SAIL (2026 - Q2)

Good day, and thank you for standing by. Welcome to the SailPoint Second Quarter 2026 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question and answer session. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Scott Schmitz, SVP of Investor Relations. Please go ahead. Scott Sc

Good morning, and thank you for joining us today to discuss SailPoint's fiscal second quarter 2026 financial results. Joining me today are SailPoint's Founder and CEO, Mark D. McClain, and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today's call, we will also be joined by our President, Matthew Mills. Please note that today's call will include forward-looking statements. Because these statements are based on the company's current intent, expectations, and projections, they are not guarantees of future performance. A variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which exclude certain items that do not reflect our underlying business performance. Please reference this morning's press release and our supplemental earnings presentation posted on investors.sailpoint.com for further information regarding our forward-looking statements and non-GAAP financial measures, including reconciliations to the nearest comparable GAAP financial measures. And with that, I'd like to turn the call over to Mark.

Thank you, Scott. Good morning, everyone, and thank you for joining us today. We're thrilled to share our fiscal Q2 2026 results. This was another exceptionally strong quarter for SailPoint, where we executed well against the opportunity in front of us. We closed the quarter with $982 million in annual recurring revenue or ARR, a 28% year-over-year increase, with SaaS ARR growing 37% year-over-year. Our ARR growth reflects the strong demand for the breadth and depth of identity security controls that SailPoint provides to more than 3,100 enterprises worldwide. This quarter, we saw a 48% year-over-year increase in customers with ARR greater than $1 million. This highlights our unique ability to support the tremendous scale and complexity prevalent among enterprises today. This momentum reflects a market transformation. Let me explain the key themes that are driving this demand and why we believe our approach positions us to lead this evolution. First, enterprises now expect identity to solve full-fledged security challenges by anchoring them in deep governance constructs. We believe SailPoint's heritage and leadership in governance mean we're the only provider that can elevate identity to this broader security role with confidence. Second, static admin time controls are giving way to real-time and dynamic enforcement as enterprises face new classes of risk, especially from AI and machine identities. With SailPoint, customers will soon be able to adapt to these risks quickly, applying identity intelligence to stop threats before they spread. Third, security leaders are realizing that identity alone is not enough and that they need security and data context as well, which was highlighted in our recently released Horizons of Identity Security report. Our ability to create a trifecta across these vectors of identity, security, and data context is highly differentiated and enables customers to make rapid, precise decisions that reduce risk without slowing the business. And finally, the market and SailPoint is operating well beyond traditional IGA, delivering an extensible platform that governs and secures all identities, human and nonhuman, and their access to data so that context can be leveraged to strengthen every layer of the entire security stack. Let me walk you through how these shifts are reshaping the market and why we believe we're built to lead in this new era. CIOs and CSOs are prioritizing their investment in identity security because they recognize it has become the backbone of securing their enterprise. As identity becomes the primary threat vector, enterprises are realizing they need real-time controls across all identities, human and machine, to properly secure their environment. Security companies may excel at threat detection, but without identity context layered in, today's threats are nearly impossible to understand against the backdrop of business risk. That's where we believe SailPoint is uniquely positioned. We've built a platform that is bringing together identity, data, and security in real-time, and that advantage becomes even more critical as AI agents enter the enterprise. These autonomous actors are making access decisions independently, often spinning up sub-agents or executing workflows at machine speed. Static admin time policies simply weren't built for this speed or scale. We believe real-time authorization, especially for this new class of AI, is no longer optional. Securing them requires more than static authentication controls or basic policy. It demands deep governance, with identity context and controls applied at the most granular level and for the duration of the workflow. Every enterprise will soon face two critical questions. First, can you guarantee that an agent isn't accessing data the human owner shouldn't see? And secondly, can a human use that agent to circumvent security controls? To properly answer these questions, agent governance must be built on a foundation of deep identity context and intelligent automation. With SailPoint Agent Identity Security, launching at this year's Navigate, we're delivering what we believe is the only solution that is designed to govern AI agents and the sub-agents they create across the full life cycle. It's powered by the same policy engine and entitlement level precision that we believe has always set SailPoint apart. The rise of AI agents in the workforce is driving a fundamental shift from static admin time governance to dynamic real-time identity security. With the innovations we're delivering today, we are helping enterprises address an entirely new class of identity challenges. We believe SailPoint provides the critical platform to enable broad enterprise adoption of AI, purely and at scale. The game has changed, and so have we. With our heritage in traditional IGA, we are able to bring together the context of identity, data, and security in ways that are difficult for others to replicate. While others are rolling up swim lanes like access, PAM, and IGA, we've chosen to bring together the capabilities that truly work to solve the next generation identity security challenges. Aggregation may simplify procurement, but it doesn't solve the security problem, especially at enterprise scale. Instead of stitching tools together, we've built a unified platform that brings identity context, data context, and security context into one extensible control play. Importantly, we believe our twenty-year foundation in identity gives us something others don't have: deep, contextual understanding of how identity works across the enterprise. Today, we manage over 125 million identities and their deep fine-grained entitlements across 3,100 customers, spanning legacy systems, SaaS applications, cloud platforms, and hybrid environments. That's the kind of complexity most vendors just can't touch. We believe that depth of identity