Gartner analysts predict that by 2020, 40 percent of IAM purchases will use IDaaS delivery model, a two-fold increase from less than 20 percent today. Perhaps more important is that 40 percent of those IDaaS implications will entirely replace on-premises IAM implementations, according to Gartner. Future, is in the cloud. Here are the top IDaaS vendors to keep an eye on for 2017 and beyond:
Centrify’s IDaaS solution offers secure access to cloud and mobile apps via SSO, user provisioning, mobile device management (MDM), and multi-factor authentication (MFA) capabilities, and is also compatible with Active Directory (AD).
Centrify is particularly notable for its integrated MDM capabilities, which are some of the strongest in the market and match the capabilities of many MDM vendors. Centrify also boasts easy-to-use dashboards and strong reporting capabilities, with nearly 50 out of the box reports, as well as a SaaS Privileged Identity Management (PIM) solution, making Centrify a reliable choice for organizations with BYOD policies looking to simplify MDM, IAM and PIM simultaneously.
Okta’s IDaaS offering boasts one of the fastest growing customer bases in the market and the funding to match—the company has reached “unicorn” levels of funding in recent years.
The Okta identity management service provides directory services, SSO, strong authentication, provisioning, workflow, and reporting, all delivered as a multitenant IDaaS though some components reside on-premise. Aside from standard IDaaS capabilities, Okta also provides MDM and phone-as-a-token authentication capabilities. Okta features a broad partner ecosystem but lacks slightly in reporting capabilities. Okta opened an EU-based data center in 2015, making the company an ideal IDaaS solution for small to midsized businesses on either side of the Atlantic.
California-based OneLogin provides an on-demand IDaaS solution consisting of single sign-on, multi-factor authentication, directory integration, user provisioning, and a catalog of pre-integrated applications. OneLogin is provided via a multitenant architecture and provides robust capabilities and support for access management policy administration, user directory integration, and end-user self-service. As major proponents of the OpenID Native Applications Working Group (NAPPS), OneLogin has taken a standards-based approach to application integration and established itself as a thought leader in the field of authentication.
OneLogin makes an excellent IDaaS solution for organizations of any size looking for powerful SSO, directory, and MFA capabilities.
The Ping Identity Platform is a multi-tenant, web-centric IDaaS offering that provides secure single sign-on from any device and provides administrators with a single dashboard from which they can manage user access to all applications. Ping Identity Platform comes bundled with PingFederate, a federation service supporting all of the current identity standards including SAML, WS-Federation, WS-Trust, OAuth and OpenID Connect, and PingAccess for managing policies on both applications and APIs. Platform customers can use a lightweight self-services bridge component to integrate with AD, Google, or with one of many SaaS provisioners
Ping delivers this technology as a solution to manage partner employee identities, as well as customer identities through its recent acquisition UnboundID.
With its cloud-based Identity-as-a-Service (IDaaS) solution, California-based Bitium aims to give customers strong security capabilities including single sign-on (SSO), app management, and analytics tools, all without sacrificing ease-of-use. Bitium’s SSO app allows users to access over 1,000 cloud-based apps and lets administrators to provision (and de-provision) application access without sharing passwords. Though Bitium shows strong capabilities in SSO and analytics, the platform doesn’t currently feature two-factor authentication (2FA) or mobile device management (MDM), capabilities, and lacks customizable reports. Nonetheless, Bitium makes a powerful point solution for organizations looking for SSO and analytics.
Microsoft made its first foray into the IDaaS market with the May 2014 release of its new Azure Active Directory (AAD) Premium service and the technology giant has already made a large impact on the market. AAD offers comparable capabilities to other IDaaS offerings and includes access to Microsoft Identity Manager products for use with on-premise systems. AAD makes a strong choice for enterprise customers deeply familiar with Microsoft’s ecosystem, or who already use Microsoft’s Azure cloud PaaS service. However, customers looking for deep CIAM (B2C) and user provisioning capabilities should beware, as Microsoft has yet to catch up to the competition in these regards.
IBM delivers AM functionality in appliance and IDaaS forms.IBM Cloud Identity Service (CIS) runs on IBM SoftLayer IaaS and a significant portion of the CIS is underpinned by the same technology in ISAM. However, the offerings vary in their support for different user authentication methods, SSO specifications, social identity integration, and the extent to which target applications are enabled out of the box versus manual configuration. IBM has a large portfolio of products to cross-sell with AM including an API gateway and other IAM and security products. IBM has recently launched IBM Cloud Identity Connect (CIC) service that delivers a simple, one-click activation process designed to help businesses protect their existing infrastructure investments and bridge services to the cloud. Administrators and app owners can easily add new SaaS apps and manage workforce access, while creating a unified end user catalog and app portal for fast, intuitive access.