SailPoint, Inc. (NASDAQ:SAIL) Q3 2026 Earnings Call Transcript

SailPoint, Inc. (NASDAQ:SAIL) Q3 2026 Earnings Call Transcript December 9, 2025

SailPoint, Inc. beats earnings expectations. Reported EPS is $0.08, expectations were $0.06.

Operator: Thank you for standing by, and welcome to SailPoint’s third quarter fiscal year 2026 earnings conference call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question and answer session. To ask a question during the session, you will need to press 11 on your telephone. To remove yourself from the queue, you may press 11 again. I would now like to hand the call over to Scott Schmitz, VP of Investor Relations. Please go ahead.

Scott Schmitz: Good morning, and thank you for joining us today to discuss SailPoint’s Fiscal Third Quarter 2026 Financial Results. Joining me today are SailPoint’s Founder and CEO, Mark D. McClain, and our Chief Financial Officer, Brian Carolan. For the Q&A portion of today’s call, we will also be joined by our President, Matthew Mills. Please note that today’s call will include forward-looking statements. Because these statements are based on the company’s current intent, expectations, and projections, they are not guarantees of future performance, and a variety of factors could cause actual results to differ materially. This call will also include references to non-GAAP results, which exclude certain items that do not reflect our underlying business performance.

Please reference this morning’s press release and our supplemental earnings presentation hosted on investors.sailpoint.com for further information regarding our forward-looking statements and non-GAAP financial measures, including reconciliations to the nearest comparable GAAP financial measures. And with that, I’d like to turn the call over to Mark.

Mark D. McClain: Thank you, Scott. Good morning, everyone, and thank you for joining us today. We are thrilled to share our most recent quarterly results that include a significant milestone for the company. In fiscal Q3 2026, we surpassed $1 billion in annual recurring revenue, or ARR. With this exciting milestone, I wanted to use today’s call to emphasize three key themes. First, our reimagination of identity security. Second, our accelerated pace of innovation. And third, our confidence as we look ahead to Q4 and beyond. Let me start with the broader transformation happening in identity security. The market is moving beyond static, compliance-first approaches toward real-time adaptive identity, an approach we were one of the first to champion.

By unifying identity, data, and security intelligence with the SailPoint platform, we are helping organizations gain the visibility, control, and scale needed to defend against an ever-expanding threat landscape in real-time. We believe our Q3 results validate that strategy, reflecting our disciplined execution, the impact of sustained innovation, and the accelerating demand for identity security as the control point for enterprise security. This leads to my second theme, innovation. Our newer product introductions continue to drive strong interest, fueling our robust cross-sell growth. Customers see clear value in how these capabilities extend the reach and intelligence of identity across their enterprises. This is especially true of our SailPoint machine identity solution, which remains our fastest-growing launch to date.

We also just completed our largest-ever global user conference series, called Navigate, where we unveiled a family of innovations that together represent what we believe to be the most significant product launch in our company’s history. These innovations center on four key themes: real-time identity governance, expanded protection for digital identities like agents and machines, a universal and dynamic approach to privilege, and deeper integration of identity intelligence into the security operation center, or SOC. All of this uses our Atlas platform as the foundation. The response has been immediate and extremely positive. Customers have confirmed that these innovations bring our real-time adaptive identity vision to life in a way they have been waiting for.

The early momentum we are seeing across products signals that organizations are adopting this vision quickly and with conviction. A few areas in which we are seeing particularly strong interest include SailPoint agent identity security for deeply managing the exploding landscape of agent identities, SailPoint accelerated application management for helping enterprises quickly onboard the hundreds or thousands of applications they use and to put strong governance controls around them, and SailPoint observability and insights for delivering real-time identity intelligence, stitching together signals from across the IT ecosystem to reveal hidden risks while strengthening security for all identity types. Importantly, this wave of customer interest and adoption is reinforcing the strategic path we have been driving for years.

Gartner’s 2025 market guide for IGA validated what we have long believed: that identity is no longer a compliance checkbox. It is a critical control for securing the modern enterprise. The industry is only beginning to recognize this shift, but our customers are already benefiting from innovations we built on this very premise. As we continue expanding our family of identity security solutions, we are also evolving how customers can acquire and adopt that innovation. We recently introduced our new flex licensing model that is designed to meet customers where they are, not only in their identity journey but in how they prefer to buy and deploy our solution. With digital identity surging, customers need the ability to take advantage of new capabilities quickly and efficiently.

Our flex licensing model is built for exactly that, giving organizations more choice, more flexibility, and a clear path to adopt the innovations we are bringing to market at the pace that makes sense for them. Another growth driver this quarter is the ongoing opportunity to help our IdentityIQ customers migrate to SailPoint Identity Security Cloud. These migrations are not only modernizing their environments but also strengthening their long-term alignment with our platform. For example, one of the largest US-based logistics and shipping providers is migrating to SailPoint Identity Security Cloud. As part of this migration effort, they also added SailPoint Machine Identity Security to identity security, choosing SailPoint for our scalable, automated, and intelligent approach.

With Identity Security Cloud, they will be able to support a large and growing number of digital identities and applications, giving them a clear path to expand into agent identity security and other areas like identity threat detection. Organizations are making these modernization moves because they know we can scale with them as their journey evolves. At the same time, customers are strengthening their investment with us as their identity and digital landscapes continue to expand in the number and variety of identities they manage and in the volume of applications, systems, and data those identities need to access. Our Q3 results reflect this trend. We believe this is a clear sign of the trust customers place in SailPoint to secure their rapidly growing identity service.

