Findings: 2020 Gartner Magic Quadrant for Access Management

Findings: 2020 Gartner Magic Quadrant for Access Management

The editors at Solutions Review highlight what’s changed since the last 2020 iteration of Gartner’s Magic Quadrant for Access Management. 

Technology research giant Gartner, Inc. recently released the 2020 Gartner Magic Quadrant for Access Management. You can download it here. Gartner researchers define Access Management as “technologies that use access control engines (identity providers, authorization servers, policy servers, etc.)” This includes capabilities such as authorization and adaptive access, user self-service capabilities including registration and password management, and session management. 

Also, Gartner notes the importance of authentication capabilities such as multifactor authentication and Single Sign-On as well as event logging and reporting. Directory and identity synchronization, including identity repository services, also make the list of critical capabilities. Researchers distinguish these capabilities from more optional ones like identity lifecycle management, user provisioning, identity analytics, and profiling. 

Gartner finds the Access Management market continues to evolve as more authentication options become widely adopted. Additionally, AM as a Service rises in popularity, especially in North America. 

In the report, researchers predict that by 2024 “50 [percent] of all workforce access management (AM) implementations will leverage native, real-time, user and entity behavior analytics (UEBA) capabilities.” In the same timeframe, nearly a third of new AM purchases should base itself on best fits rather than other rankings. 

2020 Gartner Magic Quadrant for Access Management: Who’s Where? 

In the 2020 Gartner Magic Quadrant for Access Management, researchers evaluate the strengths and weaknesses of the providers it considers most significant in the marketplace. Then, it provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute (Y-Axis) and their completeness of vision (X-Axis). The graph is divided into four quadrants: Niche Players, Challengers, Visionaries, and Leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways. 

The 2020 Gartner Magic Quadrant for Access Management is the fourth iteration of the report.  In 2017, Gartner retired the IDaaS Magic Quadrant to focus on Access Management as a market category. 

Gartner names 11 vendors to the AM Magic Quadrant Report. One new vendor, Thales (Gemalto), appears in the report. Meanwhile, four vendors did not meet Gartner’s inclusion criteria. Broadcom Symantec, who appeared as a Visionary in the last report, declined to participate in the research (although Gartner acknowledges it would meet inclusion criteria), while Optimal IdM, Atos (Evidian), and SecureAuth did not meet specific revenue or customer requirements. 

This year, the vendors in the 2020 Gartner Magic Quadrant for Access Management create a broad stroke pattern across the Leaders and Challengers Quadrants, with a few providers in the Niche Players Quadrant. No Vendor appears in the Visionaries Quadrant. This represents a significant change, as in the 2019 Quadrant, almost half of all Vendors appeared in the Visionaries Quadrant. This might indicate an overall maturing of the Market, as technologies and capabilities become more commonplace and standardized. This standardization might also explain why the Niche Players Quadrant is so barren; Niche Players are usually dedicated to solving challenges for specific use cases, which may not apply here. 

Only two vendors appear in the Niche Vendors Quadrant. Thales (Gemalto) appears for the first time in the report close to the bottom left corner, although it does receive praise for its authentication. Micro Focus, previously a Visionary, moved significantly to the left but also far up, touching the line between Niche Players and Challengers. Gartner labels its Interset UEBA, which is integrated into its NetIQ Access Manager platform, as one of its strengths. 

Oracle, CyberArk (Idaptive), IBM, and Auth0 all appear as Challengers, populating a Quadrant that remained vacant in 2019. IBM moved significantly up but also just to the left of the line between Leaders and Challengers. Previously, it was labeled as a Leader; researchers praise it for its lifecycle management. 

Oracle made a similar progression from 2019, moving left out of the Leaders quadrant. Gartner lauds its mature programmatic interfaces. Auth0 moved significantly up out of the Visionaries quadrant, also moving left close to the Leader/Challenger line. It specializes in customer identity and access management. Finally, CyberArk, which acquired Idaptive, moved up and left, praised for its maturing UEBA capabilities. 

The Leaders

This leaves five Leaders in the 2020 Gartner Magic Quadrant for Access Management: OneLogin, ForgeRock, Okta, Ping Identity, and Microsoft. OneLogin moved up and slightly to the left, noted for its exceptional customer experience. ForgeRock made a similar ascent from the Visionaries Quadrant, with Gartner applauding its expansion of SaaS options and product capabilities. 

Meanwhile, Okta, Ping Identity, and Microsoft all received the Leaders title in the 2019 report. In 2020, Okta moved significantly down and to the left from its former outlier position. Researchers find its UEBA and customer experience particularly noteworthy. Ping Identity moved quite a ways up but also to the left; its position stems in part from its nonstandard application integration, API access controls, and user self-service capabilities. 

Finally, while Microsoft did move slightly left, it moved up considerably, possibly for its capabilities designed for larger enterprises. 

Read the full 2020 Gartner Magic Quadrant for Access Management here. You can also try out the Solutions Review Suggestion Engine for free here. 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner