What’s Changed: the 2019 Gartner Magic Quadrant for Access Management
Technology research giant Gartner, Inc. recently released the 2019 Gartner Magic Quadrant for Access Management (AM). You can download it here. The researcher defines access management solutions as using “access control engines to provide centralized authentication, SSO, session management and authorization enforcement for target applications in multiple use cases. Additionally, Gartner emphasizes the importance of adaptive and contextual authentication, support of modern identity protocols, and API capabilities. Meanwhile, the researchers indicate the maturation but not the necessity of certain capabilities including password management and self-service.
Above all, the researchers note the proliferation of SaaS delivery in AM capabilities and solutions as well as advanced authentication. SaaS-delivered IAM (IDaaS) is now the delivery methods for the majority of new use-cases. Additionally, Gartner acknowledges a change to their considerations of SaaS delivery to include cloud-computing and move away from the rather limited term “on-premises.”
In the 2019 Gartner Magic Quadrant for Access Management, researchers predict the increased necessity of user and entity behavior analytics (UEBA) and multifactor authentication (MFA). In fact, Gartner predicts the number of AM solutions leveraging UEBA rising from less than 10% to 60% by 2022. Simultaneously, MFA leveraging shall increase from 10% to over 70% by 2024.
According to Gartner, access management can and must provide user authentication and trust elevation. The former refers to support for password authentication, including additional methods and contextual data. The latter, on the other hand, refers to adaptive access enabling and what we often call “step-up authentication” for more sensitive applications. Additionally, the 2019 Gartner Magic Quadrant for Access Management requires solutions to provide SSO, session management, and security token services. Other key capabilities include developer access to AM functionality and authorization enforcement.
Interestingly, Gartner also acknowledges the necessity of access management to support devices, including the Internet of Things (IoT). They note the importance of AM solutions supporting and managing access between people, IoT, and target resources.
The 2019 Gartner Magic Quadrant for Access Management, available here, is only the third such iteration of the report. In 2017, Gartner retired the IDaaS Magic Quadrant to focus on Access Management as a market category. While IDaaS matters a delivery method, the protection of users’ identities and credentials became more prominent. Gartner initially referred to the category as “Access Management, Worldwide.” However, they appear to have dropped the distinction of “Worldwide” for this report.
In this Magic Quadrant report, Gartner evaluates the strengths and weaknesses of 14 providers it considers most significant in the marketplace and provides readers with a graph (the eponymous Magic Quadrant) plotting the vendors based on their ability to execute and their completeness of vision. The graph is divided into four quadrants: niche players, challengers, visionaries, and leaders. At Solutions Review, we read the report, available here, and pulled out the key takeaways.
In the 2019 Gartner Magic Quadrant for Access Management, Gartner did not add any new vendors; they did acknowledge the increase in vendors providing AM services but noted no new vendor met their inclusion criteria. Instead, they provided an Honorable Mentions section for AM and CIAM providers.
At the same time, Centrify and i-Sprint Innovations were both dropped from the Quadrant, but for different reasons. Late in 2018, Centrify split into two companies: Centrify and Idaptive. With Centrify now focusing solely on privileged access, they no longer fit this Magic Quadrant. Instead, AM-focused Idaptive did make the report. On the other hand, i-Sprint Innovations didn’t meet Gartner’s market criteria this year.
Besides these changes, the 2019 Gartner Magic Quadrant for Access Management presents unique fluctuations to the positioning of the providers. Once again, this year no provider appears in the “Challenger” Quadrant. Instead, numerous providers in the “Visionaries” Quadrant continue to edge ever upwards towards the Leaders section.
For example, Auth0 demonstrates a huge jump up in its Ability to Execute since 2018; Gartner praises it for its device authentication flow capabilities and developer-focus. Yet Idaptive almost overlaps it on the Quadrant, with Gartner lauding its enterprise endpoint management integration and multifactor authentication. Also edging its way up is ForgeRock, which Gartner notes for its strong IoT focus and support through AM.
Meanwhile, OneLogin moves slightly to the left on its Completeness of Vision but remains closely bunched with the three above mentioned providers. Specifically, Gartner praises its implementation ease but notes a lack of support for MFA features. Both Micro Focus and Broadcom (formerly before the acquisition CA Technologies) move down on their Ability to Execute. Gartner praises Broadcom for its IAM capability integration and Micro Focus for its API management. Both lack a SaaS-delivered AM product, however.
Optimal IdM, Atos (Evidian), and SecureAuth remain in the Niche Players Quadrant. Atos earns high praise for its customer experience, while Optimal IdM receives attention for its virtual directory for clients. Simultaneously, SecureAuth offers UEBA capabilities of the type Gartner believes shall become increasingly important.
As for the Leaders Quadrant of the 2019 Gartner Magic Quadrant for Access Management, available here, it looks in many ways the same. All five previous providers—IBM, Oracle, Ping Identity, Microsoft, and Okta—all reappear. Interestingly, while their positions relative to each other remain rather consistent, they do differ in their positions on the Quadrant. In particular Ping Identity, Microsoft, and Okta all rise in the quadrant, with Okta and Ping Identity rising quite high relative to their past positions.
Gartner notes in particular:
- IBM’s handling of multiple use cases, including B2B and B2C.
- Microsoft’s innovations and work to eliminate passwords.
- Okta’s market responsiveness and extensibility in authentication.
- Oracle’s Identity Cloud Services and API protection.
- Ping Identity’s dedicated CIAM product.
You can read the full 2019 Gartner Magic Quadrant for Access Management here.