and entitlement data isn't just foundational to securing the modern enterprise; it's essential to governing the rise of AI agents, which interact with every layer of this ecosystem. In this regard, the recent flurry of M&A activity in our space validates what we've said for years: identity is now central to enterprise security. It also highlights a key difference. While others focus on connecting identity and threat, we're addressing the deeper challenge, bringing identity and data together, tightly integrated across the security ecosystem to provide risk-aware authorization and context into breaches across all identities. Solving identity security at scale requires more than consolidation. It requires deep expertise. SailPoint is purpose-built for this. With two decades of industry expertise, broad identity coverage, and an open partner ecosystem. In a market increasingly defined by consolidation, roll-ups, and bundled point solutions, SailPoint remains one of the only independent enterprise-scale identity security platforms, offering the objectivity, extensibility, depth, and scale large complex enterprises demand. Just as enterprises embrace multi-cloud strategies for choice and resilience, they rely on SailPoint for the same flexibility and identity. And at our annual Navigate event, we'll show exactly how this will come to life through things such as real-time authorization across all identities, human, machine, and AI, advanced security solutions for orchestration, risk-based intelligence, and automated remediation. Privileged security posture management, our dynamic approach to help achieve zero standing privilege. We recognize that all identities can be privileged at some point. We secure the full identity landscape, privileged or not, by applying identity context at the entitlement level. Whereas traditional PAM uses a static model focused mainly on privileged identities, which represent at most 10% of all identities in any large enterprise. It's one more example of how SailPoint is redefining the control plane for identity security, unifying policy, intelligence, and enforcement across every corner of the enterprise. We believe this is a market transformation, not incremental innovation. Our goal is to build the foundation for the next generation of enterprise security, where identity operates at the heart of the security operations center, delivering real-time protection at the speed and scale the modern enterprise demands. Now let me spend a few minutes on our execution this quarter before I hand over to Brian, who will dive deeper into our financial results. We continue to execute with discipline, translating our strategy into strong results. Enterprises around the world are embracing our comprehensive, intelligent approach to identity security, and we're arming them for what's next via new innovations that address both existing as well as new emerging challenges. For example, we recently introduced SailPoint Accelerated Application Management to directly address an ongoing enterprise challenge: the frustration that comes from limiting how many applications customers connect to identity security solutions due to complexity and lack of time or resources. This is a breakthrough offering from SailPoint that transforms how enterprises discover, govern, and secure applications at scale. By uniting visibility, intelligence, speed, and automation, we enable organizations to quickly onboard and deeply govern hundreds of applications, something previously out of reach for most. We shattered the old notion that it takes years to make hundreds of applications visible in an identity solution. Our customers can now do this in hours or days and then move to a deeper level of governance. Our acquisition of key assets from Saviynt, expected to close later this year subject to customary closing conditions, stands to further enhance this offering with what we believe is best-in-class SaaS application visibility and identity risk detection. This will strengthen our ability to reduce application sprawl and deliver faster time to value, lower costs, and reduced risk. Likewise, we're tackling emerging challenges through key product innovations like SailPoint Non-Employee Risk Management, SailPoint Data Access Security, and SailPoint Machine Identity Security. Each is seeing strong sustained demand, with ARR across these offerings more than doubling in the first half of this year compared to the same period last year. SailPoint Machine Identity Security, in particular, is delivering record-breaking momentum, our fastest-growing new product in SailPoint's recent history, demonstrating the market's appetite for advanced enterprise-grade identity solutions. To highlight a couple of key wins in Q2, a leading technology company turned to SailPoint to govern their identity landscape, which spans employees, cloud infrastructure, and machine identities. In fact, their machines now outnumber human identities 20 to 1, underscoring the scale and complexity we believe SailPoint is uniquely built to handle. In another example, a 2,000 auto manufacturer modernized on SailPoint's platform to address an evolving identity landscape that spans employees, contractors, cloud workloads, and machines. This was one of our largest deals of the quarter and reflects the growing demand for a future-ready platform that can unify governance across all identities. While much of our growth is outside of traditional IGA today, we continue to capitalize on competitive displacements. Increasingly, enterprises recognize that legacy solutions can't take them into the future, and they're turning to SailPoint's modern platform to get them there. They buy from us not only to solve today's identity challenges but to prepare for tomorrow's. From governing machine identities to securing AI agents and addressing the entitlement explosion that legacy approaches weren't built to handle. A recent win with one of Europe's largest retailers replacing a stalled deployment from another vendor that lingered for more than three years underscores the strength of our future-ready approach and the value of SailPoint as a proven modernization partner. On the partner front, inbound interest from global systems integrators and leading technology firms continues to accelerate. Our newly announced partnership with HCL Technologies brings enterprise-scale modern identity security to more markets and geographies, especially in the age of AI. The market is validating our strategy. Our execution is solid, and we believe our position has never been stronger. We're building the identity security platform that enterprises trust to govern every identity, contextualize every access decision, and secure every interaction, human or machine, in real-time. While there is a lot of convergence in the industry, we're converging what we believe matters most to customers: identity, data, and security. That's what modern security demands, and that's what we believe positions SailPoint to lead in a world defined by agent scale, data sensitivity, and escalating complexity. With that, I'll turn it over to Brian, who will share more details on our financial results from the quarter. Brian?

