SAIL (2025 - Q4)

Thank you for standing by and welcome to SailPoint's Fourth Quarter and Year-End 2025 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] I would now like to hand the call over to Scott Schmitz, SVP Invest Relations. Please, go ahead. Scott Sc

Good morning, and thank you for joining us today to discuss SailPoint's fiscal fourth quarter and full year of 2025 financial results. Joining me today are SailPoint's Founder and CEO, Mark McClain, and our Chief Financial Officer, Brian Carolan. Please note that today's call will include forward-looking statements, and because these statements are based on the company's current intent, expectations, and projections, they are not guarantees of future performance, and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP adjusted results, which exclude special items. Please reference this morning's press release in the Investors section of sailpoint.com for further information regarding forward-looking statements and reconciliations of GAAP to non-GAAP financial measures. And with that, I'd like to turn the call over to Mark.

Thank you, Scott. Good morning, everyone, and thank you for joining us today. We're thrilled to share our fiscal Q4 and full year 2025 results, marking an incredible year for SailPoint which was followed by our recent return to the public markets. Our competitive differentiation and focused execution drove our strong Q4 and full year 2025 results. We ended this year with $877 million in annual recurring revenue, or ARR, a 29% year-over-year increase, with SaaS ARR growing 39%. Our ARR growth reflects increasing demand for our modern identity solutions across approximately 3,000 enterprise customers worldwide. We also saw an almost 80% year-over-year increase in customers with ARR greater than $1 million, which showcases the prioritized investment customers are making in identity security and the significant scale of their programs with us. This performance demonstrates our ability to capitalize on a sizable market opportunity, delivering strong, consistent growth at scale. There are three key factors that have set us up for success. Our industry leadership, continuous innovation, and focus on efficient growth. First, industry leadership. With over 20 years of expertise in enterprise identity security, we bring a deep understanding of our customers' challenges. With Atlas, our cutting-edge unified identity platform, we deliver the broad and deep governance of access and identity that large enterprises require to meet the expansive nature of their identity landscape and the velocity of change in their access needs. Our ability to deliver identity security controls across the spectrum of enterprise access, notably down to the detailed entitlement level rather than just the sign-on level, strengthens our competitive edge. This position's SailPoint to serve as a central control plane for securing all enterprise identities and their access to all enterprise data. And our significant expertise and long-standing leadership in governance and administration, which we believe is the most difficult part of identity security, makes us well suited to address the highly complex enterprise class identity challenges faced by our customers. Taken together, our expertise, experience, and proven track record provide a strong competitive moat for SailPoint, helping us to drive continued growth and to extend our leadership position in the market. This differentiation is key as it stands in stark contrast to the high number of failed identity programs that are prevalent today. According to Gartner, half of all enterprises have distressed identity programs. We continue to see success in replacing legacy and niche identity vendors who have been unable to address the scale and scope of the sophisticated identity challenges faced by companies at the mid to upper end of the market. As just one example from the last year, a large manufacturer failed twice in the past 10 years with IGA solutions that were insufficient in addressing the complexity of their digital landscape. After a substantial breach put them at risk for major fines and compliance violations, the company recognized their need for an identity partner with a sophistication, financial stability, and future-focused capabilities to meet their requirements. They chose SailPoint to help them transform their identity program, leveraging our SaaS-delivered, AI-powered approach to protect their large, complex, and growing enterprise. The second factor is innovation. Innovation is a cornerstone of our culture. And our SaaS-based Atlas platform remains one of our core differentiators, driving accelerated time to value, comprehensive security, and operational efficiency while delivering at the scale our large complex customers demand. In fiscal 2025, we made significant advancements in our application onboarding and extensibility capabilities as well as many other services in our Atlas platform. We also introduced new innovations like privileged task automation and machine identity security to address emerging market needs. As we look out onto the horizon of the identity security landscape, we see the next wave of challenges centering around the security and governance of AI agents. We believe our expertise in securing and covering human and machine identities positions us uniquely well to address this new frontier of AI agents. Earlier this week, we made two announcements in this area. First, we introduced Harbor Pilot, our proprietary collection of AI agents designed to provide identity teams with deep insights, automation, and contextual assistance through intuitive natural language prompts. This will enhance decision-making, streamline information discovery, and simplify task execution for our customers. And second, we announced the development of agent identity security, which will help enterprises manage AI agents as the new identity type within their identity ecosystem. We anticipate this offering will be available later in the year. Looking forward to the rest of fiscal year 2026, we are focused on extending our lead with innovation as our fuel. We are thrilled to have recently appointed Chandra Gnanasambandam as Executive VP of Product and Chief Technology Officer, who will lead our innovation agenda and work to ensure we continue delivering cutting edge solutions that add value to our customers. Lastly, I'd like to speak about efficient growth. We continue to execute at a high level, enabling us to deliver efficient growth at scale with a high win rate and increased ARR per customer within both new logos and our install base. Our ability to win new customers and expand existing relationships provides us with significant growth potential in a market that we believe is under-penetrated. Let me highlight a few key factors that contributed to our ability to grow efficiently. First, we saw solid performance in acquiring new logos, supported by a growing sales pipeline. Demand for our SailPoint Identity Security Cloud continues to increase as evidenced by our SaaS ARR, which grew 39% year-over-year. Second, we saw strong customer expansion through cross-sell, up-sell, and SaaS migrations, which drove approximately half of our growth. This is evidenced by our dollar-based net retention rate, which remains steady at 114%. And finally, we saw increasing demand for newly introduced products that add value to our Identity Security Cloud suites. For example, two of our newer add-on products, Non-Employee Risk Management and Machine Identity Security, continues to resonate well with both new and existing customers. Machine Identity Security was just introduced in October of last year and was a solid contributor to our Q4 results, making it one of our fastest growing new product launches in recent years. Both of these products have a strong pipeline heading into fiscal 2026, demonstrating our agility by delivering new innovations that address critical needs as the market requires them. To underscore this point, I want to share one more customer example that highlights the value we deliver to customers all along their journey with us. This large Forbes Global 2000 pharmaceutical distributor and provider of healthcare services returned to SailPoint earlier this year after a failed implementation with a small IGA vendor. In addition to using Identity Security Cloud and Non-Employee Risk Management to manage their 70,000 employees and 12,000 additional non-employee identities, the company added our Machine Identity Security product in Q4 to manage the 100,000 machine identities that comprise another key aspect of their identity landscape. This customer is now set up for long-term success in securely managing their wide variety and volume of identities, reducing risk and future-proofing their business. In conclusion, I'm more optimistic than ever about the future of SailPoint. I believe our strong market leadership, technological expertise and proven ability to execute uniquely positions us to solve the next set of digital identity challenges that global enterprises face. I'm grateful to our customers for their belief in SailPoint and for the continued strong relationships we have with them, as evidenced by our Gartner Peer Insights Voice of the Customer recognition this past year. I'd also like to thank our dedicated SailPoint team for being an integral part of this journey and for their commitment to our award-winning culture. We're honored that SailPoint was named number 17 out of the Top 100 Best Places to Work by Glassdoor, one of only five software companies in the top 20. And finally, a huge thank you to our partners who help us deliver that value to customers and our shareholders whose belief in us fuels us every day. Together we're securing the future of identity in a complex world. And now, let me hand it off to Brian who will share more details of our financial results for the quarter and the fiscal year.

