2021 IDENTITY MANAGEMENT BUYER’S GUIDE...1 2021 IDENTITY MANAGEMENT BUYER’S GUIDE 2021 Solutions Review 500 West Cummings Park Woburn, Massachusetts 01801 USA IDENTIT MANAGEMENT

1

2021IDENTITY MANAGEMENTBUYER’S GUIDE

© 2021 | Solutions Review | 500 West Cummings Park | Woburn, Massachusetts 01801 | USA

IDENTITY MANAGEMENT BUYER’S GUIDE

2

Here’s what is at stake in 2021: data breaches could destroy your enterprise, regardless of its size or import. Even a single data breach could compromise millions of users’ personally identifying information—which could result in huge repercussions felt for years afterwards.

In fact, Ping Identity determined that 81 percent of consumers would stop engaging with a brand online after it suffered a data breach. Meanwhile, 63 percent of consumers believe companies, much like yours, bear responsibility for protecting their data.

While Ping Identity focused on consumer-focused enterprises, their findings easily apply to partners, businesses, and other users. Data breaches tarnish your brand’s reputation, and can create a cascading effect of more data exposures or breaches over time.

The primary cybersecurity tool you can use to prevent data breaches is identity and access management (IAM). Identity, more specifically identity authentication, now forms the digital perimeter once composed of (now-legacy) antivirus solutions. This digital perimeter serves as the main mechanism by which threat actors are kept out. Even if they do penetrate the perimeter, identity can constrain their permissions, limiting the damage they inflict on your network.

Moreover, identity also provides critical information for other cybersecurity solutions, including SIEM and Endpoint Security. Identity informs and strengthens user and entity behavior analysis (UEBA) and recognizes, stores, and monitors device identities. Both can help prevent external threat actors from penetrating your network or recognizing insider threats before they unfold.

No one can overstate the need for identity and access management, even for small-to-medium-sized businesses (SMBs). In fact, 82 percent of IT professionals say identity challenges and poor practices pose significant risks to their small businesses, according to LastPass. Additionally, 92 percent of SMBs deal with identity challenges in their environments.

Your enterprise needs an identity and access management solution. It’s the only tool for fully monitoring who accesses what, when, where, why, and how; how else can you be sure that your employees are who they say they are?

Hence our 2021 Identity Management Buyer’s Guide. In it, we compiled marketing materials, independent research, customer reviews, and more to give a full and balanced perspective on the top 29 Identity and Access Management solutions. We also provide our Bottom Line analysis for each vendor in 2021.

Ben Canner, EditorSolutions Review

MARKET OVERVIEW



3

5 Questions You Should Ask When Evaluating An Identity Management

Solution

On-premise solutions now fall squarely in the category of legacy solutions—in this case “on-premise solutions” refer to solutions that deploy on-premises, regardless of the enterprise IT infrastructure. Generally, enterprises now employ cloud-based or at least hybrid environment, which integrates optimally with cloud-based solutions. Additionally, your enterprise should consider whether cloud-based identity would deploy faster and reduce costs regarding scalability.

Some of the solutions included in this guide are simple point solutions that will provide smaller organizations or groups with the basic benefits of Identity and Access Management and can be integrated internally with their existing systems in a more ad-hoc manner. Others are larger, more ambitious platform-based solutions that come fully integrated with broad functionality, but bring greater expense and higher switching costs.

Cloud-based Software-as-a-Service (SaaS) applications have transformed the business world and complicated modern IAM solutions. According to Thycotic, 70 percent of enterprises will embrace SaaS by this year. Therefore, IAM solutions are now building libraries of thousands of applications with which they can support or integrate.

When researching new enterprise technology solutions, it’s always a good idea to gaze into the crystal ball and try to gauge what you might require in an identity solution down the road. Is the solution simple to implement across disparate systems? Is it scalable? Is it well supported with fixes, updates, and new releases? Will your solution be developer-friendly and cost-effective for the duration of its deployment? Even the simplest capabilities are important.

Our list of IAM solution providers contains some of the largest technology companies in the world. It also contains young, small, and aggressive companies that may bring a very different sales and service mindset to the table. Before going into the buying cycle, you should have an idea which type of vendor you’d like to work with. Remember, for better or worse, the vendors you pick today could be the partners you can’t live without in a few short years.

Should we go with an on-premise solution or a cloud-based IAM provider?

Do we need a point solution or a full platform?

What applications do we need our Identity Management solution to integrate with or support?

What business trends impact our needs today? How about in 5 years?

What size company do I want to work with?



4

5 Questions You Should Ask Your Potential Identity Management Solution

Provider

Each solution brings a different, strongly-held view of the best way to deliver IAM. Make your prospective vendor take a stand and expand on their model while defending that position against other options. Ask your prospective vendor about their ability to support password, soft-token, hard-token, biometric, and out-of-band mobile device authentication. More authentication possibilities can mean more flexible identity policies for your business.

The need for partners or contractors to securely access internal business applications is becoming a daily reality for many enterprises. The need to provide employees with access to external systems, such as outsourced human resources applications, has created a genuine demand for Federated Identity Management (FIM). If it is not an immediate requirement, FIM is certainly something to consider as you grow.

The benefits of single sign-on (SSO) are overwhelming; reduced password fatigue, reduced time spent re-entering passwords, and reduced IT costs. Ask prospective vendors about their relationship to SSO, the applications they support, and their plans for the future if they do not currently support SSO. Chances are they do, and thus the question becomes how their single sign-on compares to others’.

If you’re committed to providing employees, vendors, and consumers access to systems from anywhere, at any time via a bring-your-own-device (BYOD) policy, then you need to understand what a prospective IAM solution provider can support in regard to mobile devices. If your organization has made a commitment to a BYOD policy, then you’ll need to understand whether an IAM solution can support not only iOS, but Android, Windows, and Blackberry as well.

At some point, you’ve got to get to the bottom line. This can be tough as IAM solutions often have very complex pricing structures. Be persistent. There’s a wide range of sophistication in the solutions we’ve selected, and there’s also a wide variety of pricing models. Some will include line items for various options and others will charge a simple per-user fee. Get an apples-to-apples comparison by building a cost model through a “per-user-per-month” approach.

Can you describe your solution’s ability to support various authentication methods?

Can you explain how Identity Federation does or does not fit into your proposed solution?

How does your Identity Management Solution enable or improve web-based Single Sign-On?

How do you manage access from mobile devices? What operating systems do you support?

How is your solution priced?



5

Is there a significant difference between traditional IAM and Customer Identity and Access Management (CIAM)?

This is one of the most contentious questions we here at Solutions Review have faced in our research into the modern identity and access management market. We frequently see vendors contend that CIAM is a separate category from traditional IAM, in the same way identity governance and administration (IGA) and privileged access management (PAM) are their own subfields. Just as frequently, we see vendors argue that CIAM is simply IAM applied differently— consumer-facing rather than internally-facing.

CIAM and IAM share similar key capabilities, including: • Single Sign-On• Authentication Protocols, including MFA• Access Management• Identity Behavioral Monitoring• Centralized, Universal Directories• Lifecycle Management• Authorization• Federation

The key difference between the two might be one of priority, which comes as a consequence of the user populations IAM and CIAM respectively serve.

IAM is focused on protecting the identities of your employees and privileged users, and thus it prioritizes security over convenience. In fact, some identity management experts contend that convenience shouldn’t even be in the same conversation as authentication or identity security. Since there are no compromises on the physical security to enter a vault, there shouldn’t be any compromises on digital security, or so the argument goes.

This argument makes sense. After all, the goal of traditional IAM is to prevent credential abuses by both internal and external actors and therefore prevent data breaches. Multifactor authentication (MFA) fits with this scheme. However, the experts’ argument falls somewhat flat when discussing CIAM.

CIAM does provide security to protect consumers’ identities but it has to balance security with a smooth, pleasant customer experience.

Security flaws and data breaches have been proven to provoke customer abandonment. However, security protocols implemented through third-party portals or extensive authentication procedures are usually clunky and obnoxious for customers. They often abandon their digital transactions rather than suffer an inconvenience. By the same token, customers overwhelmingly pay more for pleasant customer experiences and complain that there aren’t enough of them.