As just one example of this expansion trend, a large energy and utility company experienced such a successful migration to Identity Security Cloud that they significantly extended their investment with us, adding SailPoint machine identity security, agent identity security, observability and insights, accelerated application management, and Atlas Enterprise, all through our flex licensing model. This combination of new product offerings attracting new customers and our existing customers expanding with us shows the strength and balance in our business model. It also underscores our clear differentiation: the breadth of identities we protect and the depth of context we provide. The SailPoint platform delivers adaptive identity by unifying identity, data, and security intelligence in real-time.

The platform also enables organizations to continuously adjust access security decisions based on risk and business dynamics. We believe this combination is unmatched in the market today, and it is why customers continue to choose SailPoint to grow with us over time. And finally, it has never been easier to deploy with SailPoint. We understand that innovation only matters if customers can quickly realize its benefits, which is why we are focused on simplifying deployment and accelerating time to value across our new solutions. The recent introduction of SailPoint accelerated application management allows customers to intelligently discover and onboard all, not some, but all of their applications for immediate governance. Our digital agent, Harbor Pilot, further simplifies the administration of identity programs through natural language prompts.

And our partner ecosystem is leveraging AI to streamline and accelerate application onboarding, expediting time to value for our joint customers. Taken together, our results speak to a company executing with focus, delivering value for customers today while positioning ourselves for the next stage of growth. This brings me to my third theme, confidence. Just as important as what we achieved in Q3, what it signals about the path ahead. Our pipeline remains strong and diversified, and we continue to see strong engagement across both new and existing customers. As the attack surface expands and agent-based threats accelerate, organizations are turning to SailPoint faster than ever. Our most recent Horizons of Identity report underscores why. The majority of enterprises are still early in their identity maturity in horizons one or two, and moving forward requires stronger agent management and a unified identity data model.

We believe we are uniquely positioned to help them advance. While we are focused on finishing the year strong, we are equally committed to building for the long term. Our strategy is grounded in what we believe has always set SailPoint apart: the depth of identity context we deliver and the breadth of identities we protect. With governance at our core, our platform provides a level of precision and granularity that we believe others cannot replicate. It is also what enables us to expand the definition of identity security and support an adaptive identity model that protects enterprises efficiently and effectively in an increasingly dynamic environment. As an independent player, a market more recently defined by consolidation and bundled point solutions, SailPoint is emerging as a strategic identity layer in the security landscape, with a common cross-vendor fabric that delivers clarity and context across all security signals.

To that end, we are continually investing in innovation that continues to push the boundary of modern identity security. More intelligence, more automation, and deeper connectivity that embeds identity context across the security ecosystem. As identity becomes the control center of enterprise security, SailPoint is defining and leading a new era for the industry. I want to thank our customers for their trust, our partners for their collaboration, and our employees for their incredible commitment and execution as we continue driving this mission forward. And with that, I’ll hand it over to our CFO, Brian Carolan, to walk through the financials in more detail. Brian?

Brian Carolan: Thank you, Mark, and good morning, everyone. Thank you for joining us today. As Mark noted, this quarter, we surpassed $1 billion in ARR, closing fiscal Q3 at $1.04 billion, representing a 28% year-over-year increase. SaaS ARR grew 38% year-over-year and now stands at $669 million, representing 64% of total ARR. The consistency of our growth at scale is something we believe few in the cybersecurity market have been able to accomplish. This quarter, the durability of our growth was once again due to many drivers across both new and existing customers. The strength was also broad-based across geographies and industry verticals. We were especially encouraged by the strong initial interest in the new products we introduced at our Navigate conference.

In fact, we booked orders for each newly available product despite only being generally available for one month. The demand behind these new offerings is contributing to the healthy expansion of our pipeline. Overall, we experienced strong growth in our cross-sell motion, driven by our nonemployee risk management, machine identity security, and data access security solutions, which collectively more than doubled in ARR year-over-year. As Mark noted, we also had a strong migration quarter, which we refer to as platform modernizations. The strength of our platform and ability to govern and secure all identities, from human to machine to AI agents, has led enterprises to conclude that now is the time to modernize their environment. It is also worth noting that more than half of our platform modernizations included at least one of our emerging cross-sell products.

And with our new flex licensing model, we are making it simpler for customers to adopt and deploy our platform and future innovations. Additionally, we continue to see a shift towards our most fully featured business plus suite, which accounts for more than half of our suite-based ARR. The combination of strong suite-based adoption, cross-sell expansion, identity upsell, and platform modernizations demonstrates customer alignment with our strategic vision of adaptive identity security. These expansion motions contributed to our net revenue retention, or NRR, of 114% this quarter. Moving on to the P&L. In fiscal Q3 2026, we delivered revenue of $282 million, an increase of 20% year-over-year, with subscription revenue growing 22% on top of strong growth in the year-ago period.

We remain committed to driving top-line growth through investments in our partner ecosystem and product innovations to extend our position as a market leader, all while delivering results in a responsible manner. In the third quarter, we delivered adjusted operating income of $56 million, or 19.8% margin, well above our guidance driven by higher term subscription revenue and disciplined expense management. We generated cash flow from operating activities of $54 million and free cash flow of $49 million, or 17.4% free cash flow margin, which reflects our robust growth profile. Turning now to guidance. For simplicity, I will refer to the midpoint of our guidance ranges where applicable. Full details can be found in this morning’s press release and supplemental earnings deck.