Thank you, Mark, and good morning, everyone. Thank you for joining us today. Fiscal Q2 2026 was another strong quarter with robust demand for our leading identity security platform. We believe the depth and breadth of our platform set us apart and make us uniquely positioned to govern and secure complex enterprise environments, which is evident in our results. We ended fiscal Q2 with ARR of $982 million, an increase of 28% year-over-year, with SaaS ARR of $623 million growing 37% year-over-year. Total Q2 revenue increased 33% year-over-year, and adjusted operating margins expanded 980 basis points to 20.4%. We also generated a record $50 million of cash flow from operating activities. Let's dive in. We continue to see many durable growth drivers across the business and across industry verticals. While our ARR growth remained largely balanced between new logos and existing customer extension, Q2 was our largest new logo ARR quarter ever, primarily driven by SaaS. Notably, we saw a 30% increase in average ARR per new SaaS customer. More and more often, new customers are landing with our most fully featured offerings, which include advanced AI and automation features as well as cloud infrastructure entitlement management, which helps customers understand the identity context of their cloud workloads. Many of these new logos are also buying our emerging add-on modules, which include Non-Employee Risk Management, Machine Identity Security, and Data Access Security. In fact, new SaaS customers had a 40% attach rate of add-on modules compared to 25% in the same quarter last year. Our add-on modules are also driving expansion within our existing customer base. Once again, the ARR from our emerging add-on modules more than doubled year-over-year, contributing nicely to our NRR of 114%. Overall, we continue to see good balance across all four of our primary NRR drivers, including cross-sell, upsell, suite upgrades, and platform modernizations inclusive of migrations. Turning to revenue. In Q2, we delivered revenue of $264 million, an increase of 33% year-over-year, with subscription revenue growing 36% year-over-year. This better-than-expected result was due to strong bookings and SaaS term mix. We also benefited from the timing of term contract renewals, most materially in the Fed sector. This resulted in $7 million more upfront revenue recognition in Q2 versus what was originally expected in Q3. Please note, there was no material impact to ARR because these were renewals. In Q2, we delivered strong incremental operating leverage, which resulted in adjusted operating income of $54 million or 20.4% margin, which increased 980 basis points year-over-year. Our strong top-line growth with the increasing size of new customer wins is leading to economies of scale and strong margin expansion. In Q2, we generated cash flow from operating activities of $50 million and free cash flow of $46 million or 17.4% margin. This is a reflection of our robust growth profile, disciplined expense management, and strong collection efforts. Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges. Full details can be found in this morning's press release and supplemental earnings deck. For 2026, we expect ARR to cross the $1 billion mark at $1.029 billion, up 26.5% year-over-year. For our fiscal year 2026, we are increasing our ARR outlook by $10 million to $1.11 billion, up 26.6% year-over-year compared to our prior guidance of 25.5% growth. On a trailing twelve months basis, our guidance also assumes revenue will cross the $1 billion mark in 2026, with Q3 revenue of $270 million, an increase of 15% year-over-year, making our year-to-date revenue growth rate 23%. We expect adjusted subscription gross profit margin to be approximately 82% due to a higher mix of SaaS revenue versus last Q3, with adjusted operating margin of 16%. We expect our diluted share count to be approximately 562 million shares and adjusted EPS to be approximately $0.06. As I mentioned earlier, our Q2 results benefited from the timing of term renewals, which flow through our P&L at a high margin rate. Our Q3 revenue and adjusted operating margin guidance reflect the $7 million quarterly timing dynamic as well as future investments. As Mark mentioned, we'll be sharing much more about our exciting innovation and product initiatives at our Navigate conference in three weeks. For fiscal year 2026, we are increasing our revenue outlook by $16 million to $1.055 billion, up 22.4% year-over-year compared to our prior guidance of 20.6% growth. We are also increasing our adjusted operating income by $16 million to $179 million or 17% margin compared to our prior guidance of 15.7% margin. We expect our diluted share count to be approximately 565 million shares and adjusted EPS to be $0.21. Additionally, we remain comfortable with the second half consensus estimates for free cash flow of approximately $85 million, with roughly one-third generated in Q3 and two-thirds in Q4. Please note, we included additional modeling notes in our supplemental earnings deck. In summary, we believe we are well-positioned to win the next generation of identity security because of the depth and breadth of our platform, our continued product innovation, and our relentless focus on execution. With over 125 million identities with deep and fine-grained entitlements created over our twenty-year history, we believe we have a strong competitive position and the right to win as we combine identity, security, and data into a modern platform. We look forward to providing a deep dive into our new innovations and customer testimonials at our Navigate conference in September. With that, let's invite Matt Mills, our President, to join us and open the call for questions. Operator?

And our first question today will come from Brian Lee Essex of JPMorgan. Your line is open, Brian.

Great. Congratulations on a strong quarter, guys, and thank you for taking the question. Maybe Brian, for you, could you peel back a layer on the guidance a little bit? I caught the commentary about the upfront revenue recognition from the renewals on the federal side, but we'd love to dig into that and understand the impact on ARR from the non-SaaS ARR and how you think like did anything change with regard to the methodology of your guidance? It seems like ARR guidance was increased a bit more last quarter than it was this quarter. Just would love a little additional color there. And then maybe adjacent to that Fed comment, like confidence in going into next quarter, which is obviously a seasonally heavy Fed quarter? Thank you.

