All Research
Market Compass
The KuppingerCole Market Compass provides an overview of the product or service offerings in a certain market segment. This Market Compass covers the market of IGA (Identity Governance & Administration) solutions with specific focus on solutions that come with good out-of-the-box support for integration into ServiceNow infrastructures. This integration becomes increasingly relevant, with ServiceNow counting amongst the leaders in IT Service Management.

1 Management Summary

The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing that market segment, how it is further divided, and the essential capabilities required of solutions. It also provides ratings of how well these solutions meet our expectations.

This Market Compass covers IGA solutions and focuses on the level of out-of-the-box integration such solutions provide to ServiceNow, a leading ITSM (IT Service Management) platform. Thus, the focus is not primarily on the IGA capabilities themselves, which are analyzed and rated in other KuppingerCole documents such as the Leadership Compass on IGA, but specifically on how well solutions integrate with ServiceNow.

We look at both the breadth of use cases supported as well as the level of integration and the approach taken. Seamless API-based integration is favored over deep links. Apps available in the ServiceNow store are favored over solutions that don’t provide such pre-configured integrations. Solutions that just deliver a set of APIs, but no out