Thank you, Mark, and good morning, everyone. I'm extremely proud of everything we accomplished over the last couple of years, including our recent return to the public markets while delivering efficient growth at scale. The explosion of data, applications, and the number and type of identities provides a solid foundation for growth, as we believe identity is becoming the center of enterprise security. Building off Mark's three key themes, we believe our results showcase our leadership position, strong competitive advantage, and durable growth profile. We ended fiscal year 2025 with ARR of $877 million, an increase of 29% year-over-year, and with SaaS ARR growing 39% year-over-year. SaaS ARR now represents over 60% of our total ARR. As a reminder, we previously provided a preliminary estimated range for ARR at the beginning of our IPO roadshow, and this result is at the high end of that range. In Q4, we delivered total revenue of $240 million, up 18% year-over-year, with subscription revenue of $224 million, up 22% year-over-year. Adjusted gross profit margin increased by 80 basis points year-over-year to 78.9% and adjusted operating margin increased by 530 basis points year-over-year to 19%. We believe we deliver exceptional value to our customers, helping them to achieve a more robust security posture with a measurable ROI that results in a high retention rate. We finished the fiscal year with approximately 3,000 customers, and we saw an almost 80% year-over-year increase in customers with ARR greater than $1 million. Our initial customer lands continue to get larger as we become a more strategic platform for securing all enterprise identities and their access to enterprise data. Our large customer lands are complemented by expanding existing customer relationships. As of January 31st, 2025, our dollar-based net retention rate remained steady at 114% and was driven by nearly even contributions from suite upgrades, migrations, upsell, and cross-sell initiatives. We believe our balanced and durable growth profile from both new and existing customers, as well as our transition to a subscription model, is increasing the visibility and predictability of our financial model. In fiscal year 2025, we delivered total revenue of $862 million, an increase of 23% year-over-year, with subscription revenue of $794 million, increasing 27% year-over-year. Our adjusted gross profit margin expanded 110 basis points year-over-year to 78.1% in fiscal year 2025, driven by a higher mix of subscription revenue. For the year, our adjusted subscription gross profit margin was 84.1%. Our adjusted operating margin increased by 760 basis points to 15.4% in fiscal year 2025. This was driven by leverage in R&D and sales and marketing. Combining our strong adjusted operating margin performance and durable ARR growth, we continue to exceed the Rule of 40, underscoring our efficient growth strategy. Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges. Full details can be found in our press release and supplemental earnings deck. As a reminder, we believe ARR is the best indicator of our business, as opposed to revenue which can be impacted by SaaS and term mix. For the fiscal first quarter of 2026, we expect ARR to be $898 million, up 27% year-over-year. We expect revenue to be $225 million, an increase of 20% year-over-year, with adjusted operating margin of 6.4%. The implied year-over-year change in our adjusted operating margin is the result of higher public company costs and lower term revenue mix. We expect our diluted share count to be approximately 564 million shares and adjusted EPS to be a loss of $0.01. It's also worth noting that in March, we paid off all the outstanding debt on our balance sheet. We expect a partial interest payment in Q1 of approximately $37 million, with $19 million of interest expense running through our P&L. For our fiscal year, 2026, we expect ARR to be $1.08 billion, up 23% year-over-year. We expect revenue to be approximately $1.03 billion, an increase of 20% year-over-year, with adjusted operating margin of 14.9%. We expect our diluted share count to be approximately 570 million shares and adjusted EPS to be $0.16. We believe we're well positioned to win the next generation of identity security because of the depth and breadth of our platform, our enterprise scale, and our innate ability to listen and respond to market needs. With the combination of these core fundamental drivers and our strong pipelines, we believe this guidance is the right place to start as we re-enter the public markets. As an essential business platform, we see significant growth potential through a universe of new customers that are primed for a more modern solution. We also see a large opportunity just within our existing install base as we continue to convert customers to SaaS and cross-sell new modules. In summary, we believe there are several drivers that position us for sustained long-term growth, and we are truly excited about the opportunities ahead. With that, let's open the call for questions. Operator?

