Identity, and identity and access management platforms, are poised to not only dominate cybersecurity but to completely subsume it. Identity concerns have become top-of-mind for IT security professionals and CISOs the world over. Not only do they need to ensure that the users logging in are who they say they are, they must also ensure that employees’ entitlements are limited by their duties, that their privileged credentials are secure, and that their authentication methods can’t be easily deceived.
Identity is a vast field, encompassing several subfields such as privileged access management and identity governance and administration. In an attempt to assist you with what can become a daunting task of selecting the right product for your enterprise, we present the 32 best identity and access management platforms for 2018.
Avatier offers a suite of independently-licensed identity and access management platforms focused on usability and quick time-to-value. Avatier’s interfaces support dozens of languages, including nearly every European language. It is a strong choice for enterprises looking for a simple, manageable product with relatively easy maintenance and a focus on self-service.
Beta Systems’ products are known for their capabilities in mainframe security and for highly customizable environments, often geared towards the technical user. The German-based company scores points for strong support and maintenance and is an especially good fit for European-based companies though they have been making inroads with North American customers as well.
Specializing in identity governance and administration, Tools4Ever also offers more traditional identity and access management platforms with access management, password management, and AD and NTFS auditing capabilities. Their quick deployment and consultant-assisted implementation offer fast results, making the company’s tools a good choice for companies looking to invest in identity without the headaches.
Bitium’s Single Sign-On app allows users to access over 1,000 cloud-based apps and lets administrators provision (and de-provision) application access without sharing passwords. All Bitium identity and access management platforms include automatic provisioning and SAML Integration. It delivers easy-to-use solutions with flexibility and security.
Recently acquired by Broadcom, CA Technologies provides a comprehensive IAM portfolio including cloud identity security, IDaaS, SSO, and privileged access management capabilities. The CA Identity Manager delivers a unified solution for user provisioning and user management that is ideal for enterprises looking for a scalable solution for large, consumer-facing deployments.
Centrify’s variety of web-centric IDaaS, MDM, and PIM solutions make the company a strong choice for organizations with BYOD policies looking to simplify MDM, IAM and PIM simultaneously. Centrify is particularly notable for its integrated MDM capabilities, which are some of the strongest in the market and match the capabilities of many MDM vendors.
Core Security (+SecureAuth)
Currently merging with SecureAuth, Core Security’s solution is built from several modules that may be licensed separately and used as point solutions if desired. Together these modules form a comprehensive approach to access risk management with strong analytics capabilities. Core Security is widely utilized in highly-regulated industries and should be considered for enterprises.
An early innovator in the IDaaS market, Covisint was recently acquired by OpenText. Their identity and access management platforms have an especial focus on the Internet of Things (IoT). Their solutions can be implemented in public or private cloud, and feature identity manager and identity intelligence capabilities as well as deep federation.
Crossmatch focuses on moving customers beyond passwords by presenting end-users with a range of more convenient (and secure) authentication options (including biometrics) while delivering those options to the end-users with consistent contexts and policies. Crossmatch specializes in government, defense, and law enforcement.
Fischer International provides an enterprise-grade full-suite solution for either private cloud or on-premise servers. Fischer offers user provisioning for end-user full-lifecycle management, access governance, self-service password management, SSO/Federation and five-factor authentication. Their identity and access management platforms will appeal to those worried about insider threats.
Unique among identity and access management platforms, ForgeRock offers one of the only open-source IAM solutions on the market. ForgeRock’s innovative track record and focus on scalability makes it ideal for organizations requiring large solution deployments. It is affordable and has advanced support for IoT compared to other IAM platforms.
The IBM Cloud Identity Service is offered as a multi-tenant model though some components can be delivered in a dedicated model. IBM is designed to accommodate complex deployments or needs and has the experience and staff to make their identity and access management platforms work. They also have highly praised IGA capabilities.
Identity Automation supports IGA, identity process automation, SSO, MFA, and dynamic role management via their RapidIdentity solution. Identity Automation is a smart choice for organizations of all sizes looking to replace legacy identity and home-grown tools with a new system. Rapid Identity can be deployed in weeks, rather than months or years, and offers a broad set of out-of-the-box and configurable capabilities.
As part of its identity and access management platforms, ISSQUARED offers the Identity Management module, which cohesively streamlines the process of creating, managing, and controlling identities, groups, roles, and entitlements. ISSQUARED also reduces risk by ensuring that core compliance controls are in place, making Identity Governance smooth.
The only other open-source IAM platform, iWelcome delivers its capabilities via a dedicated single-tenant delivery model that allows for massive customization and white-labeling. iWelcome is an ideal candidate for large, EU-based enterprises looking for an IDaaS solution that will meet complex business requirements and use-cases, as well as regulatory requirements like GDPR.
