485
Gross margin			74		%				73		%				72		%
Non-GAAP gross margin			78		%				77		%				75		%

Non-GAAP Operating Income (Loss) and Non-GAAP Operating Margin

We define non-GAAP operating income (loss) and non-GAAP operating margin as GAAP operating loss and GAAP operating margin, adjusted for stock-based compensation expense, non-cash charitable contributions, amortization of acquired intangibles and acquisition-related expenses.

			Year Ended January 31,
			2021						2020						2019
			(dollars in thousands)
Operating loss			$	(204,159)					$	(185,832)					$	(119,622)
Add:
Stock-based compensation expense			196,181						126,624						76,320
Non-cash charitable contributions			9,292						1,746						1,008
Amortization of acquired intangibles			6,373						5,488						832
Acquisition-related expenses(1)			—						3,449						—
Non-GAAP operating income (loss)			$	7,687					$	(48,525)					$	(41,462)
Operating margin			(24)		%				(32)		%				(30)		%
Non-GAAP operating margin			1		%				(8)		%				(10)		%

(1)    We define acquisition-related expenses as costs associated with acquisitions, including transaction costs and other non-recurring incremental costs incurred.

Non-GAAP Net Income (Loss) and Non-GAAP Net Margin

We define non-GAAP net income (loss) and non-GAAP net margin as GAAP net loss and GAAP net margin, adjusted for stock-based compensation expense, non-cash charitable contributions, amortization of acquired intangibles, acquisition-related expenses, amortization of debt discount and debt issuance costs and loss on early extinguishment and conversion of debt.

			Year Ended January 31,
			2021						2020(1)						2019(1)
			(dollars in thousands)
Net loss			$	(266,332)					$	(208,913)					$	(125,497)
Add:
Stock-based compensation expense			196,181						126,624						76,320
Non-cash charitable contributions			9,292						1,746						1,008
Amortization of acquired intangibles			6,373						5,488						832
Acquisition-related expenses(2)			—						3,449						—
Amortization of debt discount and debt issuance costs(3)			68,424						25,892						14,387
Loss on early extinguishment and conversion of debt(4)			2,263						14,572						—
Non-GAAP net income (loss)			$	16,201					$	(31,142)					$	(32,950)
Net margin			(32)		%				(36)		%				(31)		%
Non-GAAP net margin			2		%				(5)		%				(8)		%

Non-GAAP Net Income (Loss) Per Share, Basic and Diluted

We define non-GAAP net income (loss) per share, basic, as non-GAAP net income (loss) divided by GAAP weighted-average shares used to compute net loss per share, basic and diluted.

We define non-GAAP net income (loss) per share, diluted, as non-GAAP net income (loss) divided by GAAP weighted-average shares used to compute net loss per share, basic and diluted adjusted for the potentially dilutive effect of (i) employee equity incentive plans, excluding the impact of unrecognized stock-based compensation expense, and (ii) convertible senior notes outstanding and related warrants. In addition, non-GAAP net income (loss) per share, diluted, includes the anti-dilutive impact of the Company’s note hedge and capped call agreements on convertible senior notes outstanding, which fully reduced the potential dilutive effect of the convertible senior notes outstanding. Accordingly, the Company did not record any adjustments to non-GAAP net income (loss) for the potential impact of the convertible senior notes outstanding under the if-converted method.

			Year Ended January 31,
			2021						2020(1)						2019(1)
			(dollars in thousands)
Net loss			$	(266,332)					$	(208,913)					$	(125,497)
Add:
Stock-based compensation expense			196,181						126,624						76,320
Non-cash charitable contributions			9,292						1,746						1,008
Amortization of acquired intangibles			6,373						5,488						832
Acquisition-related expenses(2)			—						3,449						—
Amortization of debt discount and debt issuance costs(3)			68,424						25,892						14,387
Loss on early extinguishment and conversion of debt(4)			2,263						14,572						—
Non-GAAP net income (loss)			$	16,201					$	(31,142)					$	(32,950)
Weighted-average shares used to compute net loss per share, basic and diluted			127,212						117,221						107,504
Non-GAAP weighted-average effect of potentially dilutive securities			15,171						—						—
Non-GAAP weighted-average shares used to compute non-GAAP net income (loss) per share, diluted			142,383						117,221						107,504
Net loss per share, basic and diluted			$	(2.09)					$	(1.78)					$	(1.17)
Non-GAAP net income (loss) per share, basic(5)			$	0.13					$	(0.27)					$	(0.31)
Non-GAAP net income (loss) per share, diluted(5)			$	0.11					$	(0.27)					$	(0.31)

Free Cash Flow and Free Cash Flow Margin

We define Free Cash Flow as net cash provided by operating activities, less cash used for purchases of property and equipment, net of sales proceeds, and capitalized internal-use software costs. Free cash flow margin is calculated as free cash flow divided by total revenue.