[Operator Instructions] Our first question comes from the line of Rob Owens of Piper Sandler. Your question please, Rob.

Great, thanks for taking my question. This is Ethan on for Rob this morning. Mark, I just wanted to kind of start off with the macro environment and kind of what you guys are seeing out there in the landscape today, especially with kind of all the geopolitical uncertainty that tends to be changing on a day-by-day basis. Can you talk about how that played out in the quarter and then also maybe kind of how that has trended through February and March now too? Thanks.

Yeah, thanks, Ethan. Appreciate the question. We would still tell everyone that we sell them what we consider a very resilient part of the market. As companies are looking at spend in this kind of macro somewhat challenged environment, they are certainly focused on what they consider to be most critical. And we continue to get evidence that the identity security is considered business essential by the kinds of customers we sell to. It's an ongoing program, it's not a project that can easily be turned off or turned on. Still top priority in most CIO and CISO environments. Kind of as a proof point, we felt some similar headwinds are in the market, I should say, at the beginning of the COVID environment, and fairly quickly customers coming back to kind of assure us that this was going to continue to be an area of focus for them. And while they might be looking to make some deductions and spend in some areas, this was not likely to be an area that they would see affected. So I think we're seeing a very similar kind of a picture where people are on their toes. We're kind of double checking on things in our pipeline, but so far getting good strong signals that demand is overall still very high and the macro environment doesn't seem to be having a significant impact at this point.

Great, thanks for the color.

Thank you. Our next question comes from the line of Saket Kalia of Barclays. Please go ahead, Saket.

Okay, great. Hey guys, thanks for taking my question here and congrats on your first quarter as a public company.

Thanks.

Thanks, Saket.

Absolutely. Mark, maybe for you, maybe just picking up on that thread, but even more specific, can we just talk a little bit about your US federal business? Obviously very topical right now, but maybe remind us how big that business is just for everybody's benefit, and maybe how you're thinking about that next year given some of the moving pieces with the new administration.

Yeah, we're certainly mindful of what's happening in the environment and kind of watching, again, similar to the macro in general, are we seeing indicators of change in the environment or from some of our customers? I'll let Brian hit some of the statistics here about kind of how this business -- we're represented in our overall business. I would point out that a lot of our customers in federal have been with us for like five years. They are long-term committed customers. But in general, let Brian give you a little sense of where it fits in the overall landscape.

Yeah, sure. Good morning, Saket. It's Brian here. So just to give you some statistics, our public sector business in total represents about 12% to 14% of revenue. Again, that's all public sector. The US Fed is less than half of that. This is actually spread among dozens and dozens of customers, multiple dozens, the largest being defense. The average tenure with these customers is greater than five years. So I think what you see is that this is a business essential area of spend that drives efficiency, we believe. We are FedRAMP certified right now, so I think that's positive sign for embracing identity security cloud the Federal government. So again, we're not seeing anything show up just yet. We are very mindful of it. We're watching it closely. We stay close to our customers through our customer success organization. But again, we're not seeing anything immediate showing up in that area.

