What’s Changed: Gartner’s 2016 Magic Quadrant for Identity Governance and Administration (IGA)

2016 Gartner Magic Quadrant Identity Governance and Administration

Editor’s note: The 2017 IGA Magic Quadrant is out, check out our coverage here.

Analyst house Gartner, Inc. has released the latest iteration of its annual Identity Governance and Administration (IGA) Magic Quadrant (MQ) report.

In the 2016 MQ for IGA Gartner evaluates the strengths and weaknesses of 15 vendors that it considers most significant in the IGA market, and provides readers with a graph (the Magic Quadrant) plotting the vendors based on their ability to execute and their completeness of vision. The graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. Gartner does not endorse any vendor, product, or service depicted in its research publications.

This is the fourth iteration of the IGA MQ report after the Gartner introduced the category in 2013, and it comes at a turbulent time, as the IGA market enters what Gartner calls “an early mainstream phase”, after being thrust into mainstream IT consciousness by a series of highly public data breaches that have sent CIOs scrambling to find new ways to secure their information.

At Solutions Review, we read the 28 Page report, available to Gartner subscribers here, and pulled a few of what we considered the most important takeaways nd key changes since the 2015 IGA MQ.

What is IGA? 

According to Gartner, IGA solutions are tools that  “manage identity and access life cycles across multiple systems in a heterogeneous environment.” They accomplish this by aggregating and correlating identity and access rights data that is distributed throughout the IT landscape to enhance control over user access. This aggregated data serves as the basis for core IGA functions.

According to Gartner, core IGA functions include:

  • Identity Life Cycle Management
  • Access Requests
  • Workflow Orchestration
  • Role and Policy Management
  • Auditing
  • Access Certification
  • Fulfillment via Automated Provisioning and Service Tickets
  • Reporting and Analytics
  • Password Management


The 2016 IGA MQ report rates vendors on the ability to deliver those core capabilities “in a product specifically tailored and sold to manage access request life cycles.”

Put simply, IGA is a set of processes used to manage identity and access controls across systems. IGA differs from IAM in that it allows organizations to not only define and enforce IAM policy but also connect IAM functions to meet audit and compliance requirements.

Movements on the Chart: SailPoint, Oracle, IBM Dominate ‘Leaders’ Quadrant, Niche Players Drop Out

The 2016 IGA Magic Quadrant, Courtesy of SailPoint. Click to Enlarge

The 2016 IGA Magic Quadrant. Click to Enlarge

In 2015, the ‘leaders’ quadrant of Gartner’s graph featured five vendors: SailPoint, RSA, IBM, Oracle, and Courion. Flash forward to 2016, and just Sailpoint, Oracle and IBM remain, with  RSA, and Courion docked considerable points and finding themselves in the ‘Challengers’ and ‘Visionaries’ quadrants, respectively.

Meanwhile, the total number of vendors featured in the report has dropped from 19 to 14,  as several of the ‘Niche Players’ listed in the 2015 report have been dropped for the 2016 version. So, what happened?

Well, first of all, Gartner has changed the rules a bit, in a manner that favors larger, more-established IGA vendors. As a consequence of the significantly elevated minimum revenue inclusion criteria for this year’s Magic Quadrant (vendors must have booked a total revenue of at least $15 million for IGA products or subscriptions for any period of 12 consecutive months (fiscal year) between 1 January 2014 and 30 September 2015) Avatier, Beta Systems, Fischer International, Identity Automation, and The Dot Net Factory were all dropped from the report.

Second, the fast growth and maturation of the IGA market has made the field attractive for mergers and acquisitions. Gartner estimates the market sized for IGA in 2015 at $1.78 billion, with an annual growth rate of 19% from 2015 ($1.50 billion to $1.78 billion).

Several vendors listed in the report this year went through significant changes due to acquisitions or changes in leadership. That includes RSA, whose parent company EMC was acquired by Dell in October 2015, and Courion who was acquired by K1 Investment Management and had it’s entire leadership team replaced.

Analytics Adoption on the Rise

As more and more organizations come to the conclusion that traditional access certification methods are “inexact, labor-intensive, error-prone and insufficient to properly address inherent risks,” Gartner predicts a sharp rise in the use of analytics for “advanced risk analysis, fine-grained SOD analysis across the spectrum of corporate business systems with complex authorization models.” as well as decision support for approvals and certifications. 

Gartner predicts that by 2018, analytics, machine learning and policies will replace more than 50% of manual access certification and request approval tasks, up from less than 2%.

Integration is the Name of the Game

One interesting emerging trend that Gartner noted among innovative vendors is the increased integration of IGA solutions with related tools, such as Data Access Governance (DAG), privileged access management (PAM), and enterprise mobility management (EMM) tools. 

DAG integration has been particularly steady, due to the close relationship between application and data access, says Gartner, and several companies such as SailPoint, Courion, Dell, Micro Focus, and Saviynt currently offer both types of products and could benefit from “further integration and upsell opportunities,” says Gartner.

Gartner predicts that by 2020, 50% of enterprises with identity governance and administration (IGA) deployments will have invested in data access governance (DAG) for tighter data access control, up from less than 10% today.

Integration between IGA products and PAM products is also on the rise,  with growth driven by interest from clients and competition from PAM/PIM vendors approaching IGA territory.

Gartner Subscribers can read the full report here.


Now watch this: 

Jeff Edwards
Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Latest posts by Jeff Edwards (see all)