Sure. Good morning, Brian. So first of all, we're really pleased with our first half of the year. We're ahead of expectations on all guided metrics. We feel really good about us heading into the second half of the year now. We raised on all key metrics, we raised ARR by 100 basis points, up from the prior guide, up to 27% year-over-year growth. We're raising revenue by 200 basis points versus the prior guide, up 22.4% for the full year, and we're also raising adjusted operating income. So we feel really good heading into it. As you noted, this was merely a dynamic of term renewals, especially in the federal space. So when you go into a quarter such as Q2, you have to make a judgment call and you want to use some prudency around whether that's going to land in Q2 or Q3. Well, we actually had a 100% renewal rate of our term-based Fed renewals in fiscal Q2. And with the dynamics of term-based revenue recognition, as you may know, you recognize all that revenue upfront in the period of renewal. So basically, that shifted $7 million. Again, it was a timing shift, had nothing to do with anything of a pull forward of revenue. It just was merely a timing shift from Q3 that we originally expected into Q2. So we're going to be very consistent with our approach to guidance. I think we've been able to demonstrate kind of a beat and raise cadence. We feel like this is a prudent approach heading into the second half of the year. We feel like we're well-positioned. We're coming off a very strong quarter for us. We had record free cash flow. We had record net new logo ARR. It's our best quarter ever. And we feel really strong going into the second half of the year. And then just lastly, just your question on ARR impact. There was no ARR impact driven by these term-based renewals because they were renewals. They were sitting in our ARR, and we successfully renewed them at a 100% renewal rate.

All right. Helpful. Thank you.

And one moment for our next question, which will be coming from Meta Marshall of Morgan Stanley. Your line is open, Meta.

Great, thanks. Appreciate the question. I guess just diving a little bit further into that. Just the net new ARR decel in Q3 from Q2 and then just kind of what gives you confidence in the pickup in Q4? Just a little bit more diving into the Q3, Q4 dynamics would be helpful. Thanks.

Sure. Good morning, Meta. Yes. So if you look at Q2, we achieved a $57 million. That was consistent with last year. But bear in mind, it was a very tough comparable going back to last year. So if you look at this on a kind of a two-year CAGR basis, we were over 40%. So we feel good about heading into Q3 now. We feel like it's a prudent place to start. And hopefully, we can demonstrate again our beat and raise as we head into the second half of the year.

Great. Thanks.

One moment for our next question, which will be coming from Todd Weller of Stephens. Your line is open, Todd.

Let me echo the congratulations and thanks for the question. Mark, can you talk about machine identity? It's a complex market. All sorts of types of identities that are out there from service to secrets and cloud apps to the emerging world of AgenTic. And I know AgenTic is coming soon, but maybe today, where are you seeing the most opportunity? What are the use cases driving your machine identity solution? And competitively, what are you seeing in those instances?

Thanks, Todd. Thanks for the question. Yeah, I think we've tried to make sure we're trying to clarify and even delineate a little bit what we're doing from others. In our case, the machine identity approach we're taking is pretty consistent with how we've handled the governance of non-human identities. And as you noted, for now, that does not include AgenTic. We're going to cover in our Navigate launch here shortly a new product focused on agents. Our machine product would be covering things, as you said, like service accounts and software bots and RPA, maybe even some intelligent devices. I'd say in general, we're finding the situation where customers have sort of woken up, so to speak, to the fact that while some of these agents, excuse me, identity categories and machine are not new, they're a new part of the attack vector. So it's not that there's been a brand new introduction to machine identities. They've been there in many cases for some time. Now they're being recognized as part of the attack vector. And so what we've highlighted for folks in our offering is there's two things that are kind of unique about what we're doing for machines versus humans historically. One is you have to find them. You have to discover them. In many cases, customers really don't have a good grasp of the inventory of all these nonhuman identities that are already in their environment. And once you find them, then you need to kind of assign ownership. The other challenge is often there's some service account out there, there's some device out there, but it's not clear what human is responsible. So this idea of discovery and then assignment is kind of unique and new in the case of machine identity. Once we get through that step, though, in some cases, the ongoing governance and security of these identities looks pretty familiar. It's the lifecycle. It's the certification. Is this still a valid identity, who's responsible for it, has anything changed, is there any evidence of compromise? The kind of questions we answer for human identity. So we are finding that customers are very interested in this topic, and they are looking at our offering as pretty different from some of the offerings, say, that are focused more on, like, certification of servers, which is another offering for machine identity out there today. And that offering is more akin to authentication for a human. They want to validate that the machine is actually the machine they think it is, there's not a governance lifecycle approach. We're bringing our traditional lifecycle approach to these machine identities.

And one moment for our next question. And our next question will be coming from Jonathan Rakover of Cantor Fitzgerald. Your line is open, Jonathan.

Yes, good morning. So I'd be curious to hear your thoughts on the AI-driven connector integration. I mean, just from my perspective, it seems it turns what has been more of a passive kind of pipeline for access data into, let's call it, an enabler of more intelligent and automated processes. It seems to open up use cases around risk detection, potentially better context around access control. So I'd love to hear your thoughts on this opportunity. Is it going to be a part of the upcoming agent identity security solution? Is it separate in one of the incremental monetization opportunities?