			Year Ended January 31,
			2021						2020						2019
			(in thousands)
Net cash provided by operating activities			$	127,962					$	55,603					$	15,172
Less:
Purchases of property and equipment			(13,083)						(15,442)						(19,811)
Capitalization of internal-use software costs			(4,159)						(3,888)						(2,851)
Proceeds from sales of property and equipment			—						—						740
Free cash flow			$	110,720					$	36,273					$	(6,750)
Net cash used in investing activities			$	(1,305,146)					$	(688,041)					$	(197,320)
Net cash provided by financing activities			$	1,091,598					$	853,385					$	357,762
Free cash flow margin			13		%				6		%				(2)		%

Calculated Billings

We define Calculated Billings as total revenue plus the change in deferred revenue and less the change in unbilled receivables during the period.

			Year Ended January 31,
			2021						2020						2019
			(in thousands)
Total revenue			$	835,424					$	586,067					$	399,254
Add:
Deferred revenue (end of period)			513,598						371,450						254,390
Unbilled receivables (beginning of period)			1,026						1,457						809
Less:
Unbilled receivables (end of period)			(2,604)						(1,026)						(1,457)
Deferred revenue (beginning of period)			(371,450)						(254,390)						(164,779)
Calculated billings			$	975,994					$	703,558					$	488,217

Liquidity and Capital Resources

As of January 31, 2021, our principal sources of liquidity were cash, cash equivalents and short-term investments totaling $2,556.2 million, which were held for working capital purposes. Our cash equivalents and investments consisted primarily of U.S. treasury securities, money market funds and corporate debt securities. Historically, we have generated significant operating losses and both positive and negative cash flows from operations as reflected in our accumulated deficit and consolidated statements of cash flows. We expect to continue to incur operating losses and cash flows from operations that may fluctuate between positive and negative amounts for the foreseeable future.

In February 2018, we completed our private offering of the 2023 Notes due on February 15, 2023 and received aggregate proceeds of $345.0 million, before deducting costs of issuance of $10.0 million. The interest rate on the 2023 Notes is fixed at 0.25% per annum and is payable semi-annually in arrears on February 15 and August 15 of each year, beginning on August 15, 2018. In connection with the issuance of the 2023 Notes, we entered into convertible note hedges (Note Hedges) with respect to our Class A common stock. We used an aggregate amount of $80.0 million of the net proceeds from the sale of the 2023 Notes to purchase the Note Hedges. The cost of the Note Hedges was partially offset by proceeds of $52.4 million from the sale of warrants to purchase shares of our Class A common stock (Warrants) in connection with the issuance of the 2023 Notes.

In September 2019, we completed our private offering of the 2025 Notes due on September 1, 2025 and received aggregate proceeds of $1,060.0 million, before deducting issuance costs of approximately $19.3 million. The interest rate on the 2025 Notes is fixed at 0.125% per annum and is payable semi-annually in arrears on March 1 and September 1 of each year, beginning on March 1, 2020. In connection with the 2025 Notes, we entered into capped call transactions (2025 Capped Calls) with respect to our Class A common stock. We used an aggregate amount of $74.1 million of the net proceeds from the sale of the 2025 Notes to purchase the 2025 Capped Calls.

Concurrent with the private offering of the 2025 Notes, we repurchased $224.4 million principal amount of the 2023 Notes in privately-negotiated transactions for aggregate consideration of $604.8 million, including approximately $224.4 million in cash and approximately 3.0 million shares of Class A common stock. We also terminated a portion of our existing Note Hedges and Warrants in amounts corresponding to the principal amount of the First Partial Repurchase of 2023 Notes for net proceeds of $47.2 million.

In June 2020, we completed our private offering of the 2026 Notes due on June 15, 2026 and received aggregate proceeds of $1,150.0 million, before deducting issuance costs of approximately $15.2 million. The interest rate on the 2026 Notes is fixed at 0.375% per year and is payable semi-annually in arrears on June 15 and December 15 of each year, beginning on December 15, 2020. In connection with the 2026 Notes, we entered into capped call transactions (2026 Capped Calls) with respect to our Class A common stock. We used an aggregate amount of $134.0 million of the net proceeds from the sale of the 2026 Notes to purchase the 2026 Capped Calls.

Concurrent with the private offering of the 2026 Notes, we repurchased $69.9 million principal amount of the 2023 Notes in privately-negotiated transactions for aggregate consideration of $260.5 million, including approximately 1.4 million shares of Class A common stock and $0.2 million in cash. We also terminated a portion of our existing Note Hedges and Warrants in amounts corresponding to the principal amount of the Second Partial Repurchase of 2023 Notes for net proceeds of $19.6 million.

Through the year ended January 31, 2021, we converted approximately $10.4 million principal amount of 2023 Notes (not in connection with the Second Partial Repurchase of 2023 Notes) and exercised corresponding Note Hedges. In connection with these transactions, we issued approximately 0.2 million shares of Class A common stock and made immaterial cash payments and received approximately 0.2 million shares of Class A common stock and an immaterial cash payment.

