Updates - OKTA - 2Q23 ER Review & Thesis Update
Summary
In this update we recap on Okta’s issues thus far in CY22 – sales integration challenges and bad publicity from security breaches – that have impacted its top line.
Okta will likely remain out of favour for a while. Growth has slowed, outlook has weakened, the company still making large GAAP losses – not what investors want right now.
The long-term strategy is vitalising, however. Workforce identity moat plus greenfield customer identity opportunities.
If McKinnon can resolve the Auth0 sales integration issues, then the long-term future is still very bright for Okta.
2022 Recap
We’ve been bullish on OKTA since last year, when it retreated from its ATH down to c. $200. We remain long-term optimistic; however, we certainly cannot defend the declines thus far this year.
In March 2022, Okta experienced a breach of its environment, and while its technology actually did a good job at limiting the damage, the initial communication to the public was either negligent or deceitful. OKTA failed to notify its customers of the breach, and then once the news became public, they falsely claimed it had been contained. After a thorough investigation it transpired that only two, from an initial estimate of 366 customers, were affected, and the damage was minimal. Hence, it is OKTA’s attempts to brush off the incident as a non-event that has angered the cybersecurity community, rather than the breach itself.
More recently in August 2022, OKTA was the target of another attack campaign, dubbed Swine Scatter. The bad actors infiltrated Twilio’s SMS systems to obtain OKTA’s OTP authentication codes. The breach only led to 38 phone numbers being obtained from a single org, none of which has led to any further advances. We sense that the event is probably similar to a recurring PANW and FTNT situation whereby the NGFW has not been updated or the CVEs haven’t been patched appropriately. OKTA's system performed the way it is designed to, but using explicit passwords plus SMS for MFA is known to be risky, so it looks like Twilio or its customers should be shouldering the blame.
All-in-all, it was a small event and more importantly it was communicated better than the March incident. But the event is more evidence that OKTA, because of its pervasive presence and authentication role, is becoming a popular attack target, and we infer that this is currently a headwind for growth.
To add more woes, OKTA’s integration of Auth0 has not been running smoothly. At the beginning of the year, it was decided to combine the two companies’ sales forces to sell the range of both OKTA and Auth0 products. There have been a number of confusions relating to 1) which decision maker to target (CISO, CTO, CMO, etc.), 2) the role of OKTA’s SIEM in deals made, and 3) whether to sell OKTA or Auth0 for B2B and extended workforce cases that require customization. These inefficiencies have impacted growth and margins, and the colossal price tag of $6.5bn for Auth0 makes the integration failures all the more painful for investors. The upside is that CEO Todd McKinnon describes the integration issue rather articulately and has a plan to address it, which we’ll share shortly.
Collectively, the aforementioned issues have negatively impacted on OKTA’s financial performance, which combined with the macro deterioration, has led to a very disappointing share price performance.
2Q23 ER Recap & Financial Trends
2Q23 is the first quarter in which the YoY comparison includes Auth0, which is a significant cause of the drop in growth to 43% from 65% in 2Q22. But the drop in growth can’t just be pinned to the YoY base effect, the aforementioned issues must have played a part also. There has been some QoQ improvements in OKTA’s EBIT, net, non-GAAP EBIT, and FCF margins, though, the former two remain deeply negative, and the latter two are only around the breakeven level. Compared to 1-2 years ago, investors are much more focused on profitability than growth (as well as extra sensitive to negative news), and this is clearly being reflected in OKTA’s share price performance.
Source: Convequity
Generally, following the completion of the Auth0 acquisition in May 2021 (2Q22), all of the combined entity’s margins initially worsened but have since been gradually improving. The gradually improvements, however, are rightly overshadowed by the slump in growth, the large GAAP losses, and more recently the deteriorating outlook. Management submitted growth guidance of only 33% in 3Q23. And if you compare the differences in 3Q23 vs 3Q22 and 2Q23 vs 2Q22, you can see that it is not just the YoY base effect lowering the growth outlook. The FY23 growth guidance does not get any better. 40% growth and $1,816m for FY23 implies that growth in 4Q23 is expected to only be 27%, as is shown in the modified table below.
OKTA has even pulled their FY26 revenue target of $4bn. In the 2Q23 call management said that they need time to assess the guidance and will share the amended long-term model with analysts in the next earnings call.
Despite our long-term bullishness, the near-to-intermediate-term outlook for the business does not look great. The obvious upside, however, is that the reset in expectations presents management with the opportunities to beat expectations in the coming quarters.