Okay. Jonathan, I'll do my best. That's a complex question there. I'm going to tackle it. I think where I hear you there is saying, look, there are some unique characteristics of the emerging agent world. And as we've all read, there's been a lot of interest and a lot of experimentation, maybe a little less full-scale deployment than maybe folks thought we might be at this stage. And I guess I'd also remind people that the two classes of agents, really oversimplifying for a moment, are those that are coming through the software vendors. Workday and Salesforce and others saying, here, I'm going to introduce agentic capabilities into my platform. But then mid to large customers are going to clearly be spending time developing their own bespoke agents that make sense in their business that they think they need to develop. Right? Well, in both cases, these agents, as you said, are going to perform in some ways like a human. They're going to be trying to access the data they need to do their job. And one of the things, the themes you're going to hear from us at Navigate very strongly, we hit it somewhat on the call today, is that what's been kind of lacking in the realm of identity historically is a very tight alignment with deep entitlement data. Right? Like, how do you really understand all the data elements an identity can access? Well, in the world of AgenTic, we're going to have to get very crisp and very clear on that because these agents are going to go out trying to quote solve a problem, and they're going to go looking for data wherever they can find it. If they're allowed access to data they weren't actually supposed to see, they're going to return results that maybe weren't supposed to be visible to that person or that entity. So this idea of tying together very tightly the identity landscape, which is our historical focus, and all the deep understanding of the data so that we can have a complete picture of identity and data access, then tie that into the security landscape, that's going to be critical in this emerging world of agents. If we're going to really understand the agents and their access and their potential for risk, we have to fully understand all their characteristics and all the data they can access and then map that into the security ecosystem. There's a lot of new things coming to support that, but at a macro level, that's why we think this problem is going to be pretty challenging for enterprises. They haven't mapped those entitlements and data terribly well to the human identities today. They've got to get that right if they're really going to secure these agents in this rapidly evolving world.

And one moment for our next question. Our next question will be coming from Robbie David Owens of Piper. Your line is open, Rob.

Hi. Good morning, guys, and thanks for taking my question. Mark, in your prepared remarks, you talked a lot about modernization. And just would love you to double click a little bit on where a lot of customers are at this point, how much legacy still remains within that installed base? And with a record new logo ARR quarter, do you think we're starting to see a tipping point just in terms of a transformation of identity within that legacy base? Thanks.

Thanks, Rob. And if you don't mind, I'm going to flip this to Matt. We invited Matt to join us on the Q&A, and he's very close to a lot of our customers with legacy environments that are contemplating moving. I think we have seen a bit of acceleration in interest there. I'll let Matt kind of talk about what we're seeing out there.

Yes. Thanks, Mark. Thanks, Rob. Look, I do think we're seeing an acceleration of migrations from our installed base. I would even argue that we're seeing an acceleration of movement in the legacy business as well. And I think when we sit here and look at it, there's a number of things we talk about here today, I think that are really starting to accelerate that. I don't think agents are an if, right? It's a win. And I think a lot of these companies that have these very, I'll just say, customized solutions that are out there are woefully inadequate to be able to support this. And I think it's creating a little sense of urgency, if you will. And so we're seeing an increase in opportunities in both the legacy world and then our modern platform.

Great. Thank you.

And one moment for our next question. Our next question will be coming from Gabriela Borges of Goldman Sachs. Your line is open, Gabriela.

Hi, good morning. Thank you. Mark and Brian, I think you've been pretty consistent in saying that the mix of your business between SaaS and term will ebb and flow. My question for you is, how do we think about what that ebb and flow might look like over the next twelve months? What I mean is, is it possible that you've seen sort of an adoption conversion for some of your most tech-savvy customers in the first phase of cloud adoption or the first phase of cloud migrations and now perhaps we're in a little bit more of an ebb where it might take longer for the next phase of cloud migration? Just curious what you're seeing in the pipeline and some of your larger customer conversations as well. Thanks.

Let me start, Gabriela, and then maybe pass it over to Mark or Matt. In terms of the mix, the Q2 mix is largely in line with our ongoing targets where we target about 90% SaaS of our net new bookings. In fact, it was about 86% in Q2. You can expect this coming quarter in Q3 with the Fed year-end to be a little bit heavier for term, not materially heavier, but a little bit heavier. This is going to ebb and flow a little bit. But we still see the ongoing trend for mostly SaaS and the vast majority being SaaS. A lot of our new offerings are going to be SaaS-enabled. You'll learn more at Navigate. And I think that's really the wave of the future. Having said that, we've got a lot of happy customers that are on-prem and iQ. We're happy to meet them where they are. We happened to see some upsell opportunities, some new term deals, especially in EMEA this past quarter. So they will come along from time to time. It may not be a high number of customers that choose that, but sometimes they're larger dollar size.

Yes. I mean, I think in general, Gabriela, the trend is still strong. There's probably two things, as Matt just commented, that probably in our minds could put the potential for a little more acceleration of our installed base moving and some of that legacy. One is this pull toward AgenTic, I think, is going to maybe be the straw that breaks the back of the camel here on people thinking they can continue to live with their old solution and quote get by. I think they're starting to recognize those old legacy solutions are not going to get them there in any case. I think the other, and we are fortunate to continue to put up some strong results. But I think we all acknowledge there's not a wonderfully great macro backdrop here, right? So I think in some ways, there are times when customers might lean towards a modernization program but defer it a little in kind of tougher economic situations. We have people talking to us about having stalled that a little in the first half and bringing it back onto the plate in the second half. So we'll see how this progresses. But no, I certainly wouldn't think if the sense of your question was have we seen kind of the flow and are we about to see an ebb that's going to slow down, I don't think we are seeing that. If anything, it would maintain or perhaps even increase a little bit the rate of movement to the SaaS.