During the fourth quarter of fiscal 2021, we received additional conversion requests and settled approximately $4.3 million aggregate principal amount of the 2023 Notes, primarily in shares of Class A common stock, in the first quarter of fiscal 2022. In addition, subsequent to January 31, 2021, the Company has received conversion requests for approximately $3.2 million aggregate principal amount of the 2023 Notes.

While the potential impacts of the COVID-19 pandemic may create near-term headwinds for cash flow caused by factors such as delays in customer payments and delays in deals closing, we believe our existing cash and cash equivalents, our investments and cash provided by sales of our products and services will be sufficient to meet our short-term and long-term projected working capital and capital expenditure needs for the foreseeable future. Our future capital requirements will depend on many factors, including our subscription growth rate, subscription renewal activity, billing frequency, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the expansion of our international operations, the introduction of new and enhanced product offerings, and the continuing market adoption of our platform. We continue to assess our capital structure and evaluate the merits of deploying available cash. We may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all. If we are unable to raise additional capital or generate cash flows necessary to expand our operations and invest in new technologies, this could reduce our ability to compete successfully and harm our results of operations.

A significant majority of our customers pay in advance for annual subscriptions. Therefore, a substantial source of our cash is from our deferred revenue, which is included on our consolidated balance sheet as a liability. Deferred revenue consists of the unearned portion of billed fees for our subscriptions, which is recognized as revenue in accordance with our revenue recognition policy. As of January 31, 2021, we had deferred revenue of $513.6 million, of which $502.7 million was recorded as a current liability and is expected to be recorded as revenue in the next 12 months, provided all other revenue recognition criteria have been met.

On March 3, 2021, we and Auth0 entered into the Merger Agreement, pursuant to which we agreed to acquire Auth0, subject to the terms and conditions set forth therein. If consummated, the acquisition of Auth0 may have a significant impact on our liquidity, financial condition and results of operations.

Cash Flows

The following table summarizes our cash flows for the periods indicated:

			Year Ended January 31,
			2021						2020						2019
			(in thousands)
Net cash provided by operating activities			$	127,962					$	55,603					$	15,172
Net cash used in investing activities			(1,305,146)						(688,041)						(197,320)
Net cash provided by financing activities			1,091,598						853,385						357,762
Effects of changes in foreign currency exchange rates on cash, cash equivalents and restricted cash			2,263						(209)						(632)
Net (decrease) increase in cash, cash equivalents and restricted cash			$	(83,323)					$	220,738					$	174,982

Operating Activities

Our largest source of operating cash is cash collections from our customers for subscription and professional services. Our primary uses of cash from operating activities are for employee-related expenditures, marketing expenses and third-party hosting costs. In recent periods, we have supplemented working capital requirements through net proceeds from the issuance of the 2023, 2025 and 2026 Notes in February 2018, September 2019 and June 2020, respectively, and from our initial public offering (IPO) in April 2017.

During the year ended January 31, 2021, cash provided by operating activities was $128.0 million primarily due to our net loss of $266.3 million, adjusted for non-cash charges of $357.0 million and net cash inflows of $37.3 million provided by changes in our operating assets and liabilities. Non-cash charges primarily consisted of stock-based compensation, amortization of debt discount and issuance costs, amortization of deferred commissions, depreciation and amortization of property and equipment and intangible assets, non-cash charitable contributions, loss on early extinguishment and conversion of debt and deferred income taxes. The primary drivers of the changes in operating assets and liabilities related to a $142.1 million increase in deferred revenue, a $53.8 million increase in accounts payable, accrued compensation and accrued other expenses and a $19.1 million decrease in operating lease right-of-use assets, partially offset by a $81.0 million increase in deferred commissions, a $66.4 million increase in accounts receivable, a $17.2 million decrease in operating lease liabilities and a $13.2 million increase in prepaid expenses and other assets.

During the year ended January 31, 2020, cash provided by operating activities was $55.6 million primarily due to our net loss of $208.9 million, adjusted for non-cash charges of $213.0 million and net cash inflows of $51.5 million provided by changes in our operating assets and liabilities. Non-cash charges primarily consisted of stock-based compensation, amortization of deferred commissions, amortization of debt discount and issuance costs, depreciation and amortization of property and equipment and intangible assets, deferred income taxes, non-cash charitable contributions and loss on early extinguishment of debt. The primary drivers of the changes in operating assets and liabilities related to a $116.4 million increase in deferred revenue, a $34.7 million increase in accounts payable, accrued compensation, and accrued other expenses and a $13.0 million decrease in operating lease right-of-use assets, partially offset by a $61.2 million increase in deferred commissions, a $37.5 million increase in accounts receivable, a $9.7 million decrease in operating lease liabilities and a $4.1 million increase in prepaid expenses and other assets.

