A recent discussion in the LinkedIn group “Identity Management Specialists Group” asked for the personal opinion about what is the best IdM product out there. Besides the fact that it listed only five products to choose from in a survey, this question, from my perspective, is the wrong question. If I just take the question, my answer would simply be: “None”. There is no “best product” in that market. There is only the product best suited to solve the customer’s problem. And by the way: What is IdM? OK, this is an abbreviation for “Identity Management”, which is better understood as Identity and Access Management, given that access is a bigger issue than identity. I don’t say that identity is a small challenge, but at the end of the day, business mainly cares about access.
Within the discipline of IAM we have a pretty broad range of different market segments, including Identity Provisioning, Access Governance, Access Management and Federation, Privilege Management, Enterprise Single Sign-On, and several others. IdM or IAM definitely is more than just Identity Provisioning. But to understand which technical building blocks a customer really needs, you need to understand his challenges. What is he really looking for? So it again comes down to: There is no best product, there is only the product (or set of products) which fits to the needs of the customer.
But then another aspect comes in: IAM is not really a technical issue. So raising the question for the best product ignores the fact that IAM mainly is about organization, about guidelines and policies, and about processes. Without having them defined you neither have the criteria for choosing a product nor a chance for a successful IAM initiative. You might “successfully” deploy a product, but it is about successfully implementing IAM processes in the organization. Simply said: technology follows organization.
On the other hand, if you have properly defined your organization, guidelines, policies, and processes, you will observe that most likely no product will meet all of your criteria out-of-the-box but several products will be able to serve your needs. So the relevance of “the best product” diminishes. There are products which just don’t fit your requirements. But most likely there will be some that will fit. In those cases the decisions might be much more about trust in a vendor and its capability and willingness to support your organization in implementing the product the way you want to have it then it will be about technical capabilities of a product.
So even if there were a best product, your implementation of it might fail because the product doesn’t fit to your requirements. My most important advice thus is: Understand your requirements. Define the organizational “framework” around them. And then pick the product(s) and ensure that implementation follows your specifications. Then you will most likely succeed. When just looking for technology, you might succeed in deploying technology, but chances are high that you fail in implementing IAM in your organization.