This is Matt. I would just add, when you look at the total percent of transactions, it's very small every quarter. And the thing is they're typically chunky deals. When you look at the Fed business or some of the typically, Fed business is outside of the U.S. largely. But there are not many of them. They're just chunky. Term can look like it's having a bigger impact than it is, but the counts are pretty low. And then again, of that installed base, the movement to SaaS, I'd say, is either consistent as it's been or perhaps even looking like it might pick up a little. Hope that helps.

Absolutely. Good detail. Thank you, gents.

And one moment for our next question, which comes from Saket Kalia of Barclays. Your line is open.

Okay, great. Hey, guys. Thanks for taking my question here. Mark, maybe for you, can you just talk a little bit about the relative difference in pricing per identity in machines versus humans? I mean, to your point, it feels like customers are finally seeing that as an attack surface. How are they sort of how are they willing to pay for that governance versus what they're paying for human identities? Brian, if I can squeeze in a clarification because I think it's important, can you just remind us also what drove that tough comp last year on net new ARR and how you think about that sort of on a more normalized year-over-year basis? Thanks.

Hey, this is Matt. Real quick, as it relates to last year, and then on the pricing, I'll touch on both and then I'll pass it back to Mark and Brian. When you look at our pricing, our baseline really starts with the workforce. And everything, if you've heard us talk about machine identities in prior conversations, we always talk about it being about one-third or 35%, 30%, 35% accretive to our workforce. And when you sit here and you start thinking about agents, right, it's very similar. I mean, we talked about two different types of agents. I think the first type of agent looks very similar to what a machine would look like and is priced accordingly. When you start talking about some of these autonomous agents that operate and look much more like a human being, right, they'll be priced very similar to what we price our workforce at today. And that's really how you should think about that.

Sure, yes. So Saket, just looking back to last Q2, again, we were up 86% year-over-year last Q2 in terms of net new ARR. This was driven by a strong migration quarter. Also, it just happened to be a good customer expansion cohort. These come along in terms of renewals, and depending on the cohort, you can see some really nice expansion opportunities. Really looking at this over a two-year period, again, our compound annual growth rate is over 40%. But more importantly, we are really pleased. We had a really strong SaaS quarter in terms of net new ARR. We achieved $49 million. I mean, it was $9 million ahead of our total net new ARR guidance of $40 million. So we're pleased with that. Again, I mentioned it was the best SaaS new logo ARR quarter ever. And then I also mentioned on the call, we saw a 30% year-over-year increase in average ARR per new SaaS customers. So that's really a testament to the fact that we are landing larger and larger with our customers. And they're also attaching more add-on modules to their initial purchase. That was at 40%, which was up from 25% last year.

All super helpful. Thank you.

And our next question will be coming from Patrick Colville of Scotiabank. Your line is open, Patrick.

Thank you for having me on. And it's great to be part of the SailPoint story. Mark and Brian, I guess I just want to double click on the competitive environment. We've got other public competitors talking much more about governance, which is nice validation of the governance space. But can you just talk about changes in enterprise governance bake-offs that you're seeing? Are you seeing those guys in the play? Or are those firms you're seeing in bake-offs very similar now to a year ago? Thank you.

Thanks, Patrick. Yes, good question. Yes, this is something I think may become thematic for us almost every quarter, which is while there is a lot of noise, I guess, is the right term out there from some of the folks that have more recently entered the governance space from other parts of the landscape. For the great majority of our deals, the competitive landscape in our deals hasn't changed for the great majority of those deals. As you get to, as we said often, the lower end of our enterprise market, we talked about strategics being kind of accounts with rounded off 10,000 employees and up, and then enterprise kind of from there down to a few thousand. In that lower end of that enterprise market, we will see a little more attempt at encroachment from some of these newer offerings. With very limited success. But for the most typical kinds of deals we're fighting, it hasn't changed that in the mid to large enterprise and certainly in the strategic. It's still kind of the IGA players that have been out there with pretty rich offerings. Our win rates against those competitors continue to be very strong. We continue to watch closely for kind of the progression of these other offerings and see how much they're having an impact. I think that whole converged story is more appealing down market and has a little more success. Know Matt, would you add anything to that? That's kind of what we're seeing.

Yes. No, Patrick, I would just say in that enterprise space, as Mark said, it's a little bit more challenging, right? Because typically, they're unsophisticated or less sophisticated, I'll say, buyers. And I would just offer it's terribly confusing. If you're a new buyer. Right now in terms of all the way everybody's in the identity security business, for instance. So I think it becomes a bit of a challenge down there. And then you've got the convergence play, which to those smaller, less sophisticated buyers is somewhat appealing.

Thank you very much.

Thank you. And our next question will be coming from Tal Liani of Bank of America. Your line is open.