Investing Activities

Net cash used in investing activities during the year ended January 31, 2021 of $1,305.1 million was primarily attributable to the purchases of investments of $2,029.0 million, purchases of property and equipment of $13.1 million to support additional office space and headcount and the capitalization of internal-use software costs of $4.2 million associated with the development of additional features and functionality for our platform. These activities were offset by proceeds from the sales and maturities of investments of $741.3 million.

Net cash used in investing activities during the year ended January 31, 2020 of $688.0 million was primarily attributable to the purchases of investments of $999.4 million, payment of $44.3 million, net of cash acquired, in connection with an acquisition, purchases of property and equipment of $15.4 million to support additional office space and headcount, payment of $8.6 million in connection with the purchase of developed technology intangible assets and the capitalization of internal-use software costs of $3.9 million associated with the development of additional features and functionality for our platform. These activities were offset by proceeds from the sales and maturities of investments of $383.5 million.

Financing Activities

Cash provided by financing activities during the year ended January 31, 2021 of $1,091.6 million was primarily attributable to the issuance of the 2026 Notes for proceeds of $1,134.8 million, net of issuance costs and proceeds from the termination of Note Hedges of $195.0 million, offset by payments for termination of Warrants of $175.4 million and the purchase of the 2026 Capped Calls of $134.0 million. Other items impacting cash provided by financing activities include proceeds from the exercise of stock options of $45.6 million and proceeds from our employee stock purchase plan (ESPP) of $25.9 million.

Cash provided by financing activities during the year ended January 31, 2020 of $853.4 million was primarily attributable to the issuance of the 2025 Notes for proceeds of $1,040.7 million, net of issuance costs, and proceeds from the termination of Note Hedges of $405.9 million, offset by payments for termination of Warrants of $358.6

million, payments for the First Partial Repurchase of 2023 Notes of $224.4 million, and the purchase of the 2025 Capped Calls of $74.1 million. Other items impacting cash provided by financing activities include proceeds from the exercise of stock options of $45.4 million and proceeds from our ESPP of $18.8 million.

Obligations and Other Commitments

Our principal commitments consist of obligations under our convertible senior notes, operating leases for office space, data center hosting facilities, and other sales and marketing obligations. Our obligations under our convertible senior notes are described in the "Liquidity and Capital Resources" section of Item 7 of this Annual Report on Form 10-K and in Note 9 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K. Information regarding our non-cancellable lease and other purchase commitments as of January 31, 2021 can be found in Notes 10 and 11 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.

Indemnification Agreements

In the ordinary course of business, we enter into agreements of varying scope and terms pursuant to which we agree to indemnify customers, vendors, lessors, business partners and other parties with respect to certain matters, including, but not limited to, losses arising out of the breach of such agreements, services to be provided by us or from intellectual property infringement claims made by third parties. In addition, we have entered into indemnification agreements with our directors and certain officers and employees that will require us, among other things, to indemnify them against certain liabilities that may arise by reason of their status or service as directors, officers or employees. No demands have been made upon us to provide indemnification under such agreements and there are no claims that we are aware of that could have a material effect on our consolidated balance sheets, consolidated statements of operations and comprehensive loss, or consolidated statements of cash flows.

Critical Accounting Policies and Estimates

We prepare our consolidated financial statements in accordance with GAAP. In the preparation of these consolidated financial statements, we are required to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, costs and expenses, and related disclosures. To the extent that there are material differences between these estimates and actual results, our financial condition or results of operations would be affected. We base our estimates on past experience and other assumptions that we believe are reasonable under the circumstances, and we evaluate these estimates on an ongoing basis. We refer to accounting estimates of this type as critical accounting policies and estimates, which we discuss below.

Revenue Recognition

We derive revenue from subscription fees (which include support fees) and professional services fees. We sell subscriptions to our platform through arrangements that are generally one to five years in length. Our arrangements are generally non-cancellable and non-refundable. Furthermore, if a customer reduces the contracted usage or service level, the customer has no right of refund. Our subscription arrangements do not provide customers with the right to take possession of the software supporting the platform and, as a result, are accounted for as service arrangements. This revenue recognition policy is consistent for sales generated directly with customers and sales generated indirectly through channel partners.

We determine revenue recognition through the following steps:

•Identification of the contract, or contracts, with a customer;

•Identification of the performance obligations in the contract;

•Determination of the transaction price;

•Allocation of the transaction price to the performance obligations in the contract; and

•Recognition of revenue when, or as, we satisfy a performance obligation.

Subscription Revenue

Subscription revenue, which includes support, is recognized on a straight-line basis over the non-cancellable contractual term of the arrangement, generally beginning on the date that our service is made available to the customer.

Professional Services Revenue

Our professional services principally consist of customer-specific requests for application integrations, user interface enhancements and other customer specific requests. Revenue for our professional services is recognized as services are performed in proportion with their pattern of transfer.

Contracts with Multiple Performance Obligations

Some of our contracts with customers contain multiple performance obligations. For these contracts, we account for individual performance obligations separately if they are distinct. The transaction price is allocated to the separate performance obligations on a relative stand-alone selling price (SSP) basis. We determine SSP based on observable prices, if available, for those related services when sold separately. When such observable prices are not available, we determine SSP based on overarching pricing objectives and strategies, taking into consideration market conditions and other factors, including customer size, volume purchased, market and industry conditions, product-specific factors and historical sales of the deliverables.

Deferred Commissions

Sales commissions earned by our sales force are considered incremental and recoverable costs of obtaining a contract with a customer. Sales commissions for new revenue contracts, including incremental sales to existing customers, are deferred and then amortized on a straight-line basis over a period of benefit, which we have determined to be generally five years. We determined the period of benefit by taking into consideration the terms of our customer contracts, our technology and other factors. Sales commissions for renewal contracts (which are not considered commensurate with sales commissions for new revenue contracts and incremental sales to existing customers) are deferred and then amortized on a straight-line basis over the related period of benefit, which is generally the related contract renewal term. Amortization expense is included in sales and marketing expenses in our consolidated statements of operations.

Deferred commissions on our consolidated balance sheets totaled $154.5 million and $111.5 million at January 31, 2021 and 2020, respectively.

Business Combinations

When we acquire a business, the purchase price is allocated to the net tangible and identifiable intangible assets acquired based on their estimated fair values. Any residual purchase price is recorded as goodwill. The allocation of the purchase price requires management to make significant estimates in determining the fair values of assets acquired and liabilities assumed, especially with respect to intangible assets. These estimates can include, but are not limited to, the cash flows that an asset is expected to generate in the future, the appropriate weighted-average cost of capital and the cost savings expected to be derived from acquiring an asset. These estimates are inherently uncertain and unpredictable. During the measurement period, which may be up to one year from the acquisition date, adjustments to the fair value of these tangible and intangible assets acquired and liabilities assumed may be recorded, with the corresponding offset to goodwill. Upon the conclusion of the measurement period or final determination of the fair value of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are recorded to our consolidated statements of operations.

Convertible Senior Notes

We account for the issuance of convertible senior notes in accordance with Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) Subtopic 470-20, Debt with Conversion and Other Options. Pursuant to ASC Subtopic 470-20, as our Notes have a net settlement feature and may be settled wholly or partially in cash upon conversion, we are required to separately account for the liability (debt) and equity (conversion option) components of the instrument. The carrying amount of the liability component is computed by estimating the fair value of a similar liability without the conversion option using income and market based approaches. For the income-based approach, we use a convertible bond pricing model that includes several assumptions such as volatility, the risk-free rate, and observable trading activity for the Company's existing Notes. For the market-based approach, we observe the price of derivative instruments purchased in conjunction with our convertible senior note issuances or we evaluate issuances of convertible debt securities by other companies with similar credit risk ratings at the time of issuance. The amount of the equity component is then calculated by deducting the fair value of the liability component from the principal amount of the instrument. This difference represents a debt discount that is amortized to interest expense over the respective terms of the Notes using an effective interest rate method. The equity component is not remeasured as long as it continues to meet the conditions for equity classification. In accounting for the issuance costs related to the Notes, the allocation of issuance costs incurred between the liability and equity components were based on their relative values.

Similarly, in accordance with ASC Subtopic 470-20, transactions involving contemporaneous exchanges of cash between the same debtor and creditor in connection with the issuance of a new debt obligation and satisfaction of an existing debt obligation by the debtor should be evaluated as a modification or an exchange transaction depending on whether the exchange is determined to have substantially different terms. When the exchange is deemed to have substantially different terms due to a significant difference between the value of the conversion option immediately prior to and after the exchange, the transaction is accounted for as a debt extinguishment. Pursuant to ASC Subtopic 470-20, total consideration for the satisfaction of an existing debt obligation is separated into liability and equity components by estimating the fair value of a similar liability without a conversion option and assigning the residual value to the equity component. The effective interest rate used to estimate the fair value of the liability component is based on the income and market based approaches used to determine the effective interest rate of the new debt obligation, adjusted for the remaining tenor of the extinguished debt. The difference between the fair value and the amortized carrying value of the extinguished debt, net of the proportionate amounts of unamortized debt discount and remaining unamortized debt issuance costs, is recorded as a gain or loss on extinguishment.

Recent Accounting Pronouncements

See Note 2 to our consolidated financial statements “Summary of Significant Accounting Policies — Recently Adopted Accounting Pronouncements" and " — Recently Issued Accounting Pronouncements Not Yet Adopted” for more information.

Foreign Currency Exchange Risk

The functional currencies of our foreign subsidiaries are the respective local currencies. Most of our sales are denominated in U.S. dollars, and therefore our revenue is not currently subject to significant foreign currency risk. Our operating expenses are denominated in the currencies of the countries in which our operations are located, which are primarily in the United States, the United Kingdom, Canada and Australia. Our consolidated results of operations and cash flows are, therefore, subject to fluctuations due to changes in foreign currency exchange rates and may be adversely affected in the future due to changes in foreign exchange rates. To date, we have not entered into any hedging arrangements with respect to foreign currency risk or other derivative financial instruments. During the years ended January 31, 2021, 2020 and 2019, a hypothetical 10% change in foreign currency exchange rates applicable to our business would not have had a material impact on our consolidated financial statements.

Interest Rate Risk

We had cash, cash equivalents and short-term investments totaling $2,556.2 million as of January 31, 2021, of which $2,432.8 million was invested in money market funds, U.S. treasury securities and corporate debt securities. Our cash and cash equivalents are held for working capital purposes. Our short-term investments are made for capital preservation purposes. We do not enter into investments for trading or speculative purposes.

Our cash equivalents and our investment portfolio are subject to market risk due to changes in interest rates. Fixed rate securities may have their market value adversely affected due to a rise in interest rates. Due in part to these factors, our future investment income may fall short of our expectations due to changes in interest rates or we may suffer losses in principal if we are forced to sell securities that decline in market value due to changes in interest rates. However, because we classify our short-term investments as “available for sale,” no gains are recognized due to changes in interest rates. As losses due to changes in interest rates are generally not considered to be credit related changes, no losses in such securities are recognized due to changes in interest rates unless we intend to sell, it is more likely than not that we will be required to sell, we sell prior to maturity or we otherwise determine that all or a portion of the decline in fair value are due to credit related factors.

As of January 31, 2021, a hypothetical 10% relative change in interest rates would not have had a material impact on the value of our cash equivalents or investment portfolio. Fluctuations in the value of our cash equivalents and investment portfolio caused by a change in interest rates (gains or losses on the carrying value) are recorded in other comprehensive income (loss), and are realized only if we sell the underlying securities prior to maturity.

Convertible Senior Notes

In February 2018, we issued the 2023 Notes due February 15, 2023 with a principal amount of $345.0 million, of which $224.4 million and $69.9 million were repurchased in September 2019 and June 2020, respectively. Concurrently with the issuance of the 2023 Notes, we entered into separate Note Hedges and Warrant transactions, a portion of which were terminated in September 2019 and June 2020 in connection with the 2023 Notes Partial Repurchases. The Note Hedges were completed to reduce the potential dilution from the conversion of the 2023 Notes. Additionally, through the year ended January 31, 2021, we received and completed requests to convert $10.4 million principal amount of the 2023 Notes (not in connection with the Second Partial Repurchase of 2023 Notes) and exercised a corresponding amount of Note Hedges. During the fourth quarter of fiscal 2021, we received additional conversion requests for $4.3 million principal amount of the 2023 Notes that were settled in the first quarter of fiscal 2022. In addition, subsequent to January 31, 2021, we received conversion requests for approximately $3.2 million principal amount of the 2023 Notes.

In September 2019, we issued the 2025 Notes due September 1, 2025 with a principal amount of $1,060.0 million. Concurrently with the issuance of the 2025 Notes, we entered into separate capped call transactions. The 2025 Capped Calls were completed to reduce the potential dilution from the conversion of the 2025 Notes.

In June 2020, we issued the 2026 Notes due June 15, 2026 with a principal amount of $1,150.0 million. Concurrently with the issuance of the 2026 Notes, we entered into separate capped call transactions. The 2026 Capped Calls were completed to reduce the potential dilution from the conversion of the 2026 Notes.

The 2023 Notes, 2025 Notes and 2026 Notes have a fixed annual interest rate of 0.25%, 0.125% and 0.375%, respectively; accordingly, we do not have economic interest rate exposure on the Notes. However, the fair value of the Notes is exposed to interest rate risk. Generally, the fair market value of the fixed interest rate of the

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

			Page
Reports of Ernst & Young LLP, Independent Registered Public Accounting Firm			76
Consolidated Balance Sheets			80
Consolidated Statements of Operations			81
Consolidated Statements of Comprehensive Loss			82
Consolidated Statements of Stockholders’ Equity (Deficit)			83
Consolidated Statements of Cash Flows			85
Notes to Consolidated Financial Statements			87

Opinion on the Financial Statements

We have audited the accompanying consolidated balance sheets of Okta, Inc. (the Company) as of January 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, stockholders' equity (deficit), and cash flows for each of the three years in the period ended January 31, 2021, and the related notes (collectively referred to as the “consolidated financial statements”). In our opinion, the consolidated financial statements present fairly, in all material respects, the financial position of the Company at January 31, 2021 and 2020, and the results of its operations and its cash flows for each of the three years in the period ended January 31, 2021, in conformity with U.S. generally accepted accounting principles.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of January 31, 2021, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) and our report dated March 4, 2021 expressed an unqualified opinion thereon.