Got it. Super helpful, guys. Thank you very much.

Thanks, Saket.

Thank you. Our next question comes from Joel Fishbein of Truist. Your question please, Joel.

Thanks for taking the question. Hey, Mark, I love the commentary about machine and non-human identities and the momentum you're seeing there. I wanted to just see if there's any way for you to quantify that, maybe for Brian, just as a follow up, how is that being priced? And love to get any clarity there. Thank you.

Thanks, Joel. Yeah, I think what we're feeling from our customers is it's pretty early on both machine and as you heard us announce the intent to deliver an agent product later this year Both of those are -- well machine is already out there in many cases There are new things being introduced but there's a lot of machine identities out there in the environment already. The challenge sometimes for customers is to identify all of them. So our product offering actually focuses on first -- literally discovering and identifying all of these so they can be categorized, assigned to owners, and then managed in a typical identity governance and security process beyond that. Agents, as we all know, we're all reading the same press on this one. Everybody everywhere is busily creating and delivering new agents. I think customers know there's a large, I'll say tidal wave, I just started to say wave, I'll call it tidal wave, coming of agents. So getting our arms around what scale that's actually going to hit with a lot of these enterprise customers is pretty difficult. But I can tell you that every enterprise customer we're talking to sees it as an emerging challenge and they see SailPoint very well positioned to help them address it. And I'll let Brian talk about where we are in kind of the pricing strategies. Remember, machine identity is already announced and available as agent identity is not.

Yep, thanks, Mark. So, Joel, you may remember we just launched our Machine Identity Security product in October 2024. Right out of the gate, we actually saw strong demand for it. We closed the fiscal Q4 double-digits in terms of number of customers to the low millions in terms of the ARR contributions. So again, we saw immediate benefit. We feel like we've got a strong and developing funnel and pipeline for machine identity. So those green shoots are starting to show up. From pricing perspective, again, we're working with our customers on this. It's early, but we priced it at about a third of a human identity for the time being. Again, that may change over time, we're early in this process, but we feel like that's the right place to start and we'll work with customers to get the right value proposition in front of them.

Great, thank you.

Thanks, Joel.

Thank you. Our next question comes from Matt Hedberg of RBC. Please go ahead, Matt.

Great. Thanks for taking my question, guys. And I'll offer my congrats again. It's great to have you guys back in the public markets. Maybe for Mark, a question that you all get and we get, obviously, is the identity consolidation opportunity. I'm wondering, in your prepared remarks, Mark, you talked about IGA being one of the most complex areas of identity. Could you talk about the strategic opportunity as customers look to consolidate identity? Is that something that you expect to see at the high end of the market? And then maybe just kind of from a competitive standpoint, CyberArk remains a very good partner of you guys. They have just acquired an IGA vendor as well. Just kind of talk about that, how you think about that holistically? Thanks a lot, Mark.

Thanks, Matt. Yeah, let me stay at the macro level of that question first and specifically talk maybe more specifically about a couple of folks closer to us. From our perspective, the kind of customer that's going to resonate well with SailPoint's offerings has a level of complexity. And sometimes complexity, while it mostly correlates with scale, it doesn't only correlate with scale, meaning we can see some customers with only a few thousand employees with quite complex IT environments. So when they show up with a multi-vendor heterogeneous complex IT environment, that's a very good target for SailPoint because of our strength and experience in delivering value in those kinds of environments, right? And so we consider our market kind of that mid to large enterprise, and mid can go down to low mid, but not the SMB market. For what it's worth, when you talk about consolidation, we believe that's where the market is much more receptive to the consolidation offerings of frankly, at this point, Microsoft, Okta, and now I guess CyberArk could be in that camp too. And we anticipate that they're going to have most success with that consolidated offering down market in the SMB space where customers are going to value that integration more than the significant value delivered for a complex environment that these larger customers require. And we just have not felt much competitive pressure in these mid-large customers for a consolidated solution, they're far more focused on actually solving their complex identity security problem and they look at SailPoint as by far their best option for doing that. So, we still feel like that's what we feel in the market. We think kind of specific to your CyberArk question, we have been good partners with both CyberArk and frankly, some of the other leaders in that part of the market, Delinea and BeyondTrust. We've done a little toe in the water about some of the emerging privilege capabilities, notably our Privilege Task Automation offering, where we're looking at dynamic privilege and more broadly applied privilege in the general part of the identity landscape, not just the classic privilege users. But in some ways, we do see that there is going to be some changing dynamics around the competitive environment, but for now, we're going to continue to focus on solving the problems we solve, we think by far best, for the customers we serve and we'll kind of let some of those competitive dynamics play out. But I can just tell you, in our part of the market, that consolidation story isn't creating much competitive pressure for us at this point.