Is CIAM The Right Choice for You?



6

Therefore, CIAM interfaces need to feature easy registration, login, and account managementfunctions. It can embrace social sign-on—using social media account credentials as login authentication factors—and passwordless authentication where IAM can’t.

On the other hand, considering CIAM as a separate field doesn’t take into account IAM’s granularity. In this scheme, each database in your network is fortified differently with different permissions and authentication procedures depending on their value. Consumers would, therefore, have the lowest level of security requirements since they technically have the lowest level of clearance in your network. After all, you wouldn’t let a customer see your enterprise’s financial statements, would you?

If that perspective holds true, CIAM would just be another facet of IAM. But then again, some IAM solution providers position themselves as CIAM-focused. If you are a consumer-facing business, wouldn’t you want to know which vendors can provide you with the capabilities you need to facilitate your sales?

As a middle ground for this debate, we’ve designated the vendors in the Solutions Review Identity and Access Management Buyer’s Guide that either focus on or provide CIAM capabilities using the symbol provided below.

Is CIAM The Right Choice for You?

This solution offers CIAM

Map Key



7

Solution Provider Profiles

9 .......................................................................................

10 .....................................................................................

11 .....................................................................................

12 .....................................................................................

13 .....................................................................................

14 .....................................................................................

15 .....................................................................................

16 .....................................................................................

17 .....................................................................................

18 .....................................................................................

19 .....................................................................................

20 .....................................................................................

21 .....................................................................................

22 .....................................................................................

23 .....................................................................................

24 .....................................................................................

25 .....................................................................................

26 .....................................................................................

27 .....................................................................................

Avatier

Auth0

Broadcom

Curity

Fischer Identity

ForgeRock

FusionAuth

Groove.id

HID Global

IBM

Identity Automation

Microsoft

My1Login

Micro Focus

Okta

Omada

One Identity

OneLogin



8

Solution Provider Profiles

28 .....................................................................................

29 .....................................................................................

30 .....................................................................................

31 .....................................................................................

32 .....................................................................................

33 .....................................................................................

34 .....................................................................................

35 .....................................................................................

36 .....................................................................................

37 .....................................................................................

38 .....................................................................................

39 .....................................................................................

40 .....................................................................................

Optimal IdM

Oracle

Ping Identity

Radiant Logic

RSA

Sailpoint

Salesforce

Saviynt

SecureAuth

SecZetta

Simeio

Ubisecure

Tools4Ever



9

With their flagship Avatier Identity Anywhere platform, California-based solution provider Avatier offers a suite of independently-licensed identity and access management products focused on offering usability and quick time-to-value. Avatier’s most prominent strength is its unique approach which extends its IAM automation and self-service capabilities beyond the traditional enterprise use-cases. Their solutions can help enterprises automate IT operations, conduct access certifications, and IT audits from any endpoint device regardless of its location in relation to the business premises, and approve and revoke access for later review. Avatier also allows for delegation of identity security, management administration, password management, and single sign-on.

Key Features

Avatier4733 Chabot DrPleasanton, CAUnited States

+1 (800) 609-8610www.avatier.com

Bottom LineAvatier’s Identity Anywhere solution is a strong choice for small to mid-sized businesses (SMBs) looking for a simple, manageable product with relatively easy, low effort maintenance demands and a focus on self-service capabilities. However, larger enterprises and SMBs have both found Avatier satisfactory to their identity security needs. As an added bonus, Avatier’s interfaces support dozens of languages, including nearly every European language, supporting enterprises’ global footprints. Avatier is small and easy to work with, which can make their support system feel friendlier and more engaging in comparison to others.

Encryption Key RotationThe rotation of encryption keys for secure data and the planning of how often an organization rotates keys are now available with Avatier Identity Anywhere along with two-factor, multifactor, and two-party recovery in the event the unique encryption keys are lost. Also, it enables password management and password rotation.

Automated User ProvisioningAvatier provides extreme flexibility in user permissions provisioning, emphasizing inexpensive configurations rather than labor-intensive custom coding support. By automating the process, it allows IT security teams to prioritize investigations and evaluation of necessary access parameters by role. It also facilitates total lifecycle management.

24/7 OperationsWith Identity Anywhere, critical administrative actions like resetting passwords, unlocking accounts, deleting users, and disabling access are all 24/7 operations. This allows for a more flexible digital perimeter and for a more global workforce, in turn creating opportunities for technology scaling. It also enables Access Certification at any time.



10

Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Auth0 values simplicity, extensibility, and expertise enable security and application teams to make identity work for everyone in their organizations. Auth0’s Authentication platform features frictionless logins, Single Sign-On, while its Access Management Platform offers API Authorization and RBAC. Its authentication capabilities include diverse options such as Step-Up and adaptive multifactor to fir with unique use cases.

Key Features

Auth010800 NE 8th St

Bellevue, WAUnited States

+1 (888) 235-2690www.auth0.com

Bottom LineAuth0 appears in the 2020 Gartner Magic Quadrant as a Challenger, in part because of its CIAM capabilities and offerings. Customers’ praise its ABAC for machine-to-machine access, its authentication, and its Single Sign-On integration. Recently, Okta completed its acquisition of Auth0 for $6.5 billion, promising unique and powerful future technology integrations for identity management.

PasswordlessLock Passwordless is an embeddable widget that encapsulates the best practices for authentication with SMS and Email for Desktop, Tablet, and Mobile Devices.

User ManagementDeliver frictionless registration and login experiences. Enable users to create accounts, use social providers, or, for your enterprise customers, to federate easily with their identity provider.

Universal LoginAuthenticate users across all of your applications with your own custom, secure, and standards-based unified login.



11

Since acquiring CA Technologies in 2018, Broadcom has folded CA Technologies’ end-to-end Identity Management portfolio with its Identity Suite, Secure Cloud IDaaS solution, Single Sign-On, Advanced Authentication and Privileged Access Management Capabilities. In fact, they renamed their CA Technologies portfolio to the Layer7 Identity Management solution. Layer7 provides an integrated solution for on-premises and cloud application provisioning and governance that manages user identities throughout their entire lifecycle. Broadcom’s identity management also increases audit and compliance efficiency through streamlined governance campaigns. Additionally, it helps manage identities with consumer-grade scalability and real-time policy enforcement.

Key Features

Broadcom1320 Ridder Park DrSan Jose, California

United States+1 (408) 433-8000

www.broadcom.com

Bottom LineBefore its acquisition, CA Technologies was named to the Gartner 2018 Privileged Access Management Magic Quadrant as a Leader. In 2019, they received attention as a Visionary in the Gartner Magic Quadrant for Access Management; since Broadcom incorporated CA Technologies’ portfolio into their own, they should have the capabilities to protect complex and demanding environments. Broadcom emphasizes their automated risk mitigation and scalability as well as their protection of hybrid enterprise IT environments. They continue to mature their PAM capabilities for enterprises.

Host-Based Access Control Layer7 protects critical servers with fine-grained security controls. It’s host-based access control protects and monitors files, folders, processes, registries, and connections; it can also manage and enable UNIX and Linux users to be authenticated using the active directory.

Layer7 Identity Suite This provides comprehensive identity management and governance capabilities through the user experience. As such, it seeks to simplify processes like access requests and access certifications. The Identity Suite also performs risk analysis and certification, enabling remediation actions.

Layer7 SiteMinderThis single sign-on capability simplifies access across cloud, mobile, Web applications, and more. It also provides dynamic scaling support for flexibility in controlling access management, with options for agent and gateway-based policy enforcement points.



12

Curity serves as a major supplier of API-driven identity management, providing unified security for digital services. The Curity Identity Server operates as an OAuth and OpenID Connect Server; enterprises can use it for logging in and securing users’ access to web and mobile apps over APIs and microservices as the business scales. Also, the Curity Identity Server is built upon open standards designed for development and operations. The provider can address the enterprise-grade API security needs of organizations in financial services, telecom, retail, energy, and government services.