For the fiscal fourth quarter and full year 2026, we are increasing our ARR guidance by $12 million to $1.122 billion, up 28% year-over-year. From a net new ARR perspective, this implies $82 million, or 30% growth for the fiscal fourth quarter, and $245 million, or 26% growth for the fiscal year 2026. As it relates to our revenue guidance, we expect to deliver $292 million in fiscal Q4 2026, an increase of 22% year-over-year, with adjusted operating margin of 20.2% and adjusted EPS of $0.09. For fiscal year 2026, this translates to revenue of $1.069 billion, an increase of 24% year-over-year, with adjusted operating margin of 18% and adjusted EPS of $0.23. We expect our diluted share count to be approximately 565 million shares. In summary, we are confident in our strategic direction and our team’s demonstrated ability to execute.

Our strong quarterly results, underscored by our increased guidance, reflect the inherent strength of our market position and continued product innovation. We remain committed to driving durable, profitable growth, and we are optimistic about our ability to deliver significant long-term value to our shareholders. With a well-defined roadmap, an exceptionally talented team, and an expanding market opportunity with multiple growth drivers, we believe we are well-positioned for continued success. With that, let’s invite Matt Mills, our president, to join us and open the call for questions. Operator?

Q&A Session

Operator: Thank you. As a reminder, to ask a question, you will need to press 11 on your telephone. To remove yourself from the queue, you may press 11 again. Please limit yourself to one question and one follow-up to allow everyone the opportunity to participate. Our first question comes from the line of Joseph Anthony Gallo of Jefferies. Your line is open, Joseph.

Joseph Anthony Gallo: Hey, guys. Thanks for the question, and congrats on the $1 billion ARR milestone. That’s a huge achievement. Yeah. Obviously, AgenTeq security will benefit your existing customers first. But can you just talk about the top of funnel pipeline with new logos? I mean, IGA has been around for a while, but there’s a huge opportunity there. Is AgenTeq forcing people to examine their human identities as well?

Mark D. McClain: Thanks, Joe. This is Mark. And I just as we got into question and answer time, did want to thank everybody for joining us today and also look forward to seeing many of you tomorrow at the Barclays conference out in San Francisco. But with that, I’ll probably pass that one straight to Matt because in terms of what we’re seeing out in the demand landscape out in the customer, both new customers that are in the process of looking at our broader IGA offering as well as existing customers who are pretty excited about what’s happening with JEDx. So, Matt?

Matthew Mills: Yeah. Thanks, Mark. Hi, Joe. Look. I think you’re thinking about it the right way, that install base and then the greenfield. And I think there’s a consistent thread in all of that as folks are starting to move into this. And that is how much? How much do I need to get started? There’s a certain amount of still, you know, people really don’t know. And so that’s one of the reasons. I don’t know if you saw it yet. Yesterday, we announced our flex pricing, the Navigator flex pricing models. And one of them is actually called the digital identity flex. And it allows companies to get into this at a really nominal rate. Right, and then start growing into it from there. I think that’s going to help accelerate a ton of interest because that’s been one of the long poles in the tent, if you will.

When you look at our greenfield proposals and things that are going out, look, I know that one’s going out that doesn’t have AI in it. And so again, I think this is going to accelerate all of that because, with these flex models now, no longer do we have to spend a ton of time trying to figure out exactly how many people need to be able to get started. So we remain hugely upbeat. I think the field is hugely excited about this announcement we made yesterday with these Flex Navigators.

Joseph Anthony Gallo: Awesome. Thank you. And then just as a follow-up, you know, Brian, you’ve done a tremendous job with ARR beating raises. I just wanted to double click on 4Q. I mean, you beat the first two quarters of the year by 2% approximately, 1% this past quarter. 4Q appears to be a modest acceleration in new business for ARR. I know there are moving parts, but just anything that we should think about whether it was slip deals, FX, or anything else just to gain comfort in the ramp into April? Thank you.

Brian Carolan: Yes. Thanks, Joe. Yes, I think you’re right. I mean, I think we feel really good about the overall health of the business. We’ve been public for three quarters now. We have met or exceeded all guided metrics heading into Q4. We have a lot of confidence. I wouldn’t read anything into slip deals whatsoever. I think this is a typical fourth quarter for us. We feel really good about where we stand right now with the pipeline. If you step back and look at the linearity of the fiscal year, Q4 will represent about a third of our total year net new ARR. So very consistent with prior two fiscal years. And I would say that, again, we feel really good heading into it.

Joseph Anthony Gallo: Great to hear. Thank you.

Operator: Star one one. Again, we remind you to limit yourself to one and one follow-up. Our next question comes from the line of Robbie David Owens of Piper. Your question, please, Rob.

Robbie David Owens: Great. Good morning, guys, and thank you for taking my question. Mark, you talked a little bit in your prepared remarks about this is a market defined by consolidation of point solutions. I’d just like to hit on the consolidation theme, especially as we’ve seen a lot of adjacent vendors now starting to look at the IGA market. So I realize this has been relatively recent, but any market confusion from your sense, number one? And number two, maybe rewind us why SailPoint has such a differentiated and defensible solution over the long run. Some of these other larger tech bellwethers start to play in IGA? Thanks.

Mark D. McClain: Thanks, Rob. Good to hear from you. Yeah. A couple of comments. And fortunately for us, this is a consistent message. If you even go back to our IPO roadshow messaging, we talked quite a bit at that time about what we thought was a pretty defensible moat around breadth and depth. And just to define those terms a little bit, right, breadth being the range and scale of identity types. You know, obviously, we’ve evolved through the years from employees to nonemployees to now two big flavors of nonhuman kind of machines, you know, bots and service accounts, etcetera, and now agents. And that breadth is certainly something that we’ve proven that we can handle at scale, but probably what gets lost sometimes is the importance of the depth of what we can do for that breadth of identities, and that gets into these detailed entitlements.

And what we’re finding is that others are jumping into this game as you say, Rob, there’s a lot of movement either building and or buying into the IGA space from folks who have been near us and even folks that have been a little further away in the security landscape. What they’re all, I think, going to struggle with is handling those two things together. There are people coming from the access landscape that have tons of breadth of volume, but typically solutions built on that base have very little depth. They’re basically login-focused and very rarely can get into the detailed entitlement structure, particularly of older bespoke applications, which are very prevalent in large enterprises today. And on the other side of people coming from, say, the privileged landscape that certainly have demonstrated an ability to go deep, their challenge is going broad because, typically, they are managing a very limited number of identities in any given part of an enterprise.

Those kind of permanently privileged static privileges like database admins and sys admins. So taken together, it’s that ability to start from a very rich base of breadth and depth and then rapidly expand on both vectors, you know, expanding into this rapidly exploding landscape of machines and nonhumans and agents. While continuing to invest and we think a fairly defensible moat. We know of startups that are out in the market with sub 100 deep complex integrations into applications, and we are in the tens of thousands now. So that is a fairly significant gap from some of those companies’ current offerings to our offerings. So I think we feel quite good that while people are making a lot of noise and it’s easy to make a lot of claims about entering this marketplace, doing the hard work of really digging into these landscapes or these complex enterprises is very challenging.

I think we’re starting to see some acknowledgment of that from some of the folks around us.

Robbie David Owens: Great. Thanks for the color.

Operator: Thank you. And again, ladies and gentlemen, in the interest of time, we ask that you limit yourself to one question. Our next question comes from the line of Gray Wilson Powell with BTIG. Your question, please, Gray.

Gray Wilson Powell: Great. Thanks for taking the question. Yeah. So can you talk about the Savvy acquisition that you announced back in August? And I think that underpins the accelerated application management products. So just, like, how does that impact a customer’s time to get up and running on SailPoint? Are there any, like, finer points you can give there? And then to the extent that it’s easing friction, is that something that can help you move down market?

Mark D. McClain: Hi, Gray. It’s Mark. I’ll take the beginning of that. I’ll probably pass it for a little more depth to Matt because he dug in now with some of the customers that are looking closer at that. But, yeah, we are really pleased to find Savvy out there. We’ve known of them in the market. And what they had is some pretty slick—I think that’s not a technical term, but—pretty slick technology for discovering applications as they’re coming through the front end to the browsers. And as a result, you know, we’ve had confidence now to stand up and say to customers, Chandra made this point at our Navigate conference, that we believe confidently we can discover effectively all of their applications in a relatively short time frame.

But that’s what we call tier one. In other words, understanding those applications are out there and exist. And when others have been claiming, oh, we’re faster and better than SailPoint, it’s like, well, they’re just claiming they can get visibility. We then define tier two as the ability to kind of rich compliance and understanding how to, you know, authenticate who has, you know, access and then make sure that’s audited and compliant. And then most deep and challenging level, we call tier three applications where we can get into automated provisioning life cycle management where changes are made automatically by SailPoint based on changes in the environment. But when you get into those tier two and tier three applications, it’s much, again, much bigger moat technically for what it means to get into that realm.

But where Savvy and now our SAM’s, accelerated application management, SailPoint accelerated application management solution comes in is to help us get that broad coverage very rapidly and then go from there into the depth as customers require in their environment. You know, Matt, what are you seeing kind of in the demand out there in the customers?

Matthew Mills: Well, look, I think this has been something that our competitors have, you know, effectively used against us for some time. And so now we have this savvy tool, as Mark said, we market it as SAM. It is now available. And I think there’s a couple of things. When you look at these tier ones, right, these typically, it’s like, just want to be aware. And you can get a little bit of detail around it, like users and maybe a basic level of entitlement. But with our savvy, SAM solution, you can also categorize. So now these companies will be able to say, how many of these applications are actually using agents? And I think that’s a really, really big thing. Because all of a sudden now when you realize that of your thousand applications, 900 of them are actually using these agents that maybe you’re getting from a self-serve service, ServiceNow or Salesforce.com.

Right? Now you’re going to have to do something other than just be aware. You’re probably going to want to go up to this tier two level that Mark was talking about. And all of a sudden, the stakes just got really significantly bigger. Everybody trying to get there. So we think our tool here is going to continue to allow us to get to this security around and governance around these applications much quicker than anybody else. So, I think you’re going to see this basically on every deal we do, to be fair, Gray. We priced it very reasonably so that everybody can actually use it. Because we think it’s a big differentiator. Just one last comment I’d add there, Gray. That is that, you know, this is part of this fundamental evolution of this space from kind of a compliance audit focus, which came out of Sarbanes-Oxley and where big companies would really only govern deeply a small handful of applications because those are the ones they had to audit.

As we move toward truly securing these applications, that’s why we have to get visibility and control over basically the majority, if not effectively all apps, and then go deep into deep governance and deep compliance on the ones where the customer says, that’s really important to me. I want to maintain much more strict controls over those. And it’s that flexibility to understand the breadth of the landscape and then go deep into various apps again, I think others are going to have a lot of struggles to catch up to where we are today after a couple of decades of going deep in many, many of these complex applications.

Gray Wilson Powell: Got it. That was really helpful. Thanks for the detail, and congratulations on the strong results.

Mark D. McClain: Thanks, Gray.

Operator: Thank you. Our next question comes from the line of Shaul Eyal of TD Cowen. Please go ahead, Shaul.

Shaul Eyal: Thank you. Good morning, everybody. Congrats on the set of results. My question is about operating expenses. You guys are doing a great job. Talk to us about the internal usage of AI to also take advantage of some of these opportunities and curb cost? Thank you.

Brian Carolan: Yeah. Hi, Shaul. It’s Brian here. Thanks for the question. So we are embracing AI internally. You know, we use this as an existential competitive advantage as well in terms of the tools that we’re exploring across all aspects of the business, you know, from product development to go-to-market to internal G&A functions. Really exciting stuff. I think that, you know, we’re still, as with many companies, in the early stages of it. But we are really excited about the use case possibilities, and we’re starting to see some payback on that.

Shaul Eyal: Many thanks.

Operator: Thank you. Our next question comes from the line of Peter Marc Levine of Evercore. Your line is open, Peter.

Peter Marc Levine: Great. Thank you, guys, and congrats on the quarter. Maybe one for Mark or Matt. As you look at traditional PAM vendors, they emphasize bolting, session recording. How do you articulate SailPoint’s competitive moat as you kind of move towards this, like, new-gen PAM? How do customers still view privileging through that kind of legacy lens? And then what’s kind of what’s your pitch to them? And then one for Brian. Brian, on the new kind of call it, not the pricing model, but if you think about the flexing model, maybe walk us through, like, the margin impact, the pricing model, how does that work, and should we expect any kind of variations or seasonality in the model going forward as this starts to ramp up? Thank you.

Mark D. McClain: I guess I’ll start with the privilege, and Matt may make a comment or two. Then I’ll flip to Brian for flex pricing. Peter, I guess on the first point, yeah, the things we like to say is, like, it’s not that that use case, that traditional PAM use case is going away. It’s not. It’s just going to represent an increasingly smaller part of the challenge that customers are wrestling with. Because even the folks at Palo who obviously did the cyber acquisition are making pretty public comments now about the challenge of now taking what they’ve done traditionally across that limited set of permanently static privileged users and making privilege—I think they’ve used the word dynamic or something like that. We’ve used the word democratizing privilege.

The concepts are the same. The idea that over time, every identity, human or nonhuman, may have reasons to be treated as a privileged account and that can basically be flexed up and flexed down—not flexed pricing. Sorry. Don’t want to confuse you with that term. But the level of privilege might flex up or flex down. And as a result, it’s that challenge, again, of having that broad understanding of that deep entitlement landscape so you can make choices. Based on context is going to start to become a big word here. Not just the who/what is accessing what information, but from where, at what time, with what intent. That’s going to be another concept we’ll be talking more about, particularly with agents. What is the intent an agent has in accessing information, and does that seem typical or expected?

And if so, great. If not, I’m going to escalate the privilege required to get to that in very real time. In a dynamic just-in-time kind of notion there. So this idea that privilege will become ubiquitous and flexible is quite different from the technology that was required to build static privilege—a kind of a permanent safe vault of these credentials that were kind of checked out and checked in for very important use cases like database administrators and such. So it’s not that that isn’t an important part of securing the environment. It still is. Right? But we believe that the next wave is going to be far more about this broad-based ubiquitous dynamic privilege. With all due respect, the folks that have come from PAM don’t have any particular advantage at solving this problem versus folks like SailPoint who come from a broad and deep understanding of the entitlement landscape.

So that’s why we think we’re well-positioned to handle that.

Brian Carolan: And then I’ll just comment on just the new flex licensing model. Flex navigators is what we call it. Again, we’re really excited about this. We think it’s going to help customers buy and consume the way they want to and really optimize their investment, deploying what they need, when they need it, recognized ratably over time. This will be SaaS. It’ll be The flex licensing pool is tied to our rate cards, list prices, so I wouldn’t read into anything in terms of an overall to see how margin degradation. So I think we’re going to be really excited customers utilize this in the best way for their environment. It’s also going to help accelerate migrations or what we call platform modernization. So helping our on-prem customers adopt and grow into an ISC identity security cloud platform, faster and easier. In a much more economical way.

Peter Marc Levine: Great. Thank you, gentlemen. Congrats again on the great quarter.

Operator: Thank you. Our next question comes from the line of Meta Marshall of Morgan Stanley. Your line is open, Meta.

Ryan Lances: Hey, everyone. This is Ryan Lances on for Meta Marshall, and thanks for taking the question. Guess just from a go-to-market standpoint, you’ve announced multiple new product offerings and a new flex pricing model. So I’m just curious if you could provide some additional color around how ramping sales personnel on these new products and initiatives more broadly has trended thus far and maybe just kind of how you’re thinking about sales hiring going forward? Thanks.

Matthew Mills: Hi, Ryan. This is Matt. Look. I think this is something we certainly pay attention to. I think if you look at our go-to-market model, we have a lot of specialization that’s built up historically in our solution engineering organization, and that’s where a lot of that comes from. I think one of the things you’ll see from us, we started this last year adding a bit of these specialty sellers that are specific to an area might so take into consideration data. We think that’s a little bit of a different selling motion, and it warrants at least initially some expertise to come in and, you know, alongside the field team. So I think you can see us looking at things like that as we go forward, and that’s one example of where we moved.

Operator: Thank you. Our next question comes from the line of Jonathan Rakover of Cantor. Your line is open, Jonathan.

Jonathan Rakover: Yes. Good morning, and thank you. I’m wondering if you could touch a little bit more on the success you called out with data security. But, you know, I would assume that the attach rate could be quite high on agent identity, but I realized it’s still early in that journey. So maybe just touch on the use case that’s driving that success. And just, you know, from a big picture viewpoint, we hear a lot of identity companies talk about the importance to data as it relates to identity security. Can you just, you know, touch on that strategy at SailPoint as well? Thanks.

Brian Carolan: Hi, Jonathan. It’s Brian here. I’ll start, and I’m going to hand it over to Matt for a little bit more color. So, I mean, we’re really excited about just kind of the, I’ll say, the market basket of all of our cross-sell motions that contribute to our NRR number of 114%. They’ve more than doubled year over year, and that’s a composition of things like nonemployee risk management, machine identity security, data access security, and then more recently, we’re starting to see some green shoots from AgenTeq identity security and many of the other products that we launched at Navigate. So there’s a lot of interest at showing up in the pipeline. I would say it’s still early on some of the navigate launches, but very exciting from our perspective, and we’re starting to see a strong attach rate of the new cross-selling motion.

In fact, out of our new SaaS customers, this past quarter, we had a little bit more than a 40% attach rate of some of these new cross-sell motions. So, again, they we are landing with some of them right out of the gate. And that’s only going to allow for some more expansion as we have more and more product out there that we just launched. It’s the only point we can make. I’ll jump in and probably pass to Matt again on this, Jonathan. We’ve had a product out in that data landscape for quite some time because we were pretty early on in identifying the fact that while the history of this space has largely been about application protection, you know, who or what are these identities and what apps can they access, and within the apps, what entitlements.

Quite a while ago, we said, well, at some point, this space is going to need to incorporate direct access of those identities to data, both structured and unstructured. And things like, you know, the family of Microsoft apps, PowerPoint, Word, etcetera. But now as well as deep data access and the things like Snowflake and Databricks. Right? Well, there’s going to be, we think, a continued need for that human direct access to data, which is, again, we’ll be building on the heritage we’ve got with what we’ve called our data access security product. But importantly, in this new realm of AgenTeq, it’s that full connection thread from the human or business function that has authorized an agent to take access directly to data, whether that data is in, again, Snowflake, Databricks, out in an LLM somewhere, understanding that full thread that’s going to be extremely challenging for folks who don’t have that breadth and depth already defined.

And our data offering will actually be a part of our advanced AgenTeq coming in the future. We kind of pointed toward that at Navigate, but it’s not yet available. I think, Matt, we can talk about kind of where that’s headed.

Matthew Mills: Yeah. No, Jonathan. If you’re intuitively, you’re right on. Right? We believe the same thing that it’s going to be awful hard to secure the work of an agent without data. So I think we talked a little bit about that at Navigate. I think you look at us historically, our data access security product has been unstructured. It’s now moving over to structured data as well. And so I think you’re going to see as we roll out that product, DAS will it’ll drag DAS with it. So it’s, we’re pretty excited about it.

Jonathan Rakover: Yep. Very helpful. Thank you.

Operator: Thank you. Our next question comes from the line of Shrenik Kothari of Baird. Line is open, Shrenik.

Shrenik Kothari: Hey. Yeah. Congrats, and thanks for taking my question. So you did address the newly launched product traction, which is very impressive. I would like to double click into the observability insights you described as fabric. Of course, that’s it is a telemetry across systems. Can you just walk us through how customers are using or looking to use that in practice? What’s the monetization model there? And structurally, does this give you leverage to embed into broader SOC workflows and capture that wallet share as well? Thanks a lot.

Mark D. McClain: Well, I’ll start with we’ll do a lot of these. We’ll probably start and hand up to Matt. Right? I think on this one, yes, you got it exactly right. There’s going to be a number of different things we think will be pretty powerful coming out of that O and I product. One is just the visualization of this connectivity, again, of that thread I talked about. When I can look in identity and understand the path all the way through an application or not through an application directly to the data and understand whether that’s appropriate and, you know, being used as expected. And tying that as you observe into the SOC, whether that means kind of from our product line to other product lines from folks like Zscaler or CrowdStrike or Palo, or possibly embedding that into some other people’s workflows in their SOC directly.

And so we’re having both kinds of conversations today, kind of I call it, higher level integration and perhaps even deeper kind OEM level integration that we think could be interesting over time. It’s that visualization and understanding of that full value chain, if you will, that that product’s going to be focused on. And then the insights part of it is to expose to the security teams and the identity teams whether there’s current risk or potentially latent risk that needs to be identified and dealt with before something negative happens. So it’s this idea of visibility into the true risk profile of a lot of these things is very, very difficult today. You will hear if you talk to I’ll call them honest people that work in the SOC that one of their biggest challenges is when they see a vulnerability or a threat emerging, coming through any one of those landscapes out in the cloud, through a device, on the network, you know, all the places we look for threats, the great majority of those things, those tools are identity blind.

They don’t understand the identity that’s either creating that access or could be negatively impacted. And so it’s bringing together this rich identity context we believe SailPoint is uniquely positioned to provide tied into that deep security and threat landscape from the SOC and all those kinds of tools we mentioned. That’s going to be a new era, we think, of much better defense against the bad and the threats merging. So that’s you’re right on in terms of where we’re headed with that product and what we think will be kind of a breakthrough the landscape of really giving true security tools to the SOC relative to identity.

Shrenik Kothari: Great. Very helpful color. Thanks a lot.

Operator: Thank you. Our next question comes from the line of Matt Hedberg of RBC. Your line is open, Matt.

Matt Hedberg: Hey, guys. Good morning. Thanks for taking my question. Congrats on the results from me as well. Brian, I realize you’re not giving any sort of perspective on fiscal ’27 yet. You got it so close off 4Q. But any sort of, like, high-level thoughts or guide rails on kind of how you’re kind of approaching the new year, whether it be growth or margins or anything like that that would help us?

Brian Carolan: Yeah. Sure. Hi, Matt. I would say that we’re really pleased with our margin performance this past year. I think we’ve demonstrated our ability to expand margins, you know, in a nice healthy basis while, you know, driving high top-line growth. I would say that this year, we benefited to a certain extent by strong term-based revenue through strong, you know, Fed renewals, some slightly longer durations. Not so sure I expect that to continue FY ’27. So that was a little bit of a tailwind for us this past year. We’re still going to invest for growth. I think, you know, we’re going to favor, you know, point of growth over profitability because we know we can deliver profitability. But we’re in a rare universe here in terms of companies that can deliver into the high twenties almost touching 30 of ARR growth while delivering significant margin expansion.

So we feel like we’re really uniquely positioned. We’re going to continue to take advantage of our competitive opportunity.

Matt Hedberg: Thanks.

Operator: Our next question comes from the line of Junaid Siddiqui of Truist Securities. Your line is open, Junaid.

Junaid Siddiqui: You’ve talked about significant customer interest in your agent identity security solution. And my question is, what hurdles do you potentially anticipate in customer adoption of AgenTeq AI for identity security? And how are you preparing organizations to trust AI-driven identity decisions at scale?

Mark D. McClain: Well, Junaid, I’ll unpack that if I can. I think I heard two different questions in there. And one is, what are we going to do to help customers manage their agent environment? And as we’ve often said, there’s basically two large flavors of that. Right? There’s going to be all the agents that are proliferating from the big vendors, Salesforce, ServiceNow, Workday, etcetera, etcetera, etcetera. And mid to large organizations are clearly going to build a set of bespoke agents with kind of a genetic frameworks that they think are unique to their environment. So both flavors of agents, we think, are absolutely coming and coming at volume and scale. There’s a lot there’s a little bit of noise out there about bubbles and all that.

And our view is, look. What companies are doing is trying a lot of things and experimenting and trying to figure out what works. But our belief is, certainly, as we get into the next year, there’s going to be pretty widespread adoption. So there’s the AgenTeq adoption of our customers and what they need help in managing those identities just like they manage all other flavors of identities. A different but also important question is, are they going to trust that we in the security landscape are using AI effectively to provide the value we provide? And I think on that front, again, we’re doing a lot of work internally for everything from how we see patterns that might indicate there is a risk out there, how quickly we address concerns when they arise from customers by using LLMs ourselves to rip through lots of information and find out kind of root cause analysis of what might be going on.

So both are really important threads. They’re just kind of different. Is all the technology we’re building to help customers manage this agentic explosion in their environments. The other is all the ways we’re leveraging AI and various technologies inside our product line, including our own, you know, bespoke agentic technology for customers, Harbor Pilot, that’s called. It’s going to be a growing family of AgenTeq capabilities within SailPoint to address these problems. So I just wanted to tease apart. I think there’s both in there. I don’t know if you wanted to probe anymore in one or the other, but they’re both very important to us.

Junaid Siddiqui: Great. Thank you so much. That’s very helpful.

Mark D. McClain: Okay. You bet. Thanks.

Operator: Thank you. As a reminder, to ask a question, please press 11 on your telephone. Our next question comes from the line of Todd Weller of Stephens. Your line is open, Todd.

Todd Weller: Thanks. I’ll echo the congratulations. Good morning, and thanks for the question. Look. You robust set of new capabilities were launched at Navigate. Could you also talk about the potential for those to be a catalyst to drive more SaaS migrations? Then second question would be, last quarter, you talked about seeing an acceleration in legacy displacements. Just wanted to see if there was an update on what you’re seeing there.

Brian Carolan: Hi, Todd. It’s Brian here. I’ll start and then maybe hand it over to Matt for any additional color. So we actually had a very strong platform modernization quarter. When I say platform modernizations, these are customers that are migrating from our on-prem solution to ISC or Identity Security Cloud. All of our new offerings, they are SaaS, so they will be on the identity security cloud platform. So I think that’s really kind of the innovation carrot that we say in terms of customer see our vision and they see where we’re going to help them with their needs not only today, but also into the future. And we’ve actually seen when we migrate more than half of these migrations include emerging cross-sell modules. And that’s what drives really kind of the two to three uplift that we often talk about of the ARR that our on-prem customers are spending with us today in the form of typical annual maintenance.

We see a two to three x multiplier on that when they do migrate to Identity Security Cloud. The good news that, you know, there’s a strong amount of interest, and it’s still early. So we’ve only migrated about 15% of our historical maintenance base. And there’s still 85% to go. So we view that as actually nice tailwinds, you know, for the next two, three years at least. And I think that’s only going to compound with all these new product offerings and when customers need to, you know, meet the challenges of AgenTeq and observability and insights that we talked about earlier that Mark alluded to. So, again, we’re really excited about the possibility.

Operator: Our next question comes from the line of Ben Bollin of Cleveland Research. Your line is open, Ben.