Great, color. Thanks, guys.

Thanks.

Thank you. Our next question comes from Brian Essex of JPMorgan. Please go ahead, Brian.

Great, good morning. And, Mark, congrats on the launch and welcome back to the public markets. Great to see you. It's a good set of results. I guess for my question, maybe for Brian, I know in the last days of the quarter, just before you guys launched your roadshow, when you flashed the numbers, you had an unexpected number of customers pull the trigger on term as opposed to SaaS. We'd love to get a sense from you what you're seeing with regard to mix so far this quarter and how should we think about both the level of revenue generation when a customer decides to go one versus the other and how you see this kind of playing out longer term with regard to migrations from maintenance off the platform? Thank you.

Okay, thanks, Brian. Good question. So, yes, we were in Q4 of fiscal ’25, we did see some strong renewal business and especially the length and duration of the contracts were a little bit longer, which caused more upfront term-based revenue recognition, which flowed right to the bottom, pretty much, for us. So, it led to strong results, both on the top line and also the operating margins. So moving forward, we're guiding now for FY ’26, we expect that SaaS will be about 90% of the net new product ARR. We do expect about a 60-40 mix in terms of upfront versus ratable recognition. So that will cause a little bit of a headwind to revenue and margins for the full year, because we lead with SaaS at this point. More specifically for Q1, we do see about an 80-20 mix on that, just based on the pipeline that we're seeing. And the upfront revenue mix should be about 50-50. So upfront 50 and ratable, meaning 50. So again, we're going to encourage people to really look at ARR as the primary metric because quarter-to-quarter based on this term, SaaS mix, it could impact the in-period revenue growth and also operating margins. To your other question just on migrations, again, you may recall we've done about -- we've migrated about 10% of our maintenance ARR base thus far. The positive here is that we typically see a 2x to 3x uplift on the migrated ARR. That has contributed about 3% to 4% of our net revenue retention growth. We would expect similar contributions moving forward, at least for the next couple years, because we still have a lot of room to go on that area of the business.

Super helpful. Thank you.

Thanks, Brian.

Thank you. Our next question comes from Peter Levine of Evercore. Please go ahead, Peter.

Great. Thank you for taking my question and I'll echo the congrats [indiscernible] welcome back to the public markets. Maybe to piggyback off of a prior question, it does seem like AI agents seem to be the next identity gold rush. So, when you're thinking, maybe for you, Mark, is when you're thinking about which sub-segment of the identity tech stack, like, what -- who stands to kind of be best positioned to monetize like the rise of non-identities? Meaning, why do you think SailPoint with IGA over privileged access or even identity access management? Maybe just tell us, how are customers thinking about governance versus privileged access? Clearly both are important, but is one take more of a priority over the other as agents or customers are kind of just ramping up on these AI agent workflows?

Great question, Peter, and thanks. Yeah, look, the easier it compares to the classic IAM or the access SSO MSA world, obviously that is about humans signing in and getting authenticated. That doesn't technically apply to an AI agent, right? They're not going to go through some sort of sign-in process. They're going to be validated in some fashion so they can access it, but it’s not like -- there's not a corollary to a sign-in, right? So, in that sense, the classic IAM part of the tech stack is very much oriented towards humans, full stop, right. When you get to the privilege compare, it's a little more complex. Here's why we think we happen to be very well positioned maybe against all others in the space. The nature of agents is that they will actually have some characteristics of the machine world and some of the human world. And when I say that, what I mean is, like machines, they're going to be technology, not humans, so there's no sign in, right? But they have to be understood and assigned to an owner. You can't just have agents getting created in the environment with no clarity of who owns that agent and is responsible for what it can or can't do or access, right. But on the other side, these particularly intelligent agents that will kind of morph through time and perhaps create subagents to do other pieces of work, that's much more like a human taking autonomous action, right. And so when you think about that kind of combined nature of these intelligent agents, we think that the classic set of disciplines we've always understood about understanding identities, where do they fit in the environment, what kinds of access do they need, what is their least privileged status, when might we need to escalate the demands on privilege for that particular identity given the nature of what they're doing, that set of disciplines we think is going to apply pretty well to the agentic world, and that's why it's better suited to SailPoint than anyone because that's exactly what we've been doing for 20 years. So we feel very good that as customers really wrestle with the challenges around agentic AI, they're going to look at the kind of characteristics of our solution and go, that's what I really need. And frankly, that's being validated in some great discussions we're having with some of the leading hyperscalers, some of the leading software vendors who are creating agents. They're all engaging with us in dialogue about how our capabilities can be applied to their new agents. Because they're seeing customer environments a little bit of hesitancy, agentic adoption sometimes because of the security concerns. So they want to deploy these agents quickly, but they also want to make sure they're not creating security exposure in their environment. SailPoint stands to benefit, I think, as customers are wrestling with that question.