Hi. Most of the questions about the quarter were answered. I want to ask you more about the market. So I want we spoke with one of your competitors who made the big acquisition recently. And what they're saying, and I want to hear your comment on this is number one, as the price of privileged access is coming down and the ease of deployment is becoming easier, more customers will do privileged versus regular employee identity because it is just more rigorous, better solution. And that will take away from the traditional players like yourself. And the second thing that they said is identity was sold so far standalone, it's going to be part of a platform. You'll sell it with cloud security, with other things. And so far, this market was very standalone kind of market. So just wanted to hear your views on these topics just because it relates to kind of future growth and future opportunity. Thanks.

Okay. Thanks, Tal. Those are great questions. And we'll all continue to not name who we know we're talking about. But yes, the large vendor that bought an identity vendor, I think, has made some interesting claims about how this world is going to go. Look, I think the idea that more companies will want the ability to kind of we call it escalate or de-escalate or have dynamic privilege controls over their entire identity landscape. That's accurate. The problem is for that vendor, the ways that those folks in that industry have approached privileged identities, privileged users with a very deep, very static set of controls for folks who lived in a permanent identity landscape, meaning a database administrator or a sysadmin. So you gave those people a vault to check out credentials. You recorded every keystroke. That's not what companies are talking about doing for their broad landscape. They're saying when Brian, the CFO, is logging in from a foreign country on a laptop in the middle of the night, I may want to have a tighter level of control over that than when Brian's logging in from his desktop in the office. So the idea of escalation or de-escalation or dynamic privilege controls, tighter assurances that identity is who or what I think it is, that's coming, this idea of dynamic privilege. Just our contention is it's not the traditional technology that defined the PAM market that are going to be the successful ways to do that. At scale in a highly dynamic environment. So the idea that privilege will become more prevalent is accurate. We disagree that the right way to do that is to take traditional PAM technology and try to apply them across the enterprise. That's not going to work. That's not going to scale. On the other side, on your general point about standalone identity, but before I leave it on the PAM point, I would point you to a couple of numbers. We highlighted in our earnings today that we have 125 million identities under management. And by the way, it's a little conservative. We just felt like we could absolutely defend that number. The comment from that vendor about what's just inherited was about 8 million identities with 500 to 2,000 per account. That is an order of magnitude or two lower than what we offer and often are managing in an account. So I think it's nontrivial to go a couple of orders of magnitude of scale and for people to act like that's a simple thing to do is not really logical to us. Secondly, on the standalone point, again, we would agree that companies are looking for a tighter integration of the identity ecosystem with the traditional security ecosystem, we would also kind of challenge whether they're going to want that all bundled into one offering because there isn't actually a single dominant player that owns the entire security landscape, right? I guess, the name now, a couple of folks, Palo Alto, Zscaler, CrowdStrike, all very significant players in the security landscape. We think if we do a good job of bringing the identity and data together that I talked about earlier, into a single control plane that we can manage and deliver value to the customer, we're going to need to tie that into multiple parts of the security ecosystem. So we want to be able to make sure that a customer who's leaning on any one of those other key players in the security world can tie that into their identity picture, that's our job. We want to have a complete robust picture of the identity data landscape and then expose that bidirectionally with the security vendors to make sure we can feed them information, they can feed us so customers can manage these threats that are usually targeted at identities in very real-time.

Got it. Thank you.

And one moment for our next question. Our next question will be coming from Gregg Moskowitz of Mizuho. Your line is open, Greg.

Great. Thank you for taking the question. Accelerated application management, very interesting technology. Mark, can you elaborate on how you will enhance this with assets from Savvy later this year? Also, what is the competitive landscape like in this area today? Thanks.

Thanks, Greg. Good to talk to you. Yes, I guess on the first part, yes, the Advanced App Management module, not module, excuse me, service from us is going to be kind of multifaceted. We've been working on multiple types of technology that we think can accelerate how rapidly we can onboard applications. And by the way, let me define onboard for a second. One of the confusions out there in the market today is people talking about how fast they can connect to an application. Well, what we believe is there's actually multiple layers or types of connection, right? It's one thing to get visibility to an app. Do I know that app's out there? Am I aware of the identities that are connected to that app? That is one of the things that we will accelerate with this offering from Savvy, the easy and rapid discovery and connection to that application just to bring it under the domain of SailPoint, meaning I'm aware that that app's out there. But there's another level of sophistication required in your connection technology to do governance over that, to do certifications and management. And then a third even deeper level of connectivity required to do automated lifecycle provisioning, to do real-time remediation, you know, spin up, spin down access based on changes in the security landscape. So one of the confusions out there, Matt commented earlier how confusing it is for customers when people are running around saying, I've got connectivity that's simple and comprehensive. We're like, what kind of connectivity are you talking about? Right? We need to make sure we're delineating for customers to have visibility across everything as rapidly as possible is a great goal. Then you need the ability to also deepen that into governance compliance, into lifecycle deep automated provisioning. And that's the depth technology we've been doing for many years that most folks who are claiming to have rapid easy connectivity aren't capable of. They can get you visibility. They can't actually do those other things at depth. And I'll bridge from there to your competitive landscape. Yeah, there's some newer vendors, particularly that are making some good noise and getting people excited about how easy it is to connect. We're aware of many of those. And as we dig into that, some of them have shown up kind of next to us in a couple of accounts. We find that there is a bit of exaggeration of what they could do. Like, yeah, they can connect to things easily. Can they deeply govern and manage those? Not always. And so I think we highlighted this in our road show even six, seven months ago that the challenge in this environment is to be both deep and wide. And that is our heritage. You have to be able to cover the breadth of the landscape that customers care about, you have to go deep into the entitlement layers within that landscape. That's very difficult to do for folks that haven't got that kind of technology. So I think that's really where we're differentiated and we'll continue to be differentiated.

Very helpful. Appreciate that, Mark. Thank you.

And one moment for our next question. Our next question will be coming from Shaul Eyal of TD Cowen. Your line is open.

Thank you. Hi. Morning, guys. Congrats. Brian, Matt, or Mark, so operating margin performance was absolutely stellar. Aside from the top-line beat, is it just a prudently disciplined approach you've been taking? And maybe in that context, how do you think about the second half hiring plan?

It's Brian here. I'll take that one. So yes, to your point, I mean, really drives the margin, the top-line growth. We continue to be disciplined. We had revenue growth, we raised 200 basis points by our prior guide, up to 22.4% for the full year. We're now projecting 17% adjusted operating margins. It's up 160 basis points. So clearly, we have proven that we can expand margins responsibly. But looking out to Q3, we want to be cognizant here of we've got some investments that we need to make on a couple of different fronts. One is we're launching a series of new products and modules at Navigate. We want to be able to have a successful start to that. So we want to continue to invest in that significant opportunity in front of us. And we also want to scale our go-to-market engine, heading into FY 2027. So margins do reflect that heading into the second half of the year. But again, I think we've demonstrated that we can improve margins pretty handily if we need to.

Thank you.

And our next question will be coming from Keith Bachman of BMO. Your line is open.

Hi, yes. Thank you. Good morning. I wanted to ask two questions. One to follow on Moskowitz's question is, if you think about the application segment, what are customers are you displacing existing solutions? And Part B, the question is really when could this be in a position, this aggregate segment, be in a position whereby it could contribute to net new ARR growth? Is it next year? Then my second question is hoping you could just talk a little bit about your customer growth or what to expect in terms of new logo growth over the next number of quarters? And part of it is all the things you're doing on GenTyc, how might that pull customers? The breadth of solution you have, your 250,000 ARR customer count is going up 27%. I understand that. But that also includes customers that upsell into that category. Just trying to get a little more granularity on how your customer count may help contribute to total growth over the next number of quarters. That's it for me.

So Keith, there's a couple of parts there. It's Brian here. So I think what you were referring to is our SailPoint Accelerated Application Management and its contribution to NRR. I think this will happen over time. We are trying to get off the blocks very quickly with this offering and service. So hopefully, we'll see a nice uptake of that. And I think what happens is there's a faster time to value with the customers, right? So we're going to become stickier on a whole tier of applications, Tier one, two, and three, from compliance to very deep governance with the more complex applications. And I think the faster we get there, we're going to have a more entrenched time to value, and that will show up in the form of NRR. With respect to customer count, I think we need to be careful here just because adding volumes and volumes of customers has not really been our approach. It's really the quality and the size of the land. So we are focused on the right customers. These are more larger, more complex environments. These tend to be programs, not projects. I think you saw that we had a 48% year-over-year increase in customers with greater than $1 million of ARR. You noted that there was a 27% increase in customers with greater than $250,000 of ARR. But more importantly, out of our net new ARR this quarter, it wasn't necessarily the volume of the customers, it's the size of the lands that we're doing. Our ASP, our ARR per those new logos is up 30% year-over-year, and it's also the attach rate of other modules. So again, it's not the number of customers, it's the quality and size of the customers that we land.

And our next question will come from Gray Wilson Powell of BTIG. Gray, your line is open.

Okay, great. Thanks for taking the question. And yes, I hear that Gray Powell guy is a pretty good analyst. He's been following me around for a while.

That was great. It so does brother Gray, I heard.

Yeah. Thanks. Okay. So a lot of good questions have been asked. Maybe just sort of a high-level macro one. There's a lot of uncertainty in the macro environment around tariffs back in April and May. Just how much have things changed the last three or four months, if at all, just how does your visibility on demand and your pipeline feel today versus a few months ago? Thanks.

I'll get that correct. I think we're fortunately in a very resilient market. These tend to be mission-critical, not nice to have but must-have decisions for enterprise-level customers to make. So I think we're fortunate to be in that. In terms of our ability to navigate through the macro environment and the tariff situation, we have not seen material impact on our funnels. We're cognizant of it, but it hasn't been something that we're overly concerned about. And what's nice is that we sell into all verticals. So we've got a very, very balanced growth strategy among many different verticals. So we're not relying upon any single one vertical. So again, I think we're feeling very good heading into the second half of the year.

All right. Got it. Thank you very much.

And I would now like to turn the call back to Mark for closing remarks.

Thank you. And Latonya, no worries on Gray and Gary. Happened to him so much that's why we joked about it. Thanks, everyone. Really appreciate these great questions. Obviously, it's a we believe a very strong story, but some complexity, and I really appreciate the opportunity to clarify where we are and kind of the dynamics of the landscape and the financial performance. So we look forward to continued dialogue. Thanks, everyone, for joining the call. Well, have a great day.

This concludes today's conference call. Thank you for participating. You may now disconnect.