A name requiring no introduction, Microsoft makes a strong choice for enterprise customers deeply familiar with Microsoft’s ecosystem, or who already use Microsoft’s Azure cloud PaaS service, and are looking for traditional identity management capabilities. They also offer active directory services, federation services, and multi-tenant cloud-based directory services all bundled with rights management.
NetIQ’s identity and access management platforms centralize access administration and ensure that every user has one identity—from your physical and virtual networks to the cloud—with a highly flexible solution and strong provisioning capabilities ideal for a variety of business use-cases. NetIQ is a robust yet affordable IGA-focused solution with a large network of channel partners.
Aside from standard IDaaS capabilities—SSO, authentication, and directory services—Okta also provides MDM and phone-as-a-token authentication capabilities. Okta features a broad partner-ecosystem; its lightweight, multi-tenant delivery model is highly scalable, and ideal for organizations with simple identity administration and provisioning capabilities.
Omada’s identity and access management platforms feature a flexible data model, excellent dashboards and powerful reporting capabilities, including closed-loop reporting. User-facing elements of all identity lifecycle scenarios support a flexible data model for entitlement. Omada’s highly vertical-specific solutions make them an interesting vendor for enterprises in the finance, life-sciences, manufacturing, public, utilities, and retail space.
OneLogin is provided via a multitenant architecture and provides strong capabilities and support for access management policy administration, user directory integration, and end-user self-service. OneLogin has taken a standards-based approach to application integration and established itself as a thought leader in the field of authentication.
One Identity is a modular and integrated approach to account management that provides rapid time-to-value by offering comprehensive functionality that allows customers to build on existing investments. One Identity Manager offers different ‘editions’ offered to different verticals, including but not limited to communications, banking, insurance, and media services.
Optimal IdM provides a single-tenant IDaaS offering via Optimal Federation and Identity Services (OFIS), an on-premise software offering. All of Optimal’s solutions are highly customizable, and the company also offers each product as a fully managed solution. Optimal IdM’s customization, scalability, and affordable monthly plans make it an ideal solution for growing SMBs or enterprises looking to expand
Oracle’s identity and access management platforms are marketed for, and well-suited to, large enterprise customers; their Oracle Identity Governance Suite is a highly complex, scalable, and flexible product well suited for large organizations with complex IGA needs. It can support a wide range of web applications and cloud architecture.
Protecting over 1.3 billion identities from data centers around the globe, Ping Identity allows employees, customers, and partners the freedom to access the cloud and on-premises applications they need with an enterprise IDaaS solution that includes multi-factor authentication, single sign-on, and access security.
Specializing in business-driven identity life-cycle and access management platforms, Propentus is the largest IAM vendor in Finland. Propentus’s European roots and strong competency in identity management for the Internet of Things make the Finnish company a strong candidate for EMEA-based enterprises of all sizes looking to manage identity lifecycles and especially IoT devices.
RSA offers IDaaS, IGA, and traditional identity and access management platforms, featuring access control (SSO, MFA), governance, lifecycle management, MDM, and adaptive authentication. RSA’s strong suite of independently licensed IGA modules makes the company a good fit for companies of all sizes looking for IGA solutions in particular.
SailPoint’s identity and access management platforms are offered as stand-alone on-premises products with several optional add-ons well-regarded for their strong identity governance capabilities and provisioning. They also offer hosted managed services. Sailpoint’s products are considered comprehensive, effective, and easily scalable for complex deployments.
Best known as a customer relationship management platform, Salesforce does offer an IAM platform featuring baseline IDaaS capabilities for access policy and provisioning, as well as an excellent graphical workflow for policy management, enterprise social identity, and centralized access management.
Saviynt focuses on cloud identity security and on identity governance and administration in its IAM platforms. It enables to secure applications, data, and corporate infrastructure in a single cloud or on-premise platform. Saviynt’s platform can facilitate and automate user access reviews, onboarding, and lifecycle management, import access and usage data from applications in real time.
Simeio offers a fully managed IDaaS solution, available as a service via on-premise, hosted on cloud or hybrid with a private cloud option available. Their platform, Identity Orchestrator, allows clients to consume identity as a service and/or to leverage previous investments and manage their legacy IAM environments. Their managed services are competitively priced and offer a single point of contact for deployment and support.
ThreatMetrix’s cloud-based authentication model is ideal for enterprises across a variety of verticals looking to improve their fraud detection, authentication, and threat detection capabilities without building out an expensive and difficult to maintain on-premise IAM deployment. The platform currently verifies over 20 billion annual transactions, supporting 30,000 websites and 4,000 customers globally.
Ubisecure allows enterprises to obtain and secure customer data for strategic business purposes while simultaneously meeting new regulatory requirements like GDPR. Their Identity Platform offers adaptive authentication, allowing enterprises with strong customer identities to become Identity Providers through MFA and Centralized Authorization Policy Management.