Great, thank you for the color, Mark.

Thanks, Peter.

Thank you. Our next question comes from Madeline Brooks of Bank of America. Please go ahead, Madeline.

How are you? This is Tal Liani. Sorry, my code didn't work, so I used Madeline. The question I have is about platform for identity. What we see in other parts of cybersecurity is that things are consolidating around certain platforms, endpoint, network security, et cetera. And the question is whether identity could also be a platform on its own rather than being embedded into solutions of other companies. And the question here is, how does, two things, how does SaaS model changes the answer? How does it change the answer? And second is, when it go to things like machine identity and agent identity, is there any benefit to you being the IGA or being the identity vendor, is there any benefit to you that you will provide the other parts of identity or are they -- these completely independent decisions by the customers? Thanks.

Okay, Tal, thank you. That's a somewhat multi-part question. I'm going to do my best to get through all of that. It's a great question. Okay, let's talk about the platform concept for 30 seconds. I think when people start to refer to themselves as a platform rather than a product or a solution, I think you have to ask, what does that mean? I think in our case, it means you've got a core set of shared services and a shared data model that both we as the vendor can use to efficiently deliver new capabilities over time. I would point to a wonderful model here in ServiceNow, right, who over time moved from kind of a product offering and help desk to a well-defined platform with a rich set of services and data, and then they've been able to add kind of particular solutions on top of that pretty quickly. So it enables the vendor themselves, in our case here at SailPoint, to add new capabilities quickly. Part of the speed of innovation you've seen from SailPoint around machine identity and privileged task and now agents is because we've spent lots of time in the last five years developing a very rich deep platform with integrated data. But that also allows two other very important things. It allows other software vendors to tie in through APIs or just actually into the platform itself to build new capabilities. It allows our very sophisticated SI partners who work with us in all these large accounts to develop new [bespoke] (ph) capabilities in a particular customer. And ultimately it allows the rest of the software ecosystem, particularly the rest of the security ecosystem to share and integrate data. So we're getting lots of requests now from customers relative to us and other parts of the security ecosystem to integrate things like threat data or network data or data about data in places like Snowflake with our platform, because a lot of times these other parts of the ecosystem really don't have identity visibility. They can see something is happening. They can't correlate it to an identity. We can. So I think that value of an identity platform has all of these characteristics, and it will enable us, we think, to have this integrated model where customers really do want to see every identity they care about in a single place so they can understand that full landscape, and then understand how all those identities are in fact accessing data they care about. So we do think this is going to play to our favor that it's a completely integrated view of every identity and all the access to data that customers care about in a single integrated platform. And we're going to be uniquely positioned to provide that.

Thank you.

Thanks.

Thank you. Our next question comes from Gabriela Borges of Goldman Sachs. Please go ahead, Gabriela.

Hey, good morning. Thank you. Mark and Brian, I wanted to revisit your module strategy. I know you mentioned a couple of modules earlier in the call that you released in October. You already gave us the detail on the machine identity piece. Just to remind us, how many modules do you have right now? How do you think about penetration and cross-off of those modules specifically? And are there one or two that you're particularly excited about that could move the needle from an ARR standpoint? Thank you.

Okay, I'll talk about a little bit of the overall strategy and we'll kind of get, I don't know that today we're actually releasing any particular dollar figures around how much we're doing per module. I will comment on some of the ones we think have a lot of potential in front of us. But yeah, the strategy, it continues to be, again, deepening and enriching that platform and the integrated services, and then again, adding some of these modular components on top of that, which typically are going to be a separate upcharge. So when we talk about cross-sell versus upsell, upsell we’re usually referring to more quantity of identities that the customer's managing, cross-sell we're saying they're adding new solutions, typically new modules, right? I'd say the ones we're most excited about today are probably three. Our non-human risk management product, or non-employee, excuse me, not non-human, non-employee risk management product, meaning all the people, humans, that are accessing systems that don't carry an employee badge, that's gotten a very strong uptake in the last year. We only introduced that a little over a year ago, and we're seeing very strong uptake pretty broadly across the install base and in a lot of new deals for that. On the more recently introduced, Brian and I both made reference to machine identity, which was just launched in the fourth quarter and already is starting to show some strong early signs of interest and growth in the market. And we absolutely believe that this agent identity module will be developing and delivering, we're already developing, will be delivering later this year, will also be a fairly significant contributor over time.

