NASDAQ: OKTA

Our platforms help organizations effectively harness the power of cloud, mobile, web, and AI technologies by securing and governing users and connecting them with the applications and technology they need. Every day, thousands of organizations and millions of people use our platforms to securely access a wide range of cloud, mobile, web and Software-as-a-Service (“SaaS”) applications, on-premises servers, application programming interfaces (“APIs”), IT infrastructure providers, and services from a multitude of devices. For IT and security leaders, the Okta Platform governs the seamless and secure access by human users and NHIs to the applications they need to do their most important work. We are expanding these capabilities to include AI agents with the introduction of new product offerings currently in development and early access. Developers leverage our Okta Platform and Auth0 Platform to securely and efficiently embed identity for both human users and, increasingly, AI agents into the software they build, allowing them to innovate and focus on their core mission. Our approach to customer identity provides organizations with the scale, interoperability, extensibility and security they need to secure and scale agentic and traditional applications from pilot to production with seamless and private experiences that serve a wide variety of users, from customers to citizens. As we add new customers, users, developers and integrations to our platforms, our business, customers, partners and users benefit from powerful network effects that increase the value and security of our solutions.

As of January 31, 2026, more than 20,000 customers across nearly every industry used our solutions to secure and manage identities around the world. These customers consist of leading global organizations ranging from the largest enterprises to small- and medium-sized businesses, universities, nonprofits and government agencies. We partner with a broad range of application, IT infrastructure and security vendors through our Okta Integration Network. As of January 31, 2026, we had over 7,000 integrations with these cloud, mobile and web applications, and IT infrastructure and security vendors.

We employ a SaaS business model and generate revenue primarily by selling multi-year subscriptions to our cloud-based offerings. We focus on attracting and retaining our customers by building on and increasing the value we provide to them over time. This commitment to our customers’ success helps drive increased customer investment in the number of users of our Okta Platform and Auth0 Platform and adoption of our additional product offerings. We sell our product offerings directly through our field and inside sales teams, as well as indirectly through our network of channel partners, including cloud marketplaces, resellers, system integrators, and other distribution partners.

Our Platforms

We offer independent and neutral cloud-based identity solutions that allow our customers to integrate with nearly any application, service or cloud that they choose through our secure, reliable, and scalable platforms. Our technological neutrality allows our customers to adopt the best technologies easily, and our two platforms are

4

designed to securely connect users to the technology that they choose. We prioritize the compatibility of our platforms with public clouds, on-premises infrastructures and hybrid clouds. Our platforms are traditionally used by organizations in two distinct ways: “workforce identity”, supported by our Okta Platform, to manage and secure employees, contractors and partners; and “customer identity”, supported by both our Okta Platform and Auth0 Platform, to secure customers.

We are extending our platforms to address the unique identity security challenges posed by AI agents. Okta for AI Agents, currently available in early access, provides governance and visibility for AI agents through the Okta Platform. Auth0 for AI Agents enables developers to leverage the Auth0 Platform to secure and scale agentic applications from pilot to production. Cross App Access, currently available in early access, is the interoperability standard that allows these AI agents to securely interact across third-party ecosystems, including through an extension to the emerging Model Context Protocol (“MCP”) standard.

Okta Platform

The Okta Platform governs and simplifies the way an organization’s employees, contractors, partners and NHIs connect to applications and data from any device. It serves as the central system for an organization’s governance, access management, authentication, connectivity and identity lifecycle management needs. We are expanding these capabilities to include AI agents with the introduction of new product offerings currently in development and early access. We enable our customers to easily deploy and secure their environments with a simple, intuitive, consumer-like user experience. For IT and security leaders, the Okta Platform acts as a single control plane, enabling the enforcement of contextual access management decisions based on user identity, device health and real-time threat signals. These features, combined with our technological neutrality, help our customers future-proof their environments.

We deliver the capabilities of the Okta Platform by providing:

•Adaptive Access and Authentication: Enables simple, secure access using continuous risk and policy evaluations to automate the identification and remediation of threats.

•Automated Governance and Lifecycle Management: Automates identity lifecycle management processes while providing the visibility required to govern users.

•Unified Security Posture: Proactively identifies vulnerabilities and security gaps by providing consolidated visibility into identity posture.

For a detailed description of our specific product offerings within the Okta Platform, see “Our Product Offerings—Okta Platform Product Offerings” below.

Auth0 Platform

The Auth0 Platform is developer-centric and enables companies, nonprofits and governmental agencies to rapidly embed secure, extensible identity management into customer- and citizen-facing cloud, mobile, and web applications. It primarily supports consumer and SaaS applications. The Auth0 Platform empowers application builders to innovate faster by removing the complexity from identity and making it simple, extensible and customizable.

We deliver these capabilities through a flexible architecture that provides:

•Developer Empowerment and Innovation: We provide software development kits, comprehensive APIs, and extensive developer tools that empower teams to easily authenticate, manage, and secure their applications. These tools enable organizations to streamline user experiences and improve security, leading to increased customer acquisition, retention and loyalty.

•Agentic Application Development: Through Auth0 for AI Agents, we provide tools that enable developers to integrate generative AI and AI agents into their applications while mitigating risks such as static credential sprawl, including hardcoded API keys and machine-to-machine secrets, and unauthorized data access.

•Advanced Identity Security: We support sophisticated identity security capabilities, including bot detection, fraud prevention, Adaptive Multi-Factor Authentication (“MFA”), and account takeover protection. The Auth0 Platform also supports sophisticated authorization models, such as Fine Grained Authorization

5

(“FGA”), which helps developers build the secure, relationship-based access required for AI agents to interact safely with enterprise data and third-party ecosystems.

For a detailed description of our specific product offerings within the Auth0 Platform, see “Our Product Offerings—Auth0 Platform Product Offerings” below.

Growth Strategy

Key elements of our growth strategy are to:

Execute with Our Platforms

•Deepen Relationships within Our Existing Customer Base. We strive to further increase revenue from our existing customers by cross-selling and up-selling additional and new product offerings. We also believe we can expand our footprint by focusing on current customers that have deployed our Okta Platform and expanding those customers’ use of our Auth0 Platform, or vice versa. In addition, we believe there is a potential opportunity to offer existing customers our solutions to manage and secure NHIs and AI agents.

•Drive Growth with Large Customers. To increase our market share, we intend to focus on growing our base of large customers using a land-and-expand sales model, with a focus on key markets by size of customers, as well as key verticals, including highly regulated sectors.

•Leverage Partner Ecosystem. We plan to further leverage the sales efforts of global system integrators, managed service providers, technology partners and other distribution partners for growth, scale and specialized expertise. Our Okta Elevate Partner Program is designed to incentivize partners to deliver and manage our solutions.

•Expand Our International Footprint. With 20% of our revenue generated outside of the United States in fiscal 2026, we believe there is a significant opportunity to continue to grow our international business. We believe global demand for our product offerings will continue to be a long-term opportunity as organizations outside the United States embrace the transition to cloud computing and develop and adopt AI agents, and larger international organizations take advantage of technology consolidation within their global locations.

Increase Our Opportunities

•Innovate and Extend Our Platforms with New Products. We intend to continue making significant investments in research and development, hiring top technical talent and maintaining an agile organization. By continuing to innovate, introduce new product offerings and extend our platforms, we believe that we can offer increasing value to our existing and potential customers. For example, recent investments have led to the development of Okta for AI Agents, Auth0 for AI Agents and the Cross App Access extension to MCP.

•Extend Our Accessible Market with New Use Cases. As technology and our customers’ needs evolve, we plan to use our platforms to help our customers address new challenges, regulatory requirements and use cases.

•Go-To-Market Specialization. At the start of fiscal 2026, we further specialized our go-to-market organization to better meet the needs of the distinct buying centers. Okta sellers focus engagement on IT and security buyer needs, including all workforce identity products and Okta Customer Identity. Auth0 sellers focus on meeting the unique needs of developers, which include highly technical customer identity customizations and flexible development models.

•Leverage Our Integrations. The Okta Integration Network is an extensive ecosystem, which includes over 7,000 integrations with cloud, mobile and web applications as well as integrated solutions with IT infrastructure providers and security vendors. We continue to add new integrations as we expand the surface area of the Okta Platform. Investing in these partnerships allows us to broaden and deepen our existing integrations while adding new ones, helping us build and promote complementary capabilities that benefit our customers.

•Expand Our Developer Ecosystem. We want to empower every application developer to use our platforms to securely integrate identity into any application. We believe that our platforms enable developers to focus their time and attention on innovating within their core application capabilities while relying on our

6

platforms for their identity-related requirements, leading to more secure and convenient experiences for their own customers.

•Leverage Our Unique Data Assets with Powerful Analytics. Our position at the intersection of people, devices, applications and infrastructure gives us unique access to powerful identity threat intelligence data, and the opportunity to provide differentiated insights based on that data, as well as predictive capabilities based on that data to help keep customers more secure. We expect the value of our analytics to our customer base will increase as customers continue to connect more devices, applications and users to their networks and as we add more customers. We also expect that our analytics ability will enable our customers to use their data and third-party data from our partners, allowing customers to make more informed and secure access decisions. We do not currently derive direct revenue from our unique data assets, but we may explore opportunities for monetization in the future.

•Mergers and Acquisitions and Investments. From time to time, we evaluate opportunities to acquire or invest in emerging and adjacent technologies to complement our organic investments and improve our product offerings, services and customers’ experiences. We will continue to use these types of strategic levers as opportunities arise.

Our Product Offerings

Our portfolio of product offerings and services is designed to manage and secure identity for people, NHIs and, increasingly, AI agents. Our product offerings are designed to be versatile, with most offerings applicable to both customer and workforce identity use cases. Workforce identity solutions are primarily consumed through web and mobile interfaces, providing IT organizations with simple ways to manage access for employees, contractors, partners, NHIs and, through product offerings in early access and development, AI agents. For customer identity, developers leverage our APIs and software development kits to embed identity functionality into their own traditional and agentic applications. We continuously enhance our Okta Platform and Auth0 Platform through the regular release of new product offerings, features, and services.

Okta Platform Product Offerings

Access Management

•Single Sign-on. Enables secure access to cloud and on-premises applications from any device with a single entry of their user credentials. We use modern protocols and a consumer-like user experience, including Okta FastPass for a passwordless login across all major operating systems.

•Adaptive MFA. Provides an intelligent, risk-based layer of security for an organization’s cloud, mobile and web applications built on contextual data. It leverages data intelligence from across the Okta Platform network of thousands of organizations, as well as from our partner ecosystem, to automate threat identification and prompt for additional verification only when risk signals exceed defined thresholds.

•API Access Management. Enables organizations to secure APIs as systems connect to each other. By managing access at the user level, it allows organizations to centrally maintain one set of permissions for any employee, partner or customer across every point of access. API Access Management reduces development time, boosts security, helps achieve compliance, and enables seamless end-user experiences by providing a unified portable service for authorizing secure and always available access to any API.

•Access Gateway. Extends the Okta Platform from the cloud to organizations’ existing on-premises applications so that organizations can harness the benefits of the platform to manage all of their critical systems, whether in the cloud, on-premises or hybrid. Extending the benefits of the Okta Platform to hybrid IT environments delivers a single point of management for our customers’ administrators and a single location from which end users can access their critical applications.

•Okta Device Access. Extends the Okta Platform’s secure access management to the device login experience. Okta Device Access enables end users to securely log in to their devices with their Okta Platform credentials and meet MFA challenges from a set of strong factors, helping organizations to harden their security posture by protecting a user’s device with the same experience that the Okta Platform provides for applications and resources.

7

•Universal Directory. Provides a centralized, cloud-based system of record to store and secure user, application and device profiles for an organization. It serves as the foundational directory for organizations’ authentication and lifecycle management by storing and securing user profiles.

Security

•Identity Threat Protection. Delivers native identity intelligence from the Okta Platform and signals from third-party tools integrated into an organization’s security stack. The Okta Platform’s AI-driven continuous risk and policy evaluations deliver real-time identity threat assessment and automated remediation.