Key Features

Curity4126 Pond Hill RdShavano Park, TX

United [email protected]

Bottom LineThe Curity Identity Server offers a combination of IAM and API management. The server’s flexibility and scalability make it a strong choice for organizations providing an extensive number of digital services to different kinds of users, both internally and externally. Curity’s solution allows customers full control of the security platform, offering the necessary tools to handle the complexities of identity security standards. Curity offers a straightforward pricing structure with a flat annual subscription including unlimited number of users and servers and instant-message Slack support.

Token-based API SecurityTokens play a central role in establishing trust and ensuring the API has enough information to make the right access decision, every time. The Curity Identity Server allows for the design and customization of tokens to suit your each app and API’s specific need. Curity’s technology allows customers to fully leverage the OAuth and OpenID Connect standards for distributed authorization, and enables users to build many APIs quickly without impacting security.

Deploy on Any PlatformThe Curity Identity Server can be deployed in any cloud platform, as well as on corporate servers. Enterprises can integrate into CI/CD pipelines with its multi-faceted management capabilities. Also, it provides ready-made Docker images and Kubernetes Helm Charts and allows for a Curity cluster setup in a few minutes—with linear auto-scaling and without inter-node dependencies.

Flexible AuthenticationThe Curity Identity Server powers centralized advanced authentication. Its authentication multiplexor can be configured to meet the needs of applications or websites alike. The Server allows for customized authentication workflows, comes with ready-made authentication methods, and enables many use cases including tailor-made login experiences, SSO and multifactor authentication.



13

Based out of Florida, Fischer International provides their IAM solution: Identity as a Service (IaaS), an enterprise-grade full-suite identity solution for either your private cloud or on-premise servers. Fischer Identity offers user provisioning for end-user full-life cycle management, access governance, self-service password management, SSO/Federation and five factor authentication to securely manage identities in complex corporate environments. Fischer also offers complete audit logging, over 100 out-of-the-box reports, a complete connector library included in every license purchase and easy-to-use dashboards. Fischer utilizes point and click configurations to eliminate the need for custom code development and programming.

Key Features

Fischer Identity9045 Strada Stell Ct

Naples, FLUnited States

+1 (239) 643-1500www.fischeridentity.com

Bottom LineFischer’s full IAM suite capabilities will match the needs of SMBs and larger enterprises alike, especially those concerned with insider threats. Fischer’s authentication architecture should eliminate the need for customization, ideal for those looking to set their privileged access management controls without hassle. Fischer Identity’s flexibility allows for control and privilege and access monitoring delegation, so your IT security team or Help Desk can intervene when needed. Their compliance capabilities should enable enterprises in all industries to mandate proper reporting and evaluation.

Access GovernanceFischer conducts an initial compliance assessment followed by recertification reviews to attest to employees’ access to all of their applications from an actionable portal, allowing for role-permissions evaluation and actionable insights.

Password ManagementFischer Identity’s tools allow users to create their own profiles for self-service password resets, alleviating some of the burden on your IT Help Desk, and enables your Help Desk to perform “On Behalf Of” password management in distinct situations.

Automated User ProvisioningFischer Identity’s solutions can automatically detect user additions and modifications to their permissions and accounts, and grant appropriate access across one or more systems so administrators can flexibly control access across the enterprise.



14

Norwegian-based IAM provider ForgeRock offers a unique entry to this list in that it offers one of the only open source IAM platforms on the market. The ForgeRock Identity Platform is built on Sun Microsystem’s open-source IAM projects and includes a set of APIs, allowing for the efficient and rapid development of new services ready for deployment in the cloud. As of 2019 and 2020, ForgeRock also offers the ForgeRock Identity Cloud platform, aimed at helping protect identities on public cloud, on-premises, or hybrid environments. ForgeRock continues to innovate its authentication tools; it continues to innovate eliminating usernames and passwords.

Key Features

ForgeRock201 Mission St

San Francisco, CAUnited States

+1 (415) 599-1100www.forgerock.com

Bottom LineForgeRock’s innovative track record and focus on scalability makes it ideal for organizations requiring large solution deployments. It is affordable and has advanced support for IoT when compared to competitors. For 2020, it released its ForgeRock Identity Cloud, which may prove critical as enterprises migrate to the cloud. Additionally, it appeared in the Gartner 2020 Access Management Magic Quadrant as a Leader. ForgeRock’s open-source nature allows for a high degree of flexibility and scalability. Recently, ForgeRock raised $93.5 million in a Series E funding round.

Directory ServicesForgeRock’s solution offers an open-source, lightweight, embeddable directory that can easily share real-time customer, device, and user identity data across enterprise, cloud, social, and mobile environments. This can enable the security of remote workforces and the decentralization of work processes.

Granular IoT Authorization ControlForgeRock offers control over information sharing empowers users with delegated authorization of their data between cloud, mobile, and IoT, helping enterprises handle hybrid and cloud environments. It can facilitate self-service identity management while maintaining centralized monitoring.

Access ManagementForgeRock provides an all-in-one access management solution with the adaptive intelligence to continuously protect against risk-based threats and drive user personalization across users, devices, and things. It also offers a centralized gateway for applications and application monitoring.



15

FusionAuth is a single-tenant CIAM solution for enterprise web and mobile applications. Built for developers, FusionAuth’s REST API is designed to scale from 1 to 1 billion users without creating complications in service. REST API installs with one command to provide secure on-premises or private cloud identity with login, registration, multifactor authentication, single sign-on, email templates & localization, role-based access control, and brute-force detection. FusionAuth also offers flexible password controls to simplify user provisioning and migration. Their intuitive web-based user management interface provides user reports, moderation, reward/discipline, user search & segmentation features.

Key Features

FusionAuth1630 Welton St

Denver, COUnited States

+1 (720) 352-1193www.fusionauth.io

Bottom LineFusionAuth’s REST API installs on macOS, Linux, Windows and cloud servers with no differences in service or security quality. Their pre-built client libraries allow developers to quickly integrate the solution with popular programming languages, and their detailed documentation defines the methods and parameters available to enterprises. The full FusionAuth platform is free for unlimited users with paid support and cloud hosting options available. Their multi-application support capabilities and structures makes it a strong choice for companies consolidating multiple user databases.

Complete User ManagementFusionAuth’s customer identity and access management enables enterprise IT and security administrators to manage individual users and groups with role-based access control, search & segmentation, moderation and reward/discipline capabilities and tools.

AuthenticationFusionAuth’s CIAM solution provides today’s most trusted tools for secure registration, login, single sign-on, and multi-factor authentication. It is capable of working on and with platforms as diverse as OAuth2, OpenID Connect, in addition to Authenticator apps and push MFA.

Always Single-TenantUsers and data are securely isolated from multi-tenant platform breaches and hackers targeting mass-market solutions. Additionally, it provides complete control of your data and physical server location and can be installed on macOS, Linux, Windows and cloud servers, benefitting remote workforces.



16

Formerly Crossmatch, HID Global offers an array of solutions ranging from biometric sensors and read modules; these include OEM embedded reader modules and finished desktop readers that validate identity using fingerprints or hard tokens. HID Global’s solutions can integrate into existing business systems, both analog and digital. Its solutions feature advanced multifactor authentication, credential management, and analytics. A philosophy of Zero Trust drives its innovations and facilitates digital certification. HID Global also provides access control systems with support for a wide range of credential technologies. Also, they tailor its specific solutions to match with different verticals and use cases.

Key Features

HID Global611 Center Ridge Dr

Austin, TXUnited States

+1 (512) 776-9000www.hidglobal.com

Bottom LineHID Global aims to move customers beyond passwords by presenting users with a range of more convenient (and secure) authentication options while simultaneously driving those options to end-users through context and policies. Specialized solutions for government, defense, and law enforcement make HID Global an attractive solution for both public sector users and mid-sized enterprises. Recently, it extended its passwordless FIDO2 Authentication across the workplace.

Automated Identity Lifecycle ControlHID Global offers enterprise-grade, large scale- solutions to automate the identity lifecycle of users for data and workplace access; it simplifies the issuance and management of authenticators and digital certificates. Also, it can help reduce regulatory risk and ensure compliance through auditable trails.

Biometric SecurityHID Global’s biometric security works for both analog and digital endpoints and resources. It allows for workforce insights both in the physical and cyber realms; further, HID Global can provide customized versions of its biometric authentication for different industries including banking and healthcare.