Ben Bollin: Good morning, everyone. Thank you for taking the question. You touched a little bit on some pieces, but when you look at nonemployee risk management data access and machine identity, you mentioned that that doubled year over year. Can you talk about the contribution to ARR? Where does that stand today? And how do you think about that progression looking forward? And then a follow-up on Flex. What did duration of those contracts look like versus traditional deals? And how do the unit economics differ for the customer? Thank you.

Brian Carolan: Hi, Ben. It’s Brian here. So while we won’t talk specifically about the ARR number, it is doubling year over year. We also talked about how it contributes to our net revenue retention rate. It’s probably in the low single digits if you combine the full basket of all those modules combined. Which, again, it’s a high-growing, fast-growing basket of modules that’s getting strong adoption and attach rate. With respect to the flex model, the navigator model, this is going to be no different from any other SaaS arrangement for us. It’s typically an average of three years in length. And I think I mentioned earlier, this will be SaaS, and it will be ratably recognized.

Operator: Thank you. Our next question comes from the line of Joshua Tilton of Wolfe Research.

Joshua Tilton: Hey, guys. Thanks for sneaking me in here. Kinda wanna go back to the first question that was asked. And my question is, I’m trying to reconcile what is an incredibly positive earnings call and a customer base that is increasingly embracing, like, your new vision of identity with the lighter beat in the quarter. So my question really is, like, was there anything around fed? Or you keep emphasizing that it was a huge quarter for these platform migrations. Is there anything we need to understand about how term ARR becomes SaaS ARR as these migrations happen? Or is there anything around Fed or any other verticals you can kinda help us bridge, you know, what is an incredibly positively toned call. Kind of the lighter performance in the quarter, that would be very helpful. Thank you.

Brian Carolan: Josh, it’s Brian here. I think you need to step back and look at, you know, we’re guiding to an annual number. This number is greater than a billion dollars, and we’re beating on that. I think, you know, when you look at an beating on an annual number, you know, that’s like four x of quarterly guide. So 1% beat on, you know, an annual ARR number is like a 4% beat on a quarterly. That aside, I think you have to look at also the net new ARR performance. It was $58 million. That’s up 24% year over year. And the quality, which, by the way, that’s 20% above the guidance. I think you need to also look at the underlying quality of the beat, which, SaaS net new ARR grew 52% year over year. So we feel really good about the overall health of the business, surpassing a billion dollars.

Plus or minus 30% growth over the last eight quarters. While expanding margins nicely, and we’re flowing through the full beat. On ARR. So I would not interpret anything. We had a very strong quarter on a variety of fronts across all verticals. You know, Fed was strong. We did have, you know, some strong term revenue out of Fed. Some slightly longer durations. That aside, SaaS also performed extremely. Again, I mentioned the net new ARR being up 52%. With a very strong attach rate. So I think we sit here today in Q4, and we feel really good about the business.

Joshua Tilton: Appreciate the color. Loud and clear. Thank you so much.

Operator: Thank you. Our next question comes from the line of Gregg Moskowitz of Mizuho. Please go ahead, Gregg.

Gregg Moskowitz: All right. Thank you for taking the question. Mark, I wanted to ask about your Just in time capabilities and how additive you think they will be going forward to your customers and to SailPoint’s business more broadly? Also, how valuable will JIT be when it comes to agentic protection?

Mark D. McClain: Yeah. Thanks, Gregg. I think it’s too early for us to kind of give you any sense of what that looks like in a financial impact. As Brian commented, even some of these other market basket of newer things we’ve introduced are—we’re on such a large overall base now, even if they’re going quite well, they’re going to take a little while to have a financial impact. But that said, I think this trend is critical, and I’m really happy with a lot of the questions y’all are asking today because I think everybody’s tuning into it more and more that the world of kind of a static, we sometimes call admin time approach to identity governance is shifting to a real-time, just-in-time identity security posture. And that is no more important than in the realm of agentic because it hit machine speed, as it’s sometimes said, an agent that either goes rogue or has the potential to go rogue can do an awful lot of damage far faster than a human ever could.

We’re going to have to get very fine-tuned into understanding both the setup these things have, right, that configuration administration setup that what is this agent? Where did it come from? Even if it’s being created relatively transiently, where did it come from? What’s it designed to do? What’s its intent? Again, that’s a word I think we’re going to be talking more and more about. And then is anything going awry as that thing is working? And so our ability to sense changes, to detect potential anomalies, to look for patterns, is going to have to be increasingly real-time. And as we said on the earlier question, richly tied into the SOC. We aren’t going to have all those signals and patterns coming from the SOC just like they don’t have all the patterns and signals about the identity landscape.

But when we bring those together, in real-time, I think that’s where we’re going to really start to change the game for these customers that are trying to deploy this incredible new technology of LLMs and AI and agents but are still quite concerned about the risks that come along with that without good control. So I think it is kind of an inflection point shift in our landscape for the next few years. And you’ve heard it, but I’ll say it one last time. We don’t think there’s anybody better positioned than SailPoint to help customers navigate that journey and take advantage of these new technologies.

Gregg Moskowitz: Great. Thanks, Mark.

Operator: Thank you. I would now like to turn the conference back to Mark D. McClain for closing remarks. Sir?

Mark D. McClain: My closing remarks will be brief. Thank you all for joining us. We really appreciate all the interest and the questions. And as Brian said, we are very pleased with these results, and you’re getting a strong sense of our confidence heading into the end of the year. And look forward to, again, going deeper on some of these and follow-on calls with some of you and or at the conference tomorrow in San Francisco. So thanks for joining us. Appreciate everybody’s questions. Have a great rest of your day.

Operator: And this concludes today’s conference call. Thank you for participating. You may now disconnect.