Yeah, no. So, Gabriela, it's Brian here. I think the good news is that, we look at this as a very balanced growth strategy. So, out of our ARR growth, about half of that comes from new logo acquisition, and half comes from our existing install base. And what's nice to see is that it's a multi-vector growth strategy. So we're able to disperse that growth among migrations and almost in equal piece parts, migrations to suite upgrades, to identity upsell and quantity upsell. We see a lot of contributions coming from our non-employee risk management solution. So that was actually an acquisition we did back in January of ‘23. That was probably the leading cross-sell product for FY ‘25. But again, early signs are very positive for machine identity and our heels of that at some point in the future agent identity. So again, very balanced growth strategy for us.

Makes sense. Thank you.

Thank you.

Thank you. Our next question comes from Keith Weiss of Morgan Stanley. Please go ahead, Keith.

Excellent. Thank you guys for taking the question and congratulations on a really strong fiscal year overall. I wanted to dig into some of the trends that were particularly strong in the year and kind of get your view on durability going forward. And the two in particular is, one, that million dollar plus customer counter, million dollar ARR customer counter, up 78%, super impressive figure. You talked a little bit about kind of what's driving those larger customers, is it migration or is it product expansion? And how durable could that type of growth be going forward? And then on the other side of the equation, you guys had a very strong margin expansion in FY ‘25. The initial guide is a little bit more tempered into FY ‘26. How much of that is tactical, if you will, in terms of IPO costs and shorter-term things? How much of that is strategic in terms of investing behind some of these newer opportunities like machine identity and agentic to give us a sense of kind of margin trajectory further along in our models?

Okay. Hi Keith, it's Brian here. So I'll take those. Those are two separate questions. Let's try to get through this fairly quickly. So the customer penetration, again, we focus on our target account list. We have about 15,000 accounts that are identified there. These are the larger accounts. They typically have identities of 5,000 and up. They're multibillion dollars of revenue. It's the more complex environment. So that's kind of our sweet spot. We're only about 14% penetrated in that segment of our target account list. So again, lots of headroom there. We are landing larger and larger. We lead with SaaS now, we lead with our SaaS suites that we talk about, particularly business and business plus in terms of addressing those more complex environments. So again, this is early days for us, we think, and we're under-penetrated and there's a lot to headroom because there's a lot of customers in that space that are just primed for a more modern SaaS platform-based solution. So more to come on that. With respect to our operating margins, so just to step back, we've had 17 points of expansion over the last two years. So I think that we've really demonstrated the ability to grow at scale with ARR of close to 30% while delivering efficiencies and decent operating margins. As we re-enter the public markets for the next year, again, public company costs should be about 50 basis points of a headwind to expansion on that. But more importantly, as we continue to transition to more and more SaaS, and again, we're modeling about 90% of our net new ARR coming from SaaS next year, that's going to create an interim period revenue headwind for us and also an operating margin headwind. We estimate that to be about 200 basis points to 300 basis points for next fiscal year. We've made a lot of progress. There's more to go longer term for sure. We're focused on a balance of both growth and profitability. We're not expecting that right out of the gate, but we do have a lot of levers to pull, especially within sales and marketing, a little bit within R&D, and some G&A. So, again, we've accomplished a lot, But we do have more efficiency measures to come in the future.

Very helpful. Thank you.

Thank you.

Thank you. Our next question comes from Joseph Gallo of Jefferies. Please go ahead, Joseph.

Hi, guys. This is Annick Baumann on for Joseph Gallo. Congrats on the first quarter as a public company. There remains a large maintenance install base out there using legacy IGA solutions. Can you just talk us through the new logo side of your business and what some of the drivers are for you to unlock that market opportunity specifically? Thank you.

Yeah. Good morning. Yeah, so we would say there's, again, we are still under-penetrated in some of the legacy installs that we see out there. These are often very expensive solutions to maintain. We believe that we come in with a more modern, again, SaaS-based solution to address their complexities, more platform-based, it's more efficient over time for them. So that's where the new logo acquisition really comes from is really displacing those old legacy sometimes on-prem solutions. And they're really looking for a more modern approach to that. So again, we see this as a very, very balanced strategy for us. There's a lot of new logo headroom out there for us in terms of those legacy displacements.

Thank you. Our next question comes from Gregg Moskowitz of Mizuho. Please go ahead, Gregg.

Okay, thank you for taking the question. And I have a bit of a follow-up to Tal's question. Mark, we're certainly seeing more convergence in identity security, and it's been impressive as well, just to see how much SailPoint's product portfolio has broadened over the last few years. But when you look out to the next three to five years, how much more will this space evolve, and from a customer standpoint, will most enterprises have just one or maybe two identity providers by that time? How do you foresee this developing?

Yeah, I think it does vary some by the market, Gregg, meaning I think we do believe that as you look down market into that SMB space, we’re again, I think, particularly the access or IAM vendors, Microsoft, Okta, notably, have a lot of penetration. I think they're going to see some amount of consolidation there to one vendor, perhaps two. As you look up market, in our perspective, I think that the access part of this, the SSL, MSA part of this will become increasingly commoditized, whether that's coming from Microsoft or others. It will be a fairly broadly applied, but not necessarily strategic part of the identity landscape. And the areas around governance, security, privilege will probably be more strategic. And we'll see whether those consolidate mostly into one or a couple. I think there's some good strength in the market with folks like us and some of our colleagues in the privilege space. Obviously there's a little bit of kind of competitive heating up there. But I think in general, we're going to have to see how customers view the various capabilities there. We do feel good that as the market moves to a more dynamic environment, as more and more of it is the non-human identity space with agents and machines, that as I said on that earlier question, we feel particularly well suited to kind of incorporate that with the broad set of human identities, both employee and non-employee that we already manage. And for customers to have a single consolidated view of that identity landscape with SailPoint. So we do feel like for those customers who do want to consolidate that we will be in a very good position for that. And we will kind of let the access part go to what we think will be increasingly be kind of a commodity offering.

Very helpful. Thanks, Mark.

Thank you. Our next question comes from Shaul Eyal of TD Cowen. Please go ahead, Shaul.

Thank you. Good morning, everyone. Let me echo my congrats as well. Brian or Mark, I know the macro has been already discussed during the early part of the call, but can you talk to us about the geographic mix and related performance this quarter? Any specific European country that, leading, lagging last quarter and in the current quarter? Thank you.

Hi, Shaul. Thanks for your question. So we continue to see a very balanced mix in terms of our ARR. Again, about two thirds of that, roughly 68% comes from the US. That's followed by EMEA, which is close to 19%, and the rest of the world is about 13%. The year-over-year growth was consistent, I would say, with prior reported years. There's nothing specific in terms of a specific geography or country that is standing out to us. We still feel like our international opportunity still exists. They believe that 50% of the security spend is going to come from outside the United States. That's according to third-party reports. So we feel like there is additional opportunities as we branch out worldwide. I will say that EMEA, in particular, has been really migrating towards more SaaS-first solutions. So that's been a change in the last year or two for us. So again, we think that positions us at SailPoint as uniquely positioned against the competition.

Many thanks.

Thank you. Our next question comes from Gray Powell of BTIG. Please go ahead, Gray.

Okay, great, thanks. Yeah, I think a lot of the good questions have been asked and answered already, but I guess maybe a simple one on my side. So, I fully understand how the SaaS and the term mix impacts reported revenue and operating margins. Are there any pointers you can give on the free cash flow side, particularly with the debt pay down and I think you said Q1 and just the potential for free cash flow to further scale?

Yeah. Hi, Gray. So what was good to see was that we actually saw $14 million positive cash flow from operations in Q4. This was tied to strong billings and collections. And keep in mind, we had to absorb about $45 million of interest payments and other cash settlements for some equity awards, for some older equity awards. As I said, we've paid down all of our outstanding debt in fiscal Q1. I think moving forward, starting in Q2, we'll be very clean from a cash flow perspective. We raised $120 million of net proceeds from the offering. And then with that, we're going to have in Q1, $37 million of partial interest payments related to the paydown, the last paydown of the debt. And then just some cleanup in terms of $90 million of items associated with the IPO that should not repeat moving forward. So that's anything from some legacy equity award payouts, some private equity fees, et cetera, some normal course of business. So again, I would say that after we get through Q1, we're going to have a very clean free cash flow number to accentuate.

Okay, great.

And then over time, I would expect that I would expect free cash flow margins as we talked about to approach our adjusted operating margin that will happen over the next year or two. So, thank you.

Perfect. Understood. Thanks.

Thank you. I would now like to turn the conference back to Mark McClain for closing remarks. Sir?

Thank you. And I just want to say thanks everyone for the kind words. It is good to be back in public markets. We're back a little faster than we thought we might be, which is good for everyone, I hope. And we are excited about where we sit in the market today and obviously very bullish on kind of what's ahead of us in terms of the demand for identity security across these enterprise customers around the globe. And Brian pointed out that, I think, one of the things to maybe highlight, 14% in our minds penetrated into what we think are our best target customers around the world. So lots of new customer opportunity in front of us and lots of growth within our current customers. So very excited about heading into this year and thankful for all the great interest and questions today and we look forward to continuing to stay engaged with all of you as we go forward. So, thanks for joining the call today. Appreciate it.

This concludes today's conference call. Thank you for participating. You may now disconnect.