Advanced Multi-factor AuthenticationHID Global implements a layered Zero Trust security approach to assist enterprises’ transitions beyond single-factor authentication. Its multifactor authentication can secure all IT infrastructures and facilitate frictionless and flexible authentication options.



17

Well known for its security analytics, IBM entered the IDaaS market in 2014. Since then, IBM has established itself in the market with its Cloud Identity Service product; a cloud-based identity and access management solution which offers multifactor authentication, SSO, and user lifecycle management. IBM offers their Cloud Identity Service as a multi-tenant model, though some components can be delivered in a dedicated model. Additionally, the IBM Security Identity Governance (ISIG) platform provides strong end-to-end user lifecycle management as well as identity analytics and enhanced password synchronization. IBM’s products typically offer deep functionality and strong connectivity with a broad range of complementary products.

Key Features

IBM1 New Orchard Rd

Armonk, NYUnited States

+1 (800) 426-4968www.ibm.com

Bottom LineIBM’s identity solutions are ideal for large organizations with global footprints. IBM remains a recognized cybersecurity solution provider currently in the market. Therefore, IBM’s design accommodates complex deployments with its threat intelligence and staff. IBM appeared in the Gartner 2019 Critical Capabilities for Identity Governance and Administration. They also appeared as a Leader in the 2019 Gartner Magic Quadrant for Identity Governance and Administration and a challenger in the 2020 Gartner Magic Quadrant for Access Management. IBM was named a Leader in The Forrester Wave for Risk-Based Authentication, Q2 2020.

IBM Security Access Manager IBM allows organizations and enterprises to take back control of their access management system within a single integrated platform. This allows enterprise security administrators to manage access across many common scenarios and use-cases and restrict it in cases of unnecessary privileges.

IBM Security Identity Manager IBM enables organizations and enterprises to drive effective identity management and governance across the enterprise, replacing legacy identity governance platforms and strengthening compliance efforts.

IBM Security Identity Governance and Intelligence IBM provides access risk assessment and mitigation using business-driven identity governance and administration. IBM also offers end-to-end user lifecycle management, including onboarding and off-boarding provisioning for both user satisfaction and security.



18

Based out of Texas, Identity Automation’s signature RapidIdentity product supports identity governance and administration capabilities, automated provisioning, access and account management in both on-premise and as-a-service deployments. The solution also boasts secure single sign-on access to nearly any enterprise system, multifactor authentication across all applications and databases, and time-based access expiration. In addition, Identity Automation provides provisioning, de-provisioning, dynamic role management, and granular group management. The RapidIdentity solution is also offered in several different editions, each specialized to suit the authentication and compliance demands of specific business verticals.

Key Features

Identity Automation7102 N Sam Houston Pkwy W

Houston, TX United States

+1 877-221-8401www.identityautomation.com

Bottom LineIdentity Automation’s RapidIdentity is a smart choice for organizations and enterprises of all sizes looking to replace legacy identity and access management solutions or home-grown tools with a new next-generation system. Rapid Identity can be deployed in a matter of weeks, rather than months or years. Identity Automation offers a broad set of out-of-the-box and configurable capabilities. Identity Automation’s history of successful deployments in higher education and local government environments makes their solution ideal for mid-sized to large enterprises. They received an honorable mention in the 2019 Gartner Magic Quadrant for IGA.

Multi-Factor Authentication Identity Automation enhances security with multifactor authentication across all applications, databases, and portals. It serves to eliminate the hassle of having to maintain a separate and dedicated token system as part of this multifactor authentication system.

Comprehensive Identity Governance & Compliance RapidIdentity grants your IT department and managers clear insight into which employees have what access, and ensure security through time-based certification, sponsorship, and re-attestation. It also automates and streamlines the process of provisioning, deprovisioning account changes, and granting new access rights for all users.

Single Sign-On Identity Automation’s RapidIdentity boosts employee productivity with single sign-on access to every on-premises or cloud-based enterprise system. An easy-to-use online portal grants employees one-click access to any connected system.



19

Easily the biggest name brand in this 2020 Identity and Access Management Buyer’s Guide, Microsoft has worked to strengthen its IAM capabilities since entering the IDaaS market in 2014. They continue to innovate and upgrade its Azure Active Directory (AAD) Premium service. AAD offers comparable capabilities to other major IDaaS offerings and includes access to Microsoft Identity Manager products and other SaaS applications for use with its on-premise systems. Microsoft also offers active directory services, federation services, multi-tenant support, and cloud-based directory services all bundled with EMM and rights management and supported by 28 data centers around the world. Additionally, it provides conditional access and multifactor authentication.

Key Features

MicrosoftOne Microsoft Way

Redmond, WAUnited States

+1 (425) 882-8080www.azure.microsoft.com

Bottom LineMicrosoft makes a strong choice for enterprise customers deeply familiar with Microsoft’s ecosystem, or who already use Microsoft’s Azure cloud PaaS service. It will also suit those who are looking for basic identity management capabilities. The vendor continues to mature their multifactor authentication, device registration, and self-service password management. In fact, Microsoft works to eliminate passwords altogether, which was acknowledged in the Gartner 2019 Magic Quadrant for Access Management. Microsoft was named a Leader in that report.

Fast Onboarding Microsoft’s identity security options offer access control policies based on factors including location, application sensitivity, and device state to incorporate a “soft” multifactor authentication system into authentication considerations. This allows for flexibility while maintaining consistency in authentication policies.

Advanced Monitoring Microsoft also offers cloud-based, robust analytics and machine learning to provide meaningful insights and risk-based automated policies that can help protect your employees’ and users’ identities from future threats.

Private Cloud Architecture Azure Active Directory provides secure single sign-on to enterprise cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box. This facilitates security and workflow speed.



20

My1Login seeks to utilize Single Sign-On (SSO) and Privileged Password Management that works with all application types by controlling user access and centralizing identity. The SSO solution works for web, mobile, and non-browser applications in all kinds of architecture. Their Password Manager solutions offers SSO without revealing credentials, audited access to privileged accounts, and permission-based sharing. Additionally, My1Login integrates with web apps, virtualized apps and even Windows desktop apps without requiring APIs. Thus they can provide SSO seamlessly linked to the user’s directory login. My1Login has no ability to access customer data since this is encrypted client-side, using keys that are safely secured inside the customer’s environment.

Key Features

My1Login324 Regent St

LondonUnited Kingdom

+44 141 427 0454www.my1login.com

Bottom LineThe potential of client-side encryption could create appeal for My1Login’s Single Sign-On and Privileged Password Management solutions among security forces, the public sector and financial services organizations. Also, its automated user provisioning for account lifecycle management makes My1Login well-suited to mid-market and larger enterprises, especially as My1Login seeks to minimize IT admin workloads. My1Login was named a Finalist in the SC Europe 2020 awards for Best Identity Management Solution.

Zero User InterfaceThe My1Login Zero User Interface can be deployed to run in the background, meaning no change to user behaviors and no training is required for optimal performance. Alternatively users can be provided with a web-based vault, which requires a very simple self-enrolment process.

Phishing ProtectionMy1Login can integrate with your corporate directory for immediate user provisioning. It uses cloud-based Identity as a Service (IDaaS) and can thus automatically discover and integrate new applications. This allows for deployment which accelerates time to value.

Client-Side EncryptionEven as a solution provider, My1Login has no access to the encryption keys that protect customer data, offering a secure protocol as part of its multi-perimeter security. It uses AES 256-bit “strong” encryption. Without the encryption key, it is impossible to decrypt stored login details.



21

Micro Focus owns the NetIQ identity and access management suite, a highly scalable set of solutions. This suite is offered with several optional add- ons, such as Access Review—an identity governance add-on—and the NetIQ Access Governance Suite (AGS). Micro Focus’s Identity Manager centralizes enterprise access administration and ensures that every user has one singular identity— from your physical and virtual networks to the cloud—with a highly flexible solution and strong provisioning capabilities ideal for a variety of business use cases. As such, Micro Focus can monitor and record all enterprise users’ activities within the provisioned systems. Micro Focus appeared in the 2020 Gartner Magic Quadrant for Access Management.

Key Features

Bottom LineThrough the NetIQ suite, Micro Focus offers a robust yet affordable identity governance and administration-focused solution with a large network of channel partners, ideal for small to mid-sized businesses. Recently, they appeared in the Gartner 2019 Critical Capabilities for Identity Governance and Administration report; moreover, they were named as a Challenger in the 2019 Gartner Magic Quadrant for Identity Governance and Administration and a Visionary in Gartner’s 2019 Access Management Magic Quadrant.

Identity GovernanceMicro Focus provides a comprehensive identity governance solution that provides a business-friendly interface built on a common governance model that spans all of your business processes relating to identity, access, and certification.

Advanced Authentication Micro Focus also provides an intelligent and flexible multifactor authentication solution built to meet today’s enterprise-level challenges and scale with your enterprise. It can also harden your environment and integrate with Azure MFA capabilities.

Access Manager Micro Focus offers a simple yet secure and scalable solution that can handle all of your enterprise’s web access needs without bogging down employees’ work processes with unnecessary security authentication demands.

Micro FocusThe Lawn 22-30 Old Bath Rd

Newbury, BerkshireRG14 1QN

United Kingdom+44-(0)-1635-565-200www.microfocus.com



22

Okta’s Identity-as-a-Service (IDaaS) offering boasts one of the fastest-growing customer bases in the market and the funding to match. The Okta Identity Management Service provides centralized directory services, single sign-on, strong authentication, provisioning, workflow, and reporting. All of this is delivered as a multitenant IDaaS with some components operating on-premise. In addition to their strong industry-standard IDaaS capabilities, Okta also provides MDM and phone-as-a-token authentication capabilities for multifactor authentication policy implementation. Okta features a broad partner-ecosystem; they recently opened an EU-based data center, expanding their potential user base. They appeared in multiple security analyst reports.

Key Features

Okta301 Brannan St


+1 (888) 722-7871www.okta.com

Bottom LineOkta’s lightweight, multi-tenant delivery model is highly scalable, and therefore ideal for organizations with simple identity administration and provisioning capabilities. Their new data centers make the company an ideal IDaaS solution for small to mid-sized businesses on either side of the Atlantic. They appeared in the Forrester Wave for IDaaS for Enterprise, Q2 2019, as well as a Leader in the Gartner 2019 Magic Quadrant for Access Management. Gartner noted their market responsiveness and extensibility in authentication.

Contextual Access PoliciesThis enables your IT security team to allow, deny, or require step-up authentication for access to different applications and on-premises systems based on contextual data about the user, device, network, location, and resource in question. Also, Okta allows for the automation of identity life-cycles with any business process for external and internal users.

User Friendly AuthenticationOkta secures access for all users with two-factor authentication via Okta Verify OTP, included for all single sign-on users. This aims to balance strong security with smooth authentication experience to facilitate work processes without interruption.

Single Sign-OnOkta provides reliable integration for always-on single sign-on to all your enterprise’s web and mobile apps, with a full-featured federation engine and flexible access policy. Also enables better workflow as employees are undeterred by multiple login requests.



23

Omada has nearly 20 years in the identity and access management field. The Omada Identity and Omada Identity Cloud provide an enterprise platform for identity management and identity governance that is available as a comprehensive system. Omada features a flexible data model, excellent dashboards and powerful reporting capabilities, including closed loop reporting. User-facing elements of all identity lifecycle scenarios support a flexible data model for user entitlements. Omada also offers specific provisioning services and industry-tailored solutions for several verticals including Banking and Finance, Life-Sciences, Manufacturing, Public, Utilities, and Retail.

Key Features

OmadaOesterbrogade 1352100 Copenhagen

Denmark+45 7025 0069

www.omada.net

Bottom LineOmada’s highly vertical-specific solutions make them an interesting vendor for organizations in the Banking and Finance, Life-Sciences, Manufacturing, Public, Utilities, and Retail space; due to its strength in reporting, Omada is highly recommended for organizations with a high level need for governmental or industry auditing and compliance. Enterprise-level deployments may require more hardware than smaller ones, but the user interface is intuitive and even more complex deployments are fairly straightforward comparatively. Their Identity Governance has been recognized by Gartner as a Leader in the 2019 IGA Magic Quadrant.

Reporting and Attestation Omada provides a dynamic and adaptable (yet fully integrated) enterprise platform for both identity management and identity governance enabling efficient governance reporting, attestation, and identity administration. This assists with compliance mandates and processes.

Automation Omada automates compliance alerts and remediation tasks to appropriate business roles in your organization such as security officer(s), system owners, and managers to allow for misaligned privileges rescinding. Automation can alleviate workflow burdens in your IT teams.

Identity Governance and Administration Omada provides an integrated identity governance and administration solution that includes closed loop auditing processes and advanced reporting for industry compliance and internal evaluations. This includes onboarding and offboarding as well as lifecycle management.



24

One Identity offers solutions with a modular and integrated approach to user account management that provides rapid time-to-value. One Identity does this by offering comprehensive functionality that allows customers to build on their existing security investments. One Identity Manager offers different solution “editions” offered to different industry verticals, including but not limited to communications, banking, insurance, and media services. Their primary strengths include governance, policy management, workflow capabilities, and strong out-of-the-box capabilities. As of time of writing, One Identity Manager is offered in 13 languages, and enjoys a strong popularity in overseas markets as a partial result.

Key Features

One Identity+1 (800) 306-9329

www.oneidentity.com

Bottom LineOne Identity’s strong out-of-box governance capabilities make the solution an ideal fit for organizations looking for a strong governance solution with good SAP integration and DAG integration. It appeared in the 2019 Gartner Critical Capabilities for Identity Governance and Administration and as a Leader in the respective Magic Quadrant. It was also named an Overall Leader in KuppingerCole in the 2020 Identity Governance and Administration Leadership Compass.

GovernanceOne Identity provides auditors with detailed, real-time governance reports that includes information about what resources are in your environment, who has access to them and when, and why that access was granted and terminated. This allows for easier evaluation and possible rescinding or provisioning as users need and your administrators determine.

Self Service Access PortalOne Identity reduces IT effort via a customizable online intuitive “shopping cart” portal, which enables users to request access to network resources, physical assets, groups and distribution lists. It also controls access rights and permissions for their entire identity lifecycle while leveraging predefined approval processes and workflows.

Risk ReducerThe One Identity Identity Manager seeks to mitigate risk through observing the Principle of Least Privilege. It can also integrate policies for all non-privileged and privileged users and automates enterprise provisioning.



25

California-based OneLogin provides on-demand IDaaS solutions consisting of single sign-on, multi-factor authentication, directory integration, user provisioning capabilities. They also include a catalog of pre-integrated applications. OneLogin is provided via a multitenant architecture and provides strong capabilities and support for access management policy administration, user directory integration, and end-user self-service. As major proponents of the OpenID Native Applications Working Group (NAPPS), OneLogin has taken a standards-based approach to application integration and established itself as a thought leader in the field of authentication. Recent innovations have reinforced this perception, especially in MFA.

Key Features

OneLogin100 California St

San Francisco, CA United States

+1 (855) 426-7227www.onelogin.com

Bottom LineOneLogin makes an excellent IDaaS solution for organizations of any size looking for powerful SSO, directory, and MFA capabilities. Its support is highly user focused, and it deploys well with only minimal adjustments. They recently updated its OneLogin Protect authenticator solution and improved its multifactor authentication to increase its security and customization capabilities. This vendor appeared in the Forrester Wave: IDaaS for Enterprise, Q2 2019, and as a Leader in the 2020 Gartner Magic Quadrant for Access Management.

Unified DirectoryOneLogin acts as your secure directory in a cloud environment with a web-based interface that allows you to manage users, their manager relationship, authentication policies, and access control comprehensively. This can benefit both on-premises and remote workforces.

Real-Time User Provisioning and Mobile IdentityOneLogin allows for the automation onboarding and off-boarding processes to reduce human involvement and streamline access control based on role, department, location, title, and other attributes. The solution offers fully-functional access to all cloud and enterprise applications, with a secure, flexible support for mobile users.

Single Sign-OnWith OneLogin’s single sign-on portal users only have to enter one set of credentials to access their web apps in the cloud and behind the firewall—via desktops, smartphones and tablets —enabling ease of access and saved time during work processes.



26

Initially founded in 2005 as a consulting company, the Florida-based Optimal IdM has since evolved into a global provider of affordable identity and access management solutions. The privately held company offers both on-premise solutions, such as its Virtual Identity Server and Federation and Identity Services, and cloud hosted solutions such as OptimalCloud. OptimalCloud is a cloud-based federation and SSO solution. Optimal IdM also provides a single-tenant IDaaS offering via their Optimal Federation and Identity Services (OFIS), an on-premise software offering. All of Optimal’s solutions are highly customizable, and the company also offers each product as a fully managed solution for enterprises with stretched identity security resources.

Key Features

Optimal IdM3959 Van Dyke Rd

Lutz, FLUnited States

+1 (813) 425-6351www.optimalidm.com

Bottom LineOptimal IdM’s customization, scalability, and affordable monthly payment plans make it an ideal solution for growing SMBs or enterprises looking to expand their national or global footprint. They offer a flat fee pricing model for services, which will be a blessing for the budget-conscious business. Their offers of managed services will be of special interest to enterprises in areas with limited cybersecurity talent. Additionally, Optimal IdM received recognition as a Niche Player in the 2019 Gartner Magic Quadrant for Access Management.

Multi-Factor AuthenticationOptimal IdM offers MFA customized to fit your business rules: you can require two-factor authentication when users are not on the corporate network (as in a granular system), or on an application by application basis.

Managed Service OptionsAll of Optimal IdM’s services can be delivered as managed services and/or hosted service configured by Optimal IdM, which offers flexibility via private dedicated servers. It is designed to help enterprises alleviate the burden on their stretched security teams.

User Management and Delegated AdministrationAdministrators using Optimal IdM receive a complete user management system including a robust delegated administrative identity management system. They also offer single sign-on to assist this delegation both in the cloud and on-premises.



27

The Oracle Identity Governance (OIG) Suite is an integrated identity suite that centralizes security for enterprises’ applications and web services, and provides a single point of contact for support under a single license contract. OIG suite is marketed for, and well-suited to, large enterprise customers with global footprints. Accordingly, OIG is a highly complex, scalable, and flexible product, offering a product that can more than adequately protect small or mid-sized businesses as well. The Oracle Identity Cloud Service (IDCS) became available in late 2016. Oracle is a major player in enterprise IT, with a strong reputation to match its presence.

Key Features

Oracle500 Oracle Pkwy

Redwood Shores, CAUnited States

+1 (650) 506-7000www.oracle.com

Bottom LineOracle’s modular Identity Governance solution is well suited for large organizations with complex IGA needs, including industry compliance needs. Oracle products come highly recommended for those already running a portfolio of Oracle products, but those new to Oracle will find a strong solution regardless. Over the past few years, Oracle has worked to position itself for future innovation. It appeared in the 2020 Gartner Magic Quadrant for Access Management.

Privileged Account Management Oracle also offers privileged account management capabilities to control user access from shared accounts and delivers a rich audit trail, ensuring enhanced identity security and compliance for sensitive systems and digital assets.

Identity Auditor Oracle provides advanced, integrated identity analytics for access certification built in to the privileges and permissions provisioning process for improved identity accuracy and work process efficiency across the entire enterprise infrastructure.

Self-Service Access and Identity Intelligence Oracle provides enterprise IT security teams a customizable user interface framework that offers durability across upgrades and patches. Oracle also provides intelligent, flexible role discovery for streamlined administration and policy compliance.



28

Ping Identity’s Identity Defined Security works to secure workforces and customers both on-premises and remote, allowing the right people to access the right things, securely and seamlessly. Ping Identity works to accelerate their move to the cloud while delivering a rich customer experience. Additionally, Ping Identity can quickly onboard partners as part of their digital transformation. Ping allows employees, customers and partners the freedom to access the cloud and on-premises applications they need with an enterprise IDaaS solution that includes multi-factor authentication, single sign-on and access security. They also offer specialized solutions and capabilities for customer identity and access management.

Key Features

Ping Identity1001 17th StDenver, CO

United States+1 (303) 468-2900

www.pingidentity.com

Bottom LinePing Identity’s solution is ideal for organizations looking for a scalable identity and access management solution capable of supporting multiple employee, customer and partner identity use cases on premises and in the cloud. Ping’s market emphasis is on large enterprises, and they have the services and support staff to make good on that interest. In 2019 they appeared as a Leader in the 2019 Gartner Magic Quadrant for Access Management. In fact, Gartner noted Ping Identity’s dedicated CIAM product. They also appeared in the Forrester Wave for Enterprise IDaaS.

PingAccessThis provides secure access to applications and APIs with a comprehensive policy engine that provides centralized access control down to the URL level to ensure that only authorized users access the resources they need. It can also apply policies in context.

PingIDA cloud-delivered multi-factor authentication solution that encompasses multiple authentication methods and devices as well as contextual policies and a mobile SDK to embed MFA functionality within your own mobile app. It protects applications access via single sign-on and integrates with Microsoft Azure AD.

PingFederateA federated single sign-on and authentication solution built on open standards that allows employees, customers and partners to securely access all the applications they need with single sign-on from any device. It uses global authentication authority and supports present and past versions of identity standards.



29

A provider of federated identity systems based on virtualization, Radiant Logicdelivers standards-based access to all identities within an organization.Theirsolution, the RadiantOne FID federated identity and directory service, enablescustomizable identity views built from disparate data silos—along with scalablesync and storage—to drive critical authentication, authorization, and provisioningdecisions for web access management, federation, cloud, and cloud directorydeployments. The RadiantOne FID solution aims to reduce administrative efforts,simplify data integration and storage, and build a flexible identity infrastructureto meet changing business demands.

Key Features

Radiant Logic75 Rowland Way

Novato, CA 94945United States

+1 (415) 209-6800www.radiantlogic.com

Bottom LineRadiantOne FID integrates and orchestrates identity across multiple systems and targets, allowing large enterprises to get more from existing investments while making the most of new investments and opportunities. By consolidating AD domains and forests into a common directory to provisioning to cloud directories, RadiantOne allows for rapid responses to new demands such as onboarding new apps, integrating a newly merged or acquired company, or scaling to hundreds of millions of users and queries. RadiantOne also offers change detection, so all systems stay in sync, from local data stores to the farthest cloud deployments.

Massive Scalability with HDAP Directory RadiantOne can scale to millions of users. Thanks to its scalable LDAP v3 directory based on big data standards, FID enables clients to access data in SQL databases and other non-directory sources at the speed of a directory. It also works to reduce the load on backends by forwarding queries to only the relevant underlying data stores.

Contextual Search and ManagementRadiantOne extracts and aggregates the contextual relationships between identities stored across different silos. With this information, applications and businesses can create complex, context-driven views that can be consumed by authorization policy engines and/or used to build rich customer profiles to enhance the user experience.

Powerful Identity Integration LayerThrough its identity integration layer, RadiantOne FID integrates identities into unified profile views based on multiple application contexts across heterogeneous data sources, including directories, databases, web services, and applications. This provides a central access point for all LDAP, SQL, and DSML-enabled applications across security domains and AD forests.



30

Still operating under the Dell umbrella, RSA offers both IDaaS and traditional identity management and identity governance and administration solutions. RSA Identity Management and Governance (RSA IMG) is a highly scalable identity management suite built from separately licensed components. RSA’s Archer Governance, Risk, and Compliance products are considered highly capable and therefore a good fit for companies with heavy governance needs and stringent governmental and industry compliance requirements. RSA Via is a highly capable IDaaS suite composed of separately licensed SaaS point solutions including access control (SSO, MFA), governance, lifecycle management, MDM, and adaptive authentication.

