5 Questions to Ask Your Potential Identity Management Solution Providers

Solutions Review lists the five questions you need to ask identity management solution providers when evaluating tools.

The primary cybersecurity tool you can use to prevent data breaches is identity and access management (IAM). Identity, more specifically identity authentication, now forms the digital perimeter once composed of (now-legacy) antivirus solutions. This digital perimeter serves as the main mechanism by which threat actors are kept out. Even if they do penetrate the perimeter, identity can constrain their permissions, limiting the damage they inflict on your network.

When evaluating an identity management solution, make sure to ask these five questions of the vendors you’re evaluating. Be sure to also consult our Buyer’s Guide for Identity and Access Management for more information on the top solution providers in the identity management space.

Can you describe your solution’s ability to support various authentication methods?

Each solution brings a different, strongly-held view of the best way to deliver IAM. Make your prospective vendor take a stand and expand on their model while defending that position against other options. Ask your prospective vendor about their ability to support password, soft-token, hard-token, biometric, and out-of-band mobile device authentication. More authentication possibilities can mean more flexible identity policies for your business.

How does your identity management solution enable or improve web-based Single Sign-On?

The benefits of Single Sign-On (SSO) are overwhelming; reduced password fatigue, reduced time spent re-entering passwords, and reduced IT costs. Ask prospective vendors about their relationship to SSO, the applications they support, and their plans for the future if they do not currently support SSO. Chances are they do, and thus the question becomes how their Single Sign-On compares to others’.

How does identity federation fit into your solution?

The need for partners or contractors to securely access internal business applications is becoming a daily reality for many enterprises. The need to provide employees with access to external systems, such as outsourced human resources applications, has created a genuine demand for Federated Identity Management (FIM). If it is not an immediate requirement, FIM is certainly something to consider as you grow.

How do you manage access from mobile devices? What operating systems do you support?

If you’re committed to providing employees, vendors, and consumers access to systems from anywhere, at any time via a bring-your-own-device (BYOD) policy, then you need to understand what a prospective IAM solution provider can support in regard to mobile devices. If your organization has made a commitment to a BYOD policy, then you’ll need to understand whether an IAM solution can support not only iOS, but Android, Windows, and Blackberry as well.

How is your solution priced?

At some point, you’ve got to get to the bottom line. This can be tough as IAM solutions often have very complex pricing structures. Be persistent. There’s a wide range of sophistication in the solutions we’ve selected, and there’s also a wide variety of pricing models. Some will include line items for various options and others will charge a simple per-user fee. Get an apples-to-apples comparison by building a cost model through a “per-user-per-month” approach.


Our Buyer’s Guide for Identity and Access Management helps you evaluate the best systems for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace, questions you need to ask your organization and your potential IAM providers, and a Bottom Line Analysis for each vendor profile.

Daniel Hein