•Identity Security Posture Management (“ISPM”). Helps organizations fortify their security measures and safeguard their digital assets with greater efficiency. ISPM highlights critical identity security issues like admin sprawl, MFA bypass, and local accounts, and prioritizes them based on risk severity for effective remediation.

•Okta for AI Agents. Gives customers the ability to discover, register, authenticate, govern and manage their AI Agents through a unified identity control plane within the Okta Platform. Currently available in early access.

Identity Governance and Administration (“IGA”)

•Lifecycle Management. Enables IT organizations to manage a user’s identity throughout its lifecycle, from onboarding to offboarding. It automates IT processes and ensures user accounts are created and deactivated at the appropriate times, including the workflow and policies needed to power those processes, and helps ensure compliance requirements are met as user roles evolve and access levels change.

•Okta Workflows. Helps IT teams build identity-related business processes with minimal or no code tools, such as automating user onboarding and provisioning, creating just-in-time authorization for software development and IT processes, automating identity-centric security responses and orchestrating customer data across backend systems.

•Okta Identity Governance. Provides a unified identity access management and identity governance solution focused on improving an organization’s security and compliance posture, helping customers to mitigate everyday security risks and improving IT efficiency. Includes governance capabilities relating to access requests, access certifications and access reporting. It simplifies and automates the process of requesting and approving access to applications and resources.

•Cross App Access (“XAA”). A standards-based protocol designed to centralize the governance of AI agents and app-to-app connections. By shifting authorization decisions from individual applications to the Okta Platform, XAA allows IT teams to manage delegated access at scale while preserving the user’s identity and authorization context even as AI agents access multiple applications across different trust domains. XAA capabilities and configuration features are currently available in early access.

Privileged Access Management

•Advanced Server Access. Offers continuous, contextual access management to secure cloud infrastructure. Organizations can continuously manage and secure access to on-premises Windows and Linux servers and across leading Infrastructure-as-a-Service vendors, including AWS, Google Cloud Platform and Microsoft Azure. Enables centralize access controls in a seamless manner to better mitigate the risk of credential theft, reuse, sprawl and abandoned administrative accounts.

•Okta Privileged Access. Helps organizations reduce risk with unified access and governance management for on-premises and cloud privileged resources and NHIs, providing better visibility, compliance and security for critical applications, resources and infrastructure requiring privileged access.

Auth0 Platform Product Offerings

•Universal Login. A standards-based login infrastructure that provides a centralized, consistent login experience across many different applications and devices. It supports extensive customization and can be integrated with social media login credential providers, enterprise login services and customer-provided databases.

8

•Attack Protection Suite. A set of security capabilities designed to protect our customers from different types of malicious traffic, including bots, breached passwords, suspicious IP addresses and brute force attacks. It works to minimize risks associated with the ever-growing volume of identity-targeted attacks.

•Adaptive MFA. Simple-to-use and adaptable MFA that minimizes friction to end users. When using Adaptive MFA, our customers leverage risk-assessment algorithms that present MFA challenges only to select authentication attempts that require additional validation.

•Passwordless. Enables users to login without a password and supports a variety of different login methods, including advanced device biometrics such as passkeys.

•Machine-to-Machine Tokens. Provides standards-based authentication and authorization with NHIs, such as non-interactive devices and applications.

•Private Cloud. A deployment option that allows our customers to run a dedicated cloud instance of the Auth0 Platform. Our Private Cloud capability supports multiple cloud providers.

•Organizations. Enables our customers to support a large number of partners or customers of their own with independent configurations, login experiences and security options.

•Extensibility. A suite of products—including Actions, Forms, Event Streams and the Auth0 Marketplace—that enables customers to build customized identity flows using no-code to pro-code tools, extending beyond the out-of-the-box experience.

•Enterprise Connections. Enables Enterprise Federation using pre-built integrations with commonly used enterprise identity systems.

•Fine Grained Authorization. Allows developers to manage complex authorization scenarios efficiently, and reduces latency and downtime as their systems and user bases grow.

•Auth0 for AI Agents. Enables developers to leverage the Auth0 Platform to secure and scale agentic applications from pilot to production.

Through our broad and deep product offerings that support a wide range of workforce and customer identity use cases, we deliver multiple critical business outcomes for our customers. These include boosting their cybersecurity posture, reducing IT spending, addressing regulations, reducing fraud, increasing new customer conversions, creating frictionless customer experiences and helping technical teams deliver products to market faster.

Our Technology

We focus on engineering an intuitive and comprehensive platform to solve complex identity management and security challenges. Our cloud architecture is multi-tenant, encrypted and third-party validated. Our service also allows us to integrate into our customers’ on-premises components and hybrid configurations.

Differentiated Administration, User and Developer Experience

The Okta Platform and Auth0 Platform offer administrators and users a consistent, easy-to-use, consumer-like experience across our product offerings. Our technology integrates with industry-leading browsers and mobile applications to provide seamless access to nearly any web or native mobile application. We also heavily leverage operating system management and security technologies across desktops, laptops and mobile devices to provide a transparent, yet secure experience for users across a range of devices. These integrations allow us to seamlessly deliver identity, access, security and management use cases that previously required significant custom development to achieve.

Robust Security

Security is essential for us and for our customers. Our approach to security spans day-to-day operational practices, from the design and development of our software to how customer data is segmented and secured within our multi-tenant platform. The Okta Platform and its features are updated regularly, and along with continuous security testing, there are periodic security reviews that provide audited and verifiable security checkpoints to ensure the quality of our source code. A number of our Okta Platform product offerings have attained multiple certifications, including SOC 2 Type II Attestations, CSA Star Level 2 Certification, ISO/IEC 27001:2022, ISO/IEC

9

27017:2015, ISO/IEC 27018:2019 and comply with many other international security frameworks. Certain Okta Platform offerings maintain multiple agency Federal Risk and Authorization Management Program (“FedRAMP”) Authorities to Operate and are compliant to operate at Department of Defense Impact Level 4. Certain Okta Platform offerings maintain minimum security requirements in alignment with the Security Rule of the Health Insurance Portability and Accountability Act (“HIPAA”). The Okta Platform also supports FIPS 140-2 encryption requirements.

Additional information regarding our cybersecurity risk management strategy and governance is included in “Cybersecurity” under Part I, Item 1C of this Annual Report on Form 10-K. For additional information regarding the cybersecurity risks that we face, see “Risk Factors” included under Part I, Item 1A of this Annual Report on Form 10-K.

Scalability and Uptime

Our technical operations and engineering models are designed around the concept of an always-on, highly redundant and available platform that we seek to upgrade without customer disruption. Our product offerings and architecture were built entirely in and for the cloud with availability, resiliency and scalability at the center of the design. We have zero planned downtime, including during our maintenance windows.

Our proprietary architecture includes redundant, active-active-active availability zones with cross-continental disaster recovery regions, real-time database replication and geo-distributed storage. If one of our systems goes down, another is quickly promoted. Our architecture is designed to scale both vertically by increasing the size of the application tiers and horizontally by adding new geo-distributed cells.

The Okta Platform and Auth0 Platform are monitored not only at the infrastructure level, but also at the application and third-party integration level. Synthetic transaction monitoring allows our technical operations team to detect and resolve issues proactively.

Okta Integration Network and Auth0 Marketplace

The Okta Integration Network contains over 7,000 integrations with cloud, mobile and web applications, IoT devices and IT infrastructure providers, including AWS, Atlassian, DocuSign, Google, Microsoft 365, NetSuite, Oracle, Palo Alto Networks, Proofpoint, Salesforce, SAP, ServiceNow, Slack, Splunk, VMware, Workday, Zendesk and Zoom. Our patented technology allows our customers to seamlessly connect to any application or type of device that is already integrated into our network. In addition, customers can extend the benefits of the Okta Integration Network by creating their own integrations to both cloud and on-premises proprietary applications.

Similarly, the Auth0 Marketplace is a trusted catalog of integrations that enables application teams to easily assemble complete identity solutions. The Auth0 Marketplace connects customers with service providers and builders who solve integration use cases and implement integrations with the Auth0 Platform.

Commitment to Open Standards

We lead and contribute to several standards initiatives, including the Interoperability Profile for Secure Identity in the Enterprise (“IPSIE”) standard, which standardizes identity security functions like risk signal sharing and session termination across the SaaS ecosystem; XAA, which shifts authorization decisions from individual applications to an organization’s identity provider; and MCP, which we have extended with XAA capabilities. We believe these efforts support an open ecosystem that enables customer choice, interoperability and an improved security posture for the industry.

Our Customers

As of January 31, 2026, we had more than 20,000 customers, including 5,100 customers with an annual contract value greater than $100,000. Our customers span nearly all industry verticals and range from small organizations with fewer than 100 employees to companies in the Fortune 50, with up to hundreds of thousands of employees, some of which use our platforms to manage millions of their customers’ identities.

10

Sales and Marketing

Sales

We sell directly to customers through our direct inside and field sales force and also indirectly through our extensive ecosystem of channel partners. We also offer a self-service approach for developers to sign up for free trials, free plans, paid developer plans of our Auth0 Platform, which may transition to paid enterprise plans that include more fulsome offerings. We often leverage our expansion sales model to generate incremental revenue, often within the term of the initial agreement, through the addition of new users and the sale of additional product offerings. In many instances, we find that initial customer success with our platforms results in key internal decision-makers expanding their deployments, for example, from workforce identity to customer identity needs, or vice-versa. Furthermore, as our customers are successful in their businesses and increase headcount, the number of their customers or their monthly active users, we have the opportunity to share in their growth as the number of identities that we manage increases. Conversely, if our customers reduce the size of their workforce, then the number of identities that we manage, and therefore our revenue may potentially decrease.

Our sales organization operates under a unified leadership team and is structured to address the specific needs of our target markets. It is divided by geography and customer size, and in some cases by industry vertical. Our global go-to-market specialization strategy is intended to better align our sales team with the distinct needs of IT security buyers and application developers. We also employ other forms of specialization in our sales team when appropriate, such as our “hunter-farmer” sales model for certain regions and segments. Our direct sales force is supported by our sales engineers, security team, cloud architects, professional services team and other technical resources.

We benefit from an expansive partner ecosystem that helps drive additional sales. Nearly all of the leading cloud application providers are our partners, and many of them drive further customer acquisition for us through co-selling arrangements, building our offerings directly into their products and product demonstrations running on our technology. We also partner with several of the large technology companies that are driving the movement to the cloud. In addition to these technology partners, we leverage our channel partners, including system integrators, traditional value-added resellers (“VARs”) and Government VARs, to broaden the range of customers we reach.

Marketing

Our most valuable marketing features our customers and their successes and is informed by a deeply data-driven approach, giving us insights into the efficacy of our efforts. Our marketing efforts focus on promoting our industry-leading product lines, establishing our brand, generating awareness, creating sales leads and cultivating the Okta Community.

A centerpiece of our marketing strategy is our annual customer conference, Oktane, which features customers sharing their success stories, new product and feature announcements and hands-on product labs. We also host a number of other events where we engage with both existing customers and new prospects, as well as deliver product training.

Research and Development

Our research and development organization is responsible for the design, architecture, creation and quality of our platforms. The research and development organization also works closely with our technical operations team to ensure the successful deployment and monitoring of our platforms. We use test automation and application monitoring to support high availability and minimize service disruptions.

Customer Support and Professional Services

Our product offerings are designed for ease of use and fast deployments. As part of our customer-first strategy, we are focused on customer success and offer several programs to help our customers maximize their success with our product offerings. These programs leverage the expertise and best practices that we have built while helping thousands of customers adopt and deploy our product offerings.

Customer Support and Training Services

We offer three tiers of support, each of which builds upon the previous tier. We provide 24/7 support for the highest support tiers as well as access to Customer Success and Technical Account Managers. We also provide on-

11

demand access to a robust online digital community and customer success hub, where our customers can find answers to common use cases, information about product features, and interact with our experts and industry peers.

Professional Services

Our professional services team provides assistance to customers in the deployment of our Okta Platform and Auth0 Platform and includes identity and security experts, customized deployment plans, SmartStart, which provides a quick path to implementation, and Okta Expert Assist, in which we provide our customers with recommendations and best practices designed to improve their security posture.

Okta Community

We have created the Okta Community, an online community available to all of our customers that enables them to connect with other customers and partners to ask questions and find answers.

Intellectual Property

We protect our intellectual property through a combination of trademarks, domain names, copyrights, trade secrets and patents, as well as contractual provisions and restrictions on access to our proprietary technology.

As of January 31, 2026, we had 100 issued patents in the United States and 85 issued patents granted outside of the United States that expire between 2030 and 2044 and cover various aspects of our product offerings.

We have registered “Okta” and “Auth0” as trademarks in many jurisdictions throughout the world to protect our brands. We also have filed other trademark applications pending in various jurisdictions throughout the world. We also have registered other trademarks in the United States including “The World’s Identity Company” and “Oktane.”

We are the registered holder of a variety of domestic and international domain names that include “Okta,” “Auth0” and similar variations.

In addition to the protection provided by our intellectual property rights, we enter into confidentiality and proprietary rights or similar agreements with our employees, consultants and contractors. Our employees, consultants and contractors are also subject to invention assignment agreements. We further control the use of our proprietary technology and intellectual property through provisions in both general and product-specific terms of use.

Additional information regarding certain risks related to our intellectual property is included in “Risk Factors” under Part I, Item 1A of this Annual Report on Form 10-K.

Our Competitors

The markets for our product offerings are rapidly evolving, highly competitive and subject to shifting customer needs and frequent introductions of new competing technologies. As the markets in which we operate continue to mature and new technologies and competitors enter those markets, we expect competition to intensify. Our competitor categories include:

•Authentication providers;

•Identity governance providers;

•Multi-factor authentication providers;

•Infrastructure-as-a-service providers;

•Other customer identity and access management providers; and

•Solutions developed in-house by our potential customers.

We compete with both cloud-based and on-premises enterprise application software providers. We also compete against open-source technologies that customers can use to build their own identity solutions. Our competitors vary in size and in the breadth and scope of the products and services offered. However, certain of our

12

competitors have substantial competitive advantages, such as significantly greater financial, technical, sales and marketing, distribution, customer support or other resources, longer operating histories, greater resources to make strategic acquisitions, and greater name recognition than we have. Our principal competitor is Microsoft.

Due to the flexibility and breadth of our platforms, we can and often do co-exist alongside our competitors’ products within our customer base.

Principal competitive factors in our markets include flexibility, independence, product capabilities, total cost of ownership, time to value, scalability, user experience, number of pre-built integrations, customer satisfaction, global reach and ease of integration, management and use. We believe our product strategy, platform architecture, technology and independence as well as our company culture allow us to compete favorably on each of these factors.

We expect competition to increase as other established and emerging companies enter our markets, as customer requirements evolve, and as new products and technologies are introduced. We expect this to be particularly true as we are a cloud-based offering, and our competitors may also seek to acquire new offerings or repurpose their existing offerings to provide identity management solutions with subscription models. The ongoing trend of merger and acquisition activity in the technology industry, particularly transactions involving security or identity and access management technologies, may result in an environment where we increasingly compete with other large technology companies in the future in both the workforce identity and customer identity markets.

Additional information regarding our competition is included in “Risk Factors” under Part I, Item 1A of this Annual Report on Form 10-K.

Human Capital Resources

Our core values—love our customers, always secure and always on, build and own it, and drive what’s next—inform and guide our human capital initiatives and objectives. In order to continue to innovate and drive customer success, it is crucial that we continue to attract, develop and retain exceptional talent. To that end, we strive to make our workplace one in which employees feel like they have opportunities to grow and develop in their careers. We support our employees with fair and competitive compensation, benefits and wellness programs, and initiatives that foster connections between and among our employees and their communities.

As of January 31, 2026, we had 6,366 employees, of which approximately 56% were in the United States and 44% were in our international locations. We have not experienced any work stoppages, and we consider our relations with our employees to be good. Our employee engagement program helps us understand employee sentiment on a wide range of topics throughout the employee lifecycle, providing insights that inform our decisions about company initiatives, employee programs, talent risks, management opportunities and more. In fiscal 2026, 86% of our eligible employees participated in our annual employee engagement survey.

Builder and Owner Culture

“Build and own it” is one of our core values. Our goal is to create a shared sense of ownership in achieving our company vision where career growth, competitive rewards, and purpose empower our employees to do great work. We want every employee to feel ownership of Okta.

Growth and Development

We invest significant resources to develop talent and actively foster a learning culture where employees are empowered to drive their personal and professional growth. We provide our employees with a wide range of learning and development opportunities, including in-person, virtual, social and self-directed learning, mentoring, coaching and external development. Our extensive onboarding and training programs prepare our employees at all levels for career progression and individual development. Our employee onboarding program helps our new hires get off to the right start, our manager development program helps to build a solid foundation for our people managers, and our technical training program brings our new technical employees up to speed on our product offerings.

Compensation, Benefits and Wellness

We provide robust compensation, benefits and wellness programs that help support the varying needs of our employees. In addition to market-competitive base pay, short-term bonus incentives and long-term equity

13

incentives, our total rewards program offers comprehensive employee benefits that may vary by country or region, including an employee stock purchase plan, a 401(k) plan in the United States with company matching contributions, comprehensive medical, dental and vision insurance, life and disability insurance, health savings accounts, charitable donation matching, flexible time off, volunteer time off, gender-neutral paid parental leave, fertility and adoption support, family care resources, mobile and internet reimbursement, mental health and lifestyle support programs and a variety of other health and wellness resources.

We are committed to fair compensation and opportunity in our workplace. We conduct regular equal pay assessments to attempt to promote pay equity among all of our employees.

Community and Social Impact

The mission of our social impact arm, Okta for Good, is to build a safely connected world where everyone can belong and thrive. We mobilize our people, products and financial resources in service of our communities.

Our employees are passionate about many causes and Okta for Good connects them with numerous giving and volunteering opportunities in service of our communities. We believe this fosters a more meaningful, fulfilling and enjoyable workplace. In addition, through Okta for Good we donate and discount access to our service for non-profit organizations. These organizations use Okta to make their teams more efficient and secure, allowing them to focus on their important missions. We also engage in philanthropic grantmaking via the Okta for Good Fund, a donor-advised fund held at Tides Foundation.

We fund and support the operations of Okta for Good. Okta for Good is a part of our company and not a separate legal entity. Additional information can be found on the “Okta for Good” page of our website at www.okta.com.

Financial Information

The financial information required under this Item 1 is incorporated herein by reference to “Financial Statements and Supplementary Data” included in Part II, Item 8 of this Annual Report on Form 10-K. For financial information regarding our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included in Part II, Item 7 of this Annual Report on Form 10-K and our consolidated audited financial statements and related notes included elsewhere in this Annual Report on Form 10-K.

Corporate Information

We incorporated in 2009 as Saasure Inc., a California corporation. In 2010, we reincorporated as Okta, Inc., a Delaware corporation. Our principal executive offices are located at 100 First Street, Suite 600, San Francisco, California 94105, and our telephone number is (888) 722-7871. Our website address is www.okta.com.

Additional Information

Our investor relations website address is investor.okta.com. Our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and Proxy Statements for our annual meetings of stockholders, including any exhibits and amendments to these filings, are available, free of charge, on our investor relations website after we file or furnish them with the SEC, and they are available on the SEC’s website at www.sec.gov.

We webcast our earnings calls and certain events we participate in or host with members of the investment community on our investor relations website. Supplemental financial and other information can be accessed through our investor relations website. We also use our investor.okta.com website and okta.com/blog websites (including the Security Blog, Okta Developer Blog and Auth0 Developer Blog) as a means of disclosing material non-public information, announcing upcoming investor conferences and complying with our disclosure obligations under Regulation FD. Accordingly, you should monitor our investor relations and okta.com/blog websites in addition to following our press releases, SEC filings and public conference calls and webcasts. Further corporate governance information, including our corporate governance guidelines and code of conduct, is also available on our investor relations website under the heading “Responsibility and Governance.” Information contained on, or that can be accessed through, our websites is not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC, and any references to our websites are intended to be inactive textual references only.

14