Key Features

RSA174 Middlesex Tpke

Bedford, MAUnited States

+ 1 (781) 515-5000www.rsa.com

Bottom LineRSA’s strong suite of independently licensed identity governance and administration modules makes the vendor a good fit for companies of all sizes looking for IGA solutions; they met the technical requirements for the Gartner 2019 Identity Governance and Administration Magic Quadrant. Previously, RSA was recognized in 2018 as a Strong Performer in Identity Governance by Forrester, and they were chosen as a leader in IGA by KuppingerCole. Even while operating under the Dell umbrella, RSA remains one of the most recognized solution providers in identity and cybersecurity.

Identity Governance and Lifecycle RSA delivers a streamlined, automated access request, approval, fulfillment and deprovisioning process that includes embedded policy controls, giving security teams complete control over and visibility into who has access to what.

Via RSA offers an IDaaS suite comprised of separately licensed point solutions including access control, governance and lifecycle management. It allows you to manage access to all of your applications, whether cloud, mobile, web and traditional on-premise.

Single Sign-OnRSA enables single sign-on to the leading web and SaaS applications, native mobile apps, and traditional enterprise resources (including VPNs, firewalls, virtual desktops, and Windows or Linux servers) for speedy yet secure workflows.



31

SailPoint offers both traditional Identity Management with its IdentityIQ solution as well as IdentityNow, a multi-tenant Identity-as-a-Service (IDaaS) solution. IdentityIQ is offered as a stand-alone, on-premises product with several optional add-ons. SailPoint’s Identity IQ is well-regarded for its strong identity governance capabilities and provisioning capabilities. IdentityIQ is also available as a hosted managed service for enterprises strapped for cybersecurity and identity talent. IdentityNow provides typical IDaaS capabilities such as federated SSO, password management, provisioning, and access certification, but the solution’s true strength lies in its access governance capabilities, which build off SailPoint’s background as an innovator in identity access and governance.

Key Features

SailPoint11305 Four Points Dr

Austin, TXUnited States

+1 (512) 346-2000www.sailpoint.com

Bottom LineSailPoint’s background as an innovator in identity access and governance makes the company an ideal fit for large organizations seeking comprehensive IGA capabilities. Its product is considered comprehensive and effective. It appeared in the Gartner 2019 Critical Capabilities for Identity Governance and Administration. Additionally, it was named a Leader in the 2019 Gartner Magic Quadrant for Identity Governance and Administration. SailPoint was recognized as the 2020 Gartner Peer Insights Customers’ Choice for Identity Governance & Administration.

Password Management and Data Access Governance SailPoint also lets users reset passwords automatically, while enforcing corporate policy. It also identifies where sensitive data resides, who has access to it, and how they are using it – and then put effective controls in place to secure it.

Single Sign-On SailPoint provides convenient access to multiple workflow applications while maintaining administrator’s control and visibility. This allows employees to easily authenticate their identities and access their work processes without hassle while maintaining security.

Compliance Controls and Automated Provisioning SailPoint defines and enforces user access policies, such as separation-of-duty (SoD), and automates the process of reviewing user access rights across the organization. It also manages access changes throughout a user’s lifecycle by applying governance to all provisioning processes.



32

Salesforce is primarily designed and marketed as a customer relationship management platform, focused on sales, service, and marketing efficiency and strategy. They entered the Identity and Access Management market in 2013 with the release of Salesforce Identity, an IDaaS solution that is both offered as an independent service and as part of Salesforce’s cloud Platform-as-a-Service (PaaS) solution offering. Salesforce Identity features baseline IDaaS capabilities for establishing and enforcing enterprise-level access policy and provisioning, as well as an excellent and integrated graphical workflow for policy management, enterprise social identity, and centralized access management capabilities.

Key Features

SalesforceLandmark at One Market


+1 (844) 848-1057www.salesforce.com

Bottom LineSalesforce’s IDaaS solution is available as an independent service. The solution is best suited for organizations that are operating in customer service and retail industries such as in a CIAM context. This is where Salesforce’s market share is most prominent. Salesforce is quickly adapting to the modern IAM marketplace; they continue their promotion of their independent IAM and CIAM services. Their integration of their identity capabilities with their other cloud platforms will especially appeal to businesses with a strong customer focus or with a growing customer base.

Access Management and User ProvisioningSalesforce provides access management and authorization for third-party apps, including UI integration, so a user’s apps and services are readily available to review. It can streamline the process for providing and removing access to applications to multiple users simultaneously.

Salesforce Identity Connect Salesforce Identity Connect integrates Microsoft Active Directory (AD) with Salesforce, allowing for enterprise administrators’ management of AD users and Salesforce users simultaneously, alleviating some of the burden on your security team.

Cloud-Based User Directories and AuthenticationUser accounts and information are stored and maintained in one place, while available to other services or applications. Salesforce can help administrators verify users and maintain granular control over their user access.



33

Solutions provided by Saviynt enable enterprises to secure applications, data, and corporate infrastructure in a single cloud or on-premise platform. They approach identity governance and administration holistically, moving beyond core Identity Governance to cloud security, application GRC, and access governance—all within a complete cloud-based solution. Saviynt’s platform can facilitate and automate user access reviews, onboarding, offboarding, and lifecycle management. It also facilitates import access and usage data from applications in real time or as a batch, recognize violations, and offer remediation suggestions. Saviynt solutions can also develop rules and roles based on user data, attributes, and behaviors, and offer suggestions.

Key Features

Saviynt5777 W Century Blvd

Los Angeles, CAUnited States

+1 (310) 641-1664www.saviynt.com

Bottom LineEnterprise customers praise the capability and the prowess of the Saviynt solution and remark on the ease of deployment. Saviynt has strong strategic partnerships with Microsoft, Okta, and Ping Identity which speaks to their extensive integration versatility. Their identity governance and administration solution, which is considered comprehensive, is bolstered by a capable and responsive operations team. Saviynt has been named a Niche Player in the 2019 Gartner Magic Quadrant for Access Management. They also have significant presence in the identity governance and administration market.

Access Certification and Request SystemSaviynt’s solutions are designed for a fast, simple deployment that works with customer needs and experience, allowing for easier adoption and deployment and avoiding operational interruptions in work processes.

Cloud-Based Service Identity lifecycle events and usage is intelligently used by Saviynt’s solutions to automatically certify user access. It gives administrators complete flexibility in managing access requests and entitlements with a business-centric user experience and interface.

Identity Analytics Saviynt computes user peer groups, identifies inliers and outliers, and automatically recommends permissions changes based on their research findings. This alleviates some of the investigative burden facing your security team in identifying permissions groups and monitoring them.



34

Since merging with Core Security in 2018, SecureAuth has supplemented their multifactor authentication use cases with more identity governance and privileged access management capabilities. SecureAuth offers specific industry solutions for healthcare, energy, and retail. SecureAuth’s solutions allows customers to manage privileged access to applications in the cloud or on-premise through provisioning user access changes, certifying user access, remediating access violations, and generating audit and compliance reports. Their specific use cases include 25 multifactor authentication methods to supplant password-oriented and two-factor authentication and options to protect Microsoft Office 365 in particular.

Key Features

SecureAuth8845 Irvine Center Dr

Irvine, CA+1 (949) 777-6959

[email protected]

Bottom LineCore Security and SecureAuth were both highly recognized in the identity security marketplace before their 2018 merger was made official. Now that they have completed their merger, SecureAuth has worked to solidify their market share as one of the largest solutions providers. They have been named in the Gartner Magic Quadrants for Identity Governance and Administration and Access Management. They were also named in the 2018 Gartner Peer Insights Customers’ Choice for Access Management, Worldwide. SecureAuth will be well-suited to large enterprises able to fully take advantage of SecureAuth’s global footprint.

Protect Sensitive Data The SecureAuth access request management system is designed to simplify the process of creating and managing the requests that govern user access, allowing for ease in permission provisioning and rescinding as needed.

Automate Processes for Managing User Accounts SecureAuth allows enterprise customers to use fewer resources to manage and maintain their identity security system over time, delivering lower total cost of ownership and lessening the burden on security teams and budgets.

Self-Service Across Enterprise Systems Allows for rapid deployment policies and modular architecture deploys quickly, without a substantial investment in prerequisite systems that may deter small to medium sized businesses or enterprises looking for easier deployments.



35

With its Non-Employee Identity Risk and Lifecycle Management Platform, Massachusetts-based solution provider SecZetta offers a suite of independently licensed products focused on offering ease of use and quick time-to-value. SecZetta’s most prominent strength is its unique approach to managing nonemployees which includes a system of record for non-employees and extends business processes and delegated management to partners including self service capabilities to non-employees. Their solutions can help organizations effectively manage, automate and control the business process of working with and engaging third party, non-employees.

Key Features

SecZetta221 3rd St

Newport, RIUnited States

+1 (781) 832-0767www.seczetta.com

Bottom LineSecZetta’s non-employee identity risk and lifecycle platform is a strong choice for any organization looking for a flexible, robust product requiring no specialized skills to maintain and a focus on business process, automation, delegation and self-service capabilities. SecZetta distinguishes itself with a product purpose built to address the human aspect of non-employee identity risk and lifecycle. They work to translate good people data into good access management and reduced risk to organizations.

Protect Sensitive Data The system allows organizations to risk rate and manage non-employee identities before granting access. Utilizing a proprietary risk scoring methodology, you can assign risk scores to identity data and thresholds can be set to trigger conditional approvals, processes, or even automatic validation of “high-risk” users.

Automate Processes for Managing User Accounts Create, manage and maintain any number of portals for all third parties; partners, vendors and non-employees. It allows third parties to self-register and provide information saves time and effort on the part of the organization and reduces human error.

Non-Employee System of RecordPurpose built to manage non-employee and third-party resources. Complex relationship management empowers the business to manage their own non-employee identities when appropriate; you can replace existing homegrown systems, spreadsheets, and custom databases. Robust reporting provides visibility of your highest risk identities.



36

Atlanta-based Simeio Solutions offers a variety of IAM solutions as both dedicated cloud hosting or on-premise managed services, including the only fully managed IDaaS offering featured in this 2020 Identity and Access Management Buyer’s Guide. Simeio offers IDaaS to clients who want consumer IAM and/or CIAM capabilities as a service via on-premise, hosted on cloud or hybrid with a private cloud option available. Their identity security platform, Identity Orchestrator, allows clients to consume identity as a service and/or to leverage previous investments and manage their legacy IAM environments with next-generation protections. They also provide risk mitigation, visibility tools, compliance & governance reporting, and identity unification tools.

Key Features

Simeio55 Ivan Allen Jr. Blvd

Atlanta, GAUnited States

+1 (844) 2-SIMEIOwww.simeiosolutions.com

Bottom LineSimeio’s managed service offerings are recommended for enterprises looking to shift the heavy Identity and Access Management workload burden from their IT or security departments. Their managed services are competitively priced and offer a single point of contact for deployment and support, which will be a boon for those looking for comprehensive Identity and Access Management on a budget. They specialize in private cloud and hybrid cloud environments. Simeio was named in the Forrester Wave: IDaaS for Enterprise, Q2 2019 report.

Implementation Services Simeio facilitates the implementation and operation of the user interface and new software, and integrates with existing enterprise applications and identity storage spaces. Simeio can provide complete on-site, private cloud, or hybrid operations and infrastructure support for your IAM systems.

Access Governance Simeio automates compliance and protects against both insider and outsider threats with extensive password and role management capabilities. The automation allows security teams to focus on user behavior investigations and permissions analysis.

Managed IDaaS Services Simeio provides automated workflows for user access. This facilitates secure role-appropriate access for employees, customers, and partners, and they work directly with enterprise IT departments for day-to-day operations.



37

Ubisecure is a European technology provider specializing in high scale customer IAM (CIAM) use-cases. Their Identity Platform is designed to enhance an enterprise’s customer-facing applications by providing a high-quality experience to increase customer capture, conversion, and engagement. It allows enterprises to obtain and secure customer data for strategic business purposes while simultaneously meeting essential regulatory requirements like GDPR. The Identity Platform offers adaptive authentication, allowing enterprises with strong customer identities to become Identity Providers through MFA and Centralized Authorization Policy Management. Their solution is available via on-premise software, private cloud, or as a managed service.

Key Features

UbisecureThe Granary, Hermitage Ct

Hermitage Lane, MaidstoneKent, ME16 9NT, UK+44 1273 957 613

www.ubisecure.com

Bottom LineUbisecure Identity Platform is a strong choice for enterprises looking for a scalable IAM and CIAM platform to enhance their customer experience and to meet major compliance requirements like GDPR. They are mainly focused on the European marketplace, and therefore North American companies should investigate whether Ubisecure would meet their specific market needs before making their selection. However, enterprises on either side of the Atlantic looking for a smaller, more supportive IAM solution rather than a monolithic one will find Ubisecure a more-than-viable option. Customer-facing businesses, in particular, should consider Ubisecure.

Delegated Authorization ManagementThe Identity Platform data model allows end-customers to manage their own identities, authorize them to application roles, or authorize other companies to represent them—all of which are vital to GDPR compliance.

Ready-to-Use Multifactor AuthenticationEnables adaptive authentication for frictionless customer registration and engagement, and allows for the use of existing identities e.g. social identities for smoother login experience and thus a higher conversion rate.

Identity Broker EngineCombines identity data from various sources and delivers application-specific identity information for each connected service, allowing for privacy by design and regulatory compliance.



38

A well-regarded player in the IAM field for nearly two decades, Tools4Ever develops and provides standardized and affordable Identity Governance & Administration (IGA) solutions that can be implemented within a few weeks and are easily managed afterwards. Tools4ever’s software suite includes access management, password management, authorization management, and AD and NTFS auditing tools and capabilities. In addition to identity governance and administration, Tools4Ever also enables self-service resets, centralized access reporting, detailed audit logs, and single sign-on. Tools4Ever also offers an in-house team of IT consultants to assist with enterprises’ identity governance and administration deployment and implementations.

Key Features

Tools4Ever300 Merrick RdLynbrook, NYUnited States

+1 (866) 482-4414www.tools4ever.com

Bottom LineTools4ever’s quick deployment and consultant-assisted implementation options offer fast results and ROI. This makes the solution providers’ tools a good choice for both small to large-sized companies and enterprises looking to invest in IGA without the perceived headaches. However Tools4Ever also serves traditional identity and access management demands. Furthermore, deployments of Tools4Ever do not require much technical knowledge and are considered easy by current customers. The product scaling is also regarded as comparatively easy. They were recognized in the KuppingerCole Access Governance & Intelligence Leadership Compass.

Audit ManagerIt allows organizations to govern access rights and control unstructured data, normalizing and saving access rights in a centralized database. It additionally browses all access privileges through a single tree view and keeps track of each action performed in the file structure.

Password ManagerTools4Ever allows for the easy management, reset, and sync passwords across all connected applications to allow users to access all apps on a customizable dashboard with one set of credentials. It adds a layer of security to ensure the identity of the user via password and a PIN/OTP.

Identity Manager Tools4Ever allows enterprises to connect to the HR/SIS system to automate the employee and user lifecycle process. This allows enterprises to facilitate onboarding, updates, and off boarding the user accounts.



39

ABOUTSOLUTIONS REVIEW

Solutions Review is a collection of technology news sites that aggregates, curates, and creates the best content within leading technology categories. Solutions Review’s mission is to connect buyers of enterprise technology with the best solution sellers.

Over the past four years, Solutions Review has launched ten technology buyer’s guide sites in categories ranging from cybersecurity to wireless 802.11, as well as mobility management, business intelligence and data analytics, data integration, and cloud platforms.

Information for this report was gathered via a meta-analysis of available online materials and reports, conversations with vendor representatives, and examinations of product demonstrations and free trials. Solutions Review does not endorse any vendor, product or service depicted in this publication and does not advise technology users to base their vendor selection entirely on this research. Solutions Review disclaims all warranties, expressed or implied, regarding this research, including any warranties of merchantability or fitness for a particular purpose.

Documents

2021 IDENTITY MANAGEMENT BUYER’S GUIDE...1 2021 IDENTITY MANAGEMENT BUYER’S GUIDE 2021 Solutions Review 500 West Cummings Park Woburn, Massachusetts 01801 USA IDENTIT MANAGEMENT