Moving to the cloud is one of the biggest challenges for organizations when it comes to Identity & Access Management (IAM). Many organizations find it daunting to extend IAM when moving to the cloud to support hybrid workloads.

However, cloud-based IAM services are potentially part of the solution because features such as multi-factor authentication can often be deployed more easily in cloud-based identity and authentication services than they would be on-prem.

Usefully, some Cloud-based Identity as a Service (IDaaS) solutions combine Access Management functions with Identity Governance and Administration (IGA) and Access Governance capabilities. These are all delivered as a cloud-based managed service.

Most IDaaS vendors deliver a cloud-based service to serve the common IAM requirements of an organization’s hybrid IT environment, delivering the common IAM capabilities of Identity Administration, Access Governance , and Access Management.

These services, therefore, are able to address many of the challenges of dealing with IAM in hybrid IT environments by delivering capabilities such as automated user provisioning and lifecycle management, self-service user profile management , consistent authentication, single sign-on (SSO) and identity federation, centralized role and access entitlement management, common access reporting, and common access certification. 

IDaaS offers a springboard for organizations to start using foundational IAM elements delivered from the cloud and move rest of the IAM functions as they find it appropriate and at a pace that matches the organizational security maturity and cloud strategy.

— Martin Kuppinger, Lead Analyst at KuppingerCole

Because we understand how important it is to get Cloud IAM right, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content in a variety of formats available.


As mentioned in the previous edition in KC Navigator, controlling who or what can access critical business systems and data is essential and a core part of IAM. For a cloud-related perspective on this, have a look at this Advisory Note entitled: Protect Your Cloud Against Hacks and Industrial Espionage.

For another perspective on cloud-based services as an alternative to on-prem IAM suites, have a look at this Advisory Note on Cloud IAM: More than just Single Sign-On to Cloud Applications, while for an explanation of how the “identity fabric” concept can facilitate a gradual, non-disruptive integration and migration of IAM to the cloud, have a look at this Leadership Brief on Leveraging Identity Fabrics on Your Way Towards Cloud Based IAM.

Audio & Video

Cloud IAM has been addressed in various presentations at KuppingerCole events over the years, including the most recent European Identity and Cloud Conference 2021, where much of the focus was on Cloud Infrastructure Entitlement Management (CIEM), which has already been dealt with in a previous edition of KC Navigator.

Other sessions at EIC 2021 that addressed the topic of Cloud IAM, included:

Choose from other presentations in the list below that are most relevant or best meet your organization’s needs in its journey to the cloud:


Concise perspectives on topics are typically provided in blog posts or short video blogs. On the topic of cloud-related IAM choose from these vlogs on:

And this blog post on: IGA in the Cloud without Compromise


Cloud-related IAM has been the topic of many webinars. Look through the list below and select the ones that are of the most interest or are most applicable to your company:


The topic of cloud IAM has also been addressed in several whitepapers. Select the most relevant focus areas from the list below: 

Tech Investment

Organizations looking to make investments in cloud-based identity services should have a look at this Leadership Compass on Identity as a Service (IDaaS) with a focus on IGA for a discussion on the market direction and a detailed evaluation of market players to help IAM and security leaders to make informed decisions.

For a perspective on IDaaS services targeting full IAM and Access Governance capabilities for employees in hybrid environments, have a look at this Leadership compass on IDaaS B2E, while organizations looking specifically for single sign-on capabilities can have a look at this Leadership Compass on IDaaS SSO.

Other Leadership Compass reports that are relevant in this context include those on Cloud User and Access Management and Cloud-based MFA Solutions.

Organizations investing in technologies to support cloud IAM can also have a look at some of the related technology solutions that we have evaluated: