Todd McKinnon | $1B+

Todd McKinnon is the billionaire co-founder and CEO of Okta, the leading identity provider he launched in 2009. A former Salesforce engineering lead, he has guided Okta through the rise of cloud and mobile, positioning identity as the primary security perimeter. In 2026, he is spearheading "Agentic AI" security initiatives and the "Secure Identity Commitment," a plan to harden global infrastructure against identity attacks. He recently pledged $50 million through Okta for Good to support nonprofit cybersecurity and workforce development. Known for his "truth is your friend" leadership, he argues that AI will actually increase the demand for software engineers by automating rote tasks. Okta, Inc. is an American identity and access management (IAM) company that delivers cloud-based platforms for securing user identities, enabling secure authentication, authorization, and governance for enterprises.[1] Founded in 2009 by Todd McKinnon and Frederic Kerrest—both former executives at Salesforce—the company is headquartered in San Francisco, California, and pioneered the Identity-as-a-Service (IDaaS) model to simplify access to applications across hybrid environments.[1][2] Okta went public on the NASDAQ stock exchange in April 2017 under the ticker symbol OKTA, raising $187 million in its initial public offering at a valuation exceeding $1.5 billion.[2][3] The company's primary offerings include the Okta Workforce Identity Cloud, which manages employee and non-employee access to thousands of applications, and Auth0 by Okta, an acquired platform in 2021 that specializes in customizable customer identity solutions for fraud prevention and user engagement.[1][4][5] With over 5,900 employees (as of January 2025) across offices in 15 countries, Okta serves more than 19,000 organizations (as of early 2025), including two-thirds of the Fortune 100 and over 40% of the Forbes Global 2000, helping them mitigate cybersecurity risks in an increasingly digital and AI-integrated landscape.[6][7][1] In fiscal year 2026, Okta reported 13% year-over-year revenue growth to $728 million in its second quarter, reflecting sustained demand for its identity security solutions amid rising threats from AI agents and evolving regulations.[8][9] History Founding and early years Okta, Inc. was founded in 2009 by Todd McKinnon and Frederic Kerrest in San Francisco, California, as a cloud-based identity management startup aimed at pioneering the Identity-as-a-Service (IDaaS) market.[1][10] The duo, both former executives at Salesforce.com, sought to address enterprise security challenges arising from the rapid adoption of software-as-a-service (SaaS) applications, where managing user access across disparate cloud services had become increasingly complex and fragmented.[11][12] Initially incorporated as Saasure Inc., the company rebranded to Okta in 2010 to better reflect its focus on simplifying secure connections between people and technology.[10][13] In 2010, the company raised $10 million in Series A funding, led by Andreessen Horowitz with participation from Greylock Partners, Khosla Ventures, and Floodgate, providing the capital to scale development and market entry amid the post-recession economic climate.[14][15] From its inception, Okta emphasized single sign-on (SSO) capabilities to enable seamless access to multiple applications with one set of credentials, tackling the proliferation of SaaS tools that exposed organizations to identity-related risks.[16] That year, the company launched its flagship Okta Identity Cloud platform, starting with its core SSO product designed for both cloud and on-premises environments.[16][14] To bolster security, Okta integrated multi-factor authentication (MFA) into the platform by 2011, providing enterprises with adaptive verification to protect against unauthorized access in the evolving SaaS landscape.[17] Okta established its headquarters at 301 Brannan Street in San Francisco, California, serving as the base for its early operations.[18] Key early milestones included rapid customer adoption, with the company securing its first customers shortly after launch and reaching 50 by the end of 2009 through a focused strategy on high-value enterprise wins.[19] Between 2011 and 2012, Okta achieved significant traction with major clients such as Purolator for its e-returns portal serving Xerox Canada in 2012, followed by notable additions like Clorox and Western Union, demonstrating the platform's value in securing workforce identities for large organizations.[20][21] These developments solidified Okta's position in the identity management space during its pre-IPO phase. Initial public offering and growth Okta went public through an initial public offering (IPO) on April 7, 2017, with shares beginning to trade on the NASDAQ stock exchange under the ticker symbol OKTA. The offering was priced the previous day at $17 per share, allowing the company to raise $187 million by selling 11 million shares.[22][23] Following the IPO, Okta experienced significant revenue growth, expanding from $160.3 million in fiscal year 2017 (ended January 31, 2017) to $586.1 million in fiscal year 2020 (ended January 31, 2020). This growth was primarily fueled by increasing adoption among large enterprises seeking robust identity and access management solutions in the cloud.[10][24] To support this expansion, Okta pursued global market penetration by establishing additional international offices, including new locations in Paris and Stockholm in Europe during 2018. In 2019, the company further extended its presence in the Asia-Pacific region through office expansions, such as in Sydney, Australia. By late 2020, these efforts contributed to Okta serving nearly 10,000 customers worldwide.[25][26][27] A core element of Okta's growth strategy involved forging strategic partnerships with major cloud providers to enhance integration capabilities. Notable collaborations included integrations with Microsoft for seamless Active Directory connectivity, Google Workspace for productivity tools, and Amazon Web Services (AWS) for secure cloud infrastructure access, enabling broader enterprise deployment.[28][29][30] Major acquisitions and expansions In May 2021, Okta completed its acquisition of Auth0, a leading provider of customer identity and access management (CIAM) solutions, in an all-stock deal valued at approximately $6.5 billion. This move significantly expanded Okta's capabilities in the CIAM space by integrating Auth0's developer-friendly platform, which supports secure authentication for web, mobile, and legacy applications.[31] The acquisition contributed to a substantial growth in Okta's overall customer base, with the company reporting over 15,000 customers by the end of fiscal year 2022, up from more than 10,000 the prior year, reflecting the addition of Auth0's developer-centric clientele.[32][24] Later that year, in August 2021, Okta acquired atSpoke, a workplace operations platform focused on IT service management, for $89 million in cash and equity.[33] atSpoke's technology enabled better integration of identity governance with employee service requests, allowing Okta to enhance its offerings for streamlined IT support and access provisioning within organizations.[34] Okta continued its expansion in December 2023 by announcing the acquisition of Spera Security, an Israel-based identity security platform, for between $100 million and $130 million, with the deal closing in February 2024.[35][36] Spera's cloud security posture management tools complemented Okta's identity solutions by providing visibility into human and machine identities across cloud environments, helping to address risks in modern infrastructures.[37] In August 2025, Okta announced its intent to acquire Axiom Security, a Tel Aviv-based startup specializing in cloud-native privileged access management (PAM), with the transaction closing on September 4, 2025.[38] Axiom's platform focuses on securing access to sensitive resources in cloud and AI-driven environments, extending Okta's PAM capabilities to cover more dynamic use cases like Kubernetes clusters and AI workloads.[39][40] These acquisitions from 2021 onward have strategically positioned Okta to broaden its identity security portfolio, entering high-growth areas such as developer tools and cloud-native PAM while driving overall expansion through integrated technologies.[41] The Auth0 deal, in particular, facilitated entry into developer-focused markets and supported a reported 50% increase in Okta's customer count between fiscal years 2021 and 2022.[32] Subsequent purchases like Spera and Axiom have further strengthened Okta's defenses against evolving threats in hybrid and AI ecosystems.[42] Products and services Workforce identity management Okta's Workforce Identity Cloud serves as the foundational platform for managing employee and internal user identities within enterprises, enabling secure access to applications and resources across cloud, on-premises, and hybrid environments. This cloud-based solution centralizes identity governance, allowing organizations to enforce consistent security policies for workforce users such as employees, contractors, and partners. Key features include single sign-on (SSO), which unifies authentication across thousands of pre-integrated applications to streamline user access without compromising security, and adaptive multi-factor authentication (MFA), which dynamically adjusts verification requirements based on risk signals like device trust, location, and user behavior to prevent unauthorized access.[4][43] Lifecycle management within the Workforce Identity Cloud automates the provisioning and deprovisioning of user accounts, ensuring that access rights are granted or revoked in real-time as employees join, change roles, or leave the organization. This automation integrates with human resources systems to synchronize identity data, reducing administrative overhead and minimizing risks from orphaned accounts. Additionally, the platform's Universal Directory acts as a centralized repository for user profiles, groups, and devices, facilitating seamless integration with legacy systems like Microsoft Active Directory and LDAP directories. This supports hybrid IT setups by allowing bidirectional synchronization without requiring agents on domain controllers, enabling enterprises to maintain existing directory structures while adopting cloud-native identity management.[44][45][46][47] To align with Zero Trust principles, Okta implements granular access controls that verify every request regardless of user location or network, applying least-privilege policies to internal applications and APIs. API access management secures machine-to-machine communications by enforcing OAuth 2.0 protocols, token validation, and rate limiting, protecting sensitive data flows within enterprise ecosystems. These controls extend to device posture assessments, ensuring only compliant endpoints gain access. Okta's compliance framework bolsters these capabilities with certifications including SOC 2 Type II for trust services criteria, ISO 27001 for information security management systems, and FedRAMP High authorization, which validates the platform's suitability for U.S. federal government workloads by meeting stringent security and privacy standards.[48][49][50][51][52] Customer identity and access management Okta's Customer Identity and Access Management (CIAM) solutions are designed to secure and streamline authentication for external users, such as consumers and partners, in customer-facing applications. These offerings, powered by the Auth0 platform acquired by Okta in 2021, enable organizations to deliver seamless sign-up, login, and authorization experiences without compromising security or privacy.[5] The focus is on developer-centric tools that embed identity management directly into web and mobile apps, supporting high-scale deployments for e-commerce, SaaS, and digital services.[53] The Auth0 platform provides embeddable authentication components that integrate effortlessly into web and mobile applications, allowing developers to implement secure login flows using pre-built SDKs and customizable UI widgets for sign-in, registration, and password reset.[5] It supports social logins through integrations with third-party identity providers using standards like SAML and WS-Federation, enabling users to authenticate via providers such as Google or Facebook.[53] Passwordless authentication is facilitated through options like passkeys and multi-factor authentication (MFA), reducing friction while enhancing security for consumer apps.[54] Additionally, progressive profiling allows gradual collection of user data over multiple interactions, using adaptive forms to build comprehensive profiles without overwhelming users at initial sign-up.[55] Okta's Customer Identity Cloud extends these capabilities into a scalable CIAM platform tailored for high-volume user bases, handling millions of registrations and logins across devices to support business growth in consumer and SaaS environments.[56] It incorporates robust privacy controls, including consent management tools that ensure compliance with regulations like GDPR by allowing users to manage data preferences and revocations centrally.[53] The cloud service supports unlimited organizations and members per tenant for SaaS applications, providing end-to-end encryption and policy enforcement to protect external identities at internet scale.[56] These solutions integrate natively with popular e-commerce and SaaS applications, such as Salesforce for customer data synchronization and Zoom for secure video collaboration access, leveraging over 5,500 pre-built connections to minimize custom development.[53] Developer tools include SDKs for more than 10 languages and frameworks, RESTful APIs for programmatic control, and extensibility options like custom actions and workflows configurable via code or an admin console, empowering teams to tailor identity experiences without rebuilding core infrastructure.[5] Advanced security and AI integrations In September 2025, Okta announced several AI-driven innovations as part of its Identity Threat Protection suite, aimed at securing AI-powered enterprises against emerging threats. Central to these updates is Identity Threat Protection with Okta AI (ITP), an AI-powered tool that provides real-time anomaly detection by continuously monitoring user behavior and leveraging machine learning for behavioral analytics to identify deviations from normal patterns.[9] This capability enables automated remediations during active sessions, enhancing visibility and maintaining security posture without disrupting workflows. Additionally, Okta introduced AI-enhanced fraud prevention features within identity verification processes, including Verifiable Digital Credentials that issue tamper-proof digital IDs and support mobile driver's licenses to combat AI-generated deepfakes and synthetic identities.[9] These tools, set for early access in early 2026, streamline onboarding while reducing fraud risks in high-stakes verification scenarios.[57] Okta has advanced its Privileged Access Management (PAM) offerings through the integration of Axiom Security, acquired to expand capabilities in modern infrastructure. This integration, announced in August 2025, introduces just-in-time (JIT) access for sensitive resources, granting temporary, auditable permissions to cloud databases such as PostgreSQL and Snowflake, as well as Kubernetes environments like Amazon EKS.[38] By eliminating standing privileges, the solution minimizes exposure windows and enforces least-privilege principles, with full traceability for compliance audits.[41] It also extends to non-human identities, such as AI agents, enabling centralized policy controls that automate credential rotation and access governance across multi-cloud setups.[38] To better align product nomenclature with evolving security needs, Okta implemented name updates in March and August 2025, reflecting enhanced capabilities for seamless, boundaryless protection. In March, changes included renaming "Okta Application Network" to "Okta Integration Network" to emphasize secure, interconnected access across ecosystems.[58] The August updates further refined service descriptions, such as rebranding customer success tiers to highlight dedicated support for advanced security implementations, ensuring clarity in delivering boundaryless security like Okta Access features that unify controls without traditional perimeter constraints.[59] These adjustments maintain functionality while improving customer understanding of robust, adaptive protections. Okta's non-human identity management addresses the proliferation of machine-driven entities, securing APIs, bots, and machine-to-machine (M2M) authentication in complex environments. Through Identity Security Posture Management (ISPM), Okta enables discovery, monitoring, and remediation of unmanaged accounts, applying Zero Trust verification to limit permissions and automate secret rotation for API keys and tokens.[60] For bots and M2M interactions, the platform enforces short-lived credentials and ownership assignment, reducing risks from compromised non-human identities (NHIs), which outnumber human ones by up to 50:1, with 66% of enterprises having experienced breaches involving compromised NHIs.[61] Integrated with Okta Privileged Access, this approach provides unified governance, eliminating blind spots in cloud and app ecosystems while supporting scalable automation for CI/CD pipelines and AI workloads.[60] Security incidents 2021–2022 breaches In March 2021, Okta experienced an indirect security incident stemming from a breach at Verkada, a third-party provider of cloud-based security cameras installed in Okta's offices. The hacking collective known as "Advanced Persistent Threat 69420" exploited a vulnerability in Verkada's platform, gaining unauthorized access to live and archived video feeds from approximately 150,000 cameras across multiple organizations, including five entrance cameras at Okta facilities. Okta confirmed that no footage from its cameras was viewed or downloaded, and the incident had no impact on its production systems, customer data, or service operations. The root cause was Verkada's inadequate security controls, including superadmin credentials that allowed broad platform access without multifactor authentication in some cases.[62][63] The following year, on January 20, 2022, Okta detected suspicious activity involving a support engineer's account managed by its third-party vendor Sitel (subsequently acquired by Sykes). The LAPSUS$ hacking group had compromised Sitel's systems through social engineering or credential theft, enabling them to add a new authentication factor to the engineer's Okta account and impersonate the user for five days. This granted limited access to Okta's customer support tools, where attackers viewed dashboards, support tickets, and uploaded files for 366 customers—about 2.5% of Okta's total clientele at the time—but no login credentials, API tokens, or sensitive customer data were exfiltrated. Okta's core production environment remained secure, with no evidence of broader network compromise. The incident highlighted risks in third-party access management, as the Sitel engineer held elevated privileges without sufficient segmentation.[64][65] In March 2022, the LAPSUS$ group escalated by publicly leaking screenshots purportedly from an Okta engineer's workstation, claiming deeper access related to the January incident. Okta's investigation confirmed the images were from a machine used in January for customer support but showed no evidence of ongoing compromise, production system access, or data exfiltration beyond what was previously disclosed. The event amplified customer concerns but was contained to legacy support activities.[66][67] In December 2022, an unauthorized party accessed and copied source code from some of Okta's GitHub repositories. GitHub notified Okta of suspicious activity in early December, and the investigation determined the access was limited to certain repositories containing non-sensitive source code for the Okta Workforce Identity Cloud. No customer data, credentials, or production environments were impacted, and no evidence of exploitation was found. Okta enhanced repository security measures following the incident.[68] These breaches collectively underscored supply chain and insider access risks during a period of rapid company expansion post-IPO. Okta notified the 366 affected customers from the January incident in line with GDPR and CCPA obligations, providing transparency reports and remediation guidance without incurring service outages or financial penalties at the time. The events prompted immediate enhancements to vendor oversight and code security but did not result in data theft or operational downtime.[65][69] 2023–2025 incidents In October 2023, a threat actor gained unauthorized access to Okta's customer support case management system, compromising files associated with a subset of enterprise customers.[70] The intrusion occurred between September 28 and October 1, 2023, and involved the actor using a service account with legacy authentication to access Google Workspace, stemming from an employee's use of a personal Google account on a work device.[71] Initially reported to affect data for 134 customers—less than 1% of Okta's total—Okta later disclosed that the breach exposed information on all users of its customer support system, including names and email addresses downloaded via HTTP Archive (HAR) files.[72] An independent forensics investigation by Stroz Friedberg, concluded in February 2024, confirmed no evidence of broader system compromise or customer tenant access beyond the support files.[73] In 2024, Okta faced multiple security vulnerabilities rather than full-scale breaches, highlighting ongoing risks in authentication mechanisms. On September 27, 2024, a configuration flaw in Okta Classic Engine allowed authenticated users to bypass sign-on policies for certain applications, which was promptly patched without reported exploitation.[74] Additional issues included an October 2024 vulnerability in AD/LDAP Delegated Authentication that mishandled cache keys, potentially enabling unauthorized access, and a November 1, 2024, bug permitting login bypass for usernames exceeding 52 characters when combined with the Device Access passwordless feature.[75][76] Okta disclosed these internally identified flaws swiftly, applying fixes and notifying affected users, with no widespread data loss confirmed.[77] As of November 19, 2025, Okta reported an ongoing investigation into a security incident involving unauthorized access to customer data via third-party integrations, with potential impacts on multiple organizations. No major breaches beyond this were confirmed in 2025, though prior incidents continued to draw regulatory and investor scrutiny, contributing to stock price fluctuations.[78] The 2023–2025 period revealed patterns of adversaries targeting support infrastructure and third-party integrations, similar to earlier tactics but shifting toward phishing and configuration exploits.[79] These events prompted class-action securities litigation alleging inadequate cybersecurity disclosures, culminating in a $60 million settlement in 2024 to resolve claims from affected shareholders.[80] The recurring nature of such incidents has raised concerns about Okta's reputation in identity management, prompting enhanced focus on supply chain defenses amid estimates of minimal but observable customer attrition in financial reports.[81] Corporate affairs Leadership and governance Okta, Inc. is led by co-founder Todd McKinnon, who has served as Chief Executive Officer and Chairperson of the Board since the company's inception in 2009. McKinnon, previously a senior executive at Salesforce, has guided Okta's emphasis on innovative identity management solutions, positioning the company as a leader in secure access technologies for cloud environments. Complementing McKinnon's role is co-founder J. Frederic Kerrest, who holds the position of Vice Chairman of the Board. Kerrest, who served as Okta's Chief Operating Officer from 2009 until 2023, now focuses on strategic oversight and board governance, drawing on his experience in scaling technology enterprises.[82] In recent executive appointments, Eric Kelleher was promoted to President and Chief Operating Officer in 2025, overseeing global operations, customer experience, and go-to-market strategies to drive operational efficiency and growth. Additionally, on October 1, 2025, Ric Smith joined as President of Products and Technology, bringing expertise from prior roles at SentinelOne and Medallia to lead product development, engineering, and innovation in identity and security solutions.[83] Okta's board of directors consists of ten members as of late 2025, with a majority independent structure designed to ensure objective oversight. In August 2025, the board expanded with the appointments of David Schellhase, an experienced technology executive and former CFO at companies like DocuSign, who joined the Audit Committee, and Mary Agnes Wilderotter, a veteran leader in telecommunications and hospitality with prior CEO roles at Frontier Communications and the Grand Reserve Inn, who was appointed to the Compensation Committee. These additions enhance expertise in financial governance and executive compensation.[84][85] The board emphasizes diversity and inclusion, with initiatives to promote underrepresented voices in technology leadership, reflected in its composition that includes women and professionals from varied backgrounds. Governance practices align with high standards of accountability, including regular committee oversight on audit, compensation, and nominations.[85] Okta integrates environmental, social, and governance (ESG) principles through its dedicated Okta for Good program, launched to advance social impact and sustainability. This initiative, overseen by executive leadership and an internal ESG committee, commits to goals such as renewable energy usage, community support via a $50 million innovation fund, and ethical identity access for nonprofits, fostering a culture of responsible corporate citizenship.[86][87] Financial performance and operations Okta reported total revenue of $2.610 billion for fiscal year 2025, ending January 31, 2025, representing a 15% increase year-over-year, driven primarily by subscription revenue of $2.556 billion, up 16%.[88] In the fourth quarter of fiscal 2025, revenue reached $682 million, a 13% rise from the prior year, with subscription revenue at $670 million, also up 13%.[88] Entering fiscal year 2026, Okta's revenue growth continued steadily. First-quarter revenue totaled $688 million, increasing 12% year-over-year, while subscription revenue grew to $673 million, up by the same margin.[89] In the second quarter, total revenue climbed to $728 million, a 13% year-over-year gain, with subscription revenue at $711 million, rising 12%; free cash flow for the quarter was $162 million, equivalent to 22% of total revenue.[90] Operationally, Okta served more than 19,650 customers as of January 31, 2025, including over 4,800 with annual contract values exceeding $100,000.[7] Following layoffs of approximately 180 employees in February 2025, the company employed around 5,700 people and maintained offices in 15 countries, with key hubs in EMEA (such as Amsterdam and Dublin) and APAC (including Singapore and Sydney) to support global expansion.[7][1][91] As of November 2025, Okta's market capitalization stood at approximately $14.3 billion.[