These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company’s financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

Critical Audit Matters

The critical audit matters communicated below are matters arising from the current period audit of the financial statements that were communicated or required to be communicated to the audit committee and that: (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion on the consolidated financial statements, taken as a whole, and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate.

						Revenue recognition - Identifying and evaluating terms and conditions in contracts

Description of the Matter						As explained in Note 2 to the consolidated financial statements, the Company derives revenue from subscription fees and professional services fees. The Company’s arrangements are generally non-cancellable and non-refundable. In addition, the arrangements do not provide customers with the right to take possession of the software and, as a result, are accounted for as service arrangements. Subscription revenue, which includes support, is recognized on a straight-line basis over the non-cancellable contractual term of the arrangement, generally beginning on the date that the Company’s service is made available to the customer. Revenue for the Company’s professional services is recognized as services are performed in proportion to their pattern of transfer. Auditing the Company’s accounting for revenue recognition was challenging, specifically related to the appropriate identification and evaluation of non-standard terms and conditions. For example, certain non-standard terms and conditions required judgment to identify the distinct performance obligations and determine the timing of revenue recognition.
How We Addressed the Matter in Our Audit						We obtained an understanding, evaluated the design and tested the operating effectiveness of the Company’s internal controls over the identification and evaluation of terms and conditions in contracts that impact revenue recognition, including the identification of performance obligations and the determination of the timing of revenue recognition. This included testing relevant controls over the information systems that are used in the initiation, billing and recording of revenue transactions. Among other procedures, on a sample basis, we tested the completeness and accuracy of management’s identification and evaluation of the non-standard terms and conditions in contracts. We also tested amounts recognized pursuant to contractual terms and conditions by examining the relationship between revenue recognized and accounts receivable and related cash collections. Further, we selected a sample of contractual arrangements to test that management had properly assessed the impact of any non-standard terms on the identified performance obligations and timing of revenue recognition. Additionally, to verify completeness of non-standard terms and conditions, we obtained confirmations of terms and conditions for a sample of arrangements with customers.
						Convertible Notes

Description of the Matter						As explained in Note 9 to the consolidated financial statements, in June 2020 the Company issued $1.15 billion of convertible senior notes due June 15, 2026 (2026 Notes), which permit the Company to settle in cash or stock at its option. Concurrent with the offering of the 2026 Notes, the Company entered into separate capped call transactions to reduce potential dilution upon conversion of the 2026 Notes. Simultaneous with the issuance of the 2026 Notes, the Company repurchased a portion of the convertible notes issued in February 2018, due February 15, 2023 (2023 Notes) (Second Partial Repurchase of 2023 Notes), and accounted for this transaction as a debt extinguishment. These transactions are collectively referred to as the Convertible Notes Transactions. Auditing the Company’s accounting for the Convertible Notes Transactions was complex due to the significant judgment required in determining the liability component of the related convertible notes as well as the balance sheet classification of the elements of the 2026 Notes. The Company accounted for the Convertible Notes Transactions as separate liability and equity components, determined the fair value of the respective liability components based on an estimate of the fair value of a similar liability without a conversion option and assigned the residual value to the equity component. The Company estimated the fair value of the liability component of the 2026 Notes, 2025 Notes and 2023 Notes using a discounted cash flow model with a risk adjusted yield for similar debt instruments, absent any embedded conversion feature. In estimating the risk adjusted yield, the Company used both an income and market approach. For the income approach, the Company used a convertible bond pricing model, which included several assumptions including volatility, risk-free rate, and observable trading activity for the Company’s existing Notes. For the market approach, the Company performed an evaluation of issuances of convertible debt securities by other comparable companies. Additionally, a detailed analysis of the terms of the 2026 Notes was required to determine existence of any derivatives that may require separate mark-to-market accounting under applicable accounting guidance.
How We Addressed the Matter in Our Audit						We obtained an understanding, evaluated the design, and tested the operating effectiveness of controls over the Company’s Convertible Notes Transactions. For example, we tested the Company’s controls over the initial recognition and measurement of the Convertible Notes Transactions, including the recording of the associated liability and equity components. Our testing of the Company’s initial accounting for the Convertible Notes Transactions, among other procedures, included reading the underlying agreements and evaluating the Company’s accounting analysis of the initial accounting of the Convertible Notes Transactions, including the determination of the balance sheet classification of each transaction, identification of any derivatives included in the arrangements, and determination that the Second Partial Repurchase of 2023 Notes was a debt extinguishment. Our testing of the fair value of the liability components of the 2026 Notes and the Second Partial Repurchase of 2023 Notes, included, among other procedures, evaluating the Company's selection of the valuation methodology and significant assumptions and evaluating the completeness and accuracy of the underlying data supporting the significant assumptions and estimates. Specifically, when assessing the key assumptions, we focused on the Company’s assumptions used to determine the risk adjusted yield as well as its analysis of comparable issuances of debt securities by other companies. In addition, we involved a valuation specialist to assist in our evaluation of the significant assumptions and methodology used by the Company.

Report of Ernst & Young LLP, Independent Registered Public Accounting Firm

To the Stockholders and the Board of Directors of Okta, Inc.

Opinion on Internal Control Over Financial Reporting

We have audited Okta, Inc.’s internal control over financial reporting as of January 31, 2021, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (2013 framework) (the COSO criteria). In our opinion, Okta, Inc. (the Company) maintained, in all material respects, effective internal control over financial reporting as of January 31, 2021, based on the COSO criteria.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated balance sheets of the Company as of January 31, 2021 and 2020, the related consolidated statements of operations, comprehensive loss, stockholders' equity (deficit), and cash flows for each of the three years in the period ended January 31, 2021, and the related notes and our report dated March 4, 2021 expressed an unqualified opinion thereon.

Basis for Opinion

The Company’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects.

Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

Definition and Limitations of Internal Control Over Financial Reporting

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

OKTA, INC.

CONSOLIDATED BALANCE SHEETS

(in thousands, except per share data)

			As of January 31,
			2021						2020
Assets
Current assets:
Cash and cash equivalents			$	434,607					$	520,048
Short-term investments			2,121,584						882,976
Accounts receivable, net of allowances of $3,451 and $1,166			194,818						130,115
Deferred commissions			45,949						33,636
Prepaid expenses and other current assets			81,609						32,950
Total current assets			2,878,567						1,599,725
Property and equipment, net			62,783						53,535
Operating lease right-of-use assets			149,604						125,204
Deferred commissions, noncurrent			108,555						77,874
Intangible assets, net			27,009						32,529
Goodwill			48,023						48,023
Other assets			24,256						18,505
Total assets			$	3,298,797					$	1,955,395
Liabilities and stockholders’ equity
Current liabilities:
Accounts payable			$	8,557					$	3,837
Accrued expenses and other current liabilities			53,729						36,887
Accrued compensation			71,906						40,300
Convertible senior notes, net			908,684						100,703
Deferred revenue			502,738						365,236
Total current liabilities			1,545,614						546,963
Convertible senior notes, net, noncurrent			857,387						837,002
Operating lease liabilities, noncurrent			179,518						154,511
Deferred revenue, noncurrent			10,860						6,214
Other liabilities, noncurrent			11,375						5,361
Total liabilities			2,604,754						1,550,051
Commitments and contingencies (Note 11)
Stockholders’ equity:
Preferred stock, par value $0.0001 per share; 100,000 shares authorized, no shares issued and outstanding as of January 31, 2021 and 2020			—						—
Class A Common stock, par value $0.0001 per share; 1,000,000 shares authorized; 122,824 and 113,990 shares issued and outstanding as of January 31, 2021 and 2020, respectively			12						11
Class B Common stock, par value $0.0001 per share; 120,000 shares authorized; 8,159 and 8,648 shares issued and outstanding as of January 31, 2021 and 2020, respectively			1						1
Additional paid-in capital			1,656,096						1,105,564
Accumulated other comprehensive income			5,390						892
Accumulated deficit			(967,456)						(701,124)
Total stockholders’ equity			694,043						405,344
Total liabilities and stockholders’ equity			$	3,298,797					$	1,955,395

See Notes to Consolidated Financial Statements.

OKTA, INC.

CONSOLIDATED STATEMENTS OF OPERATIONS

(in thousands, except per share data)

			Year Ended January 31,
			2021						2020						2019
Revenue
Subscription			$	796,613					$	552,688					$	370,855
Professional services and other			38,811						33,379						28,399
Total revenue			835,424						586,067						399,254
Cost of revenue
Subscription			170,095						116,445						77,354
Professional services and other			47,586						42,937						36,067
Total cost of revenue			217,681						159,382						113,421
Gross profit			617,743						426,685						285,833
Operating expenses
Research and development			222,826						159,269						102,385
Sales and marketing			427,350						340,356						227,960
General and administrative			171,726						112,892						75,110
Total operating expenses			821,902						612,517						405,455
Operating loss			(204,159)						(185,832)						(119,622)
Interest expense			(72,660)						(27,017)						(15,072)
Interest income and other, net			12,891						17,089						9,180
Loss on early extinguishment and conversion of debt			(2,263)						(14,572)						—
Interest and other, net			(62,032)						(24,500)						(5,892)
Loss before provision for (benefit from) income taxes			(266,191)						(210,332)						(125,514)
Provision for (benefit from) income taxes			141						(1,419)						(17)
Net loss			$	(266,332)					$	(208,913)					$	(125,497)
Net loss per share, basic and diluted			$	(2.09)					$	(1.78)					$	(1.17)
Weighted-average shares used to compute net loss per share, basic and diluted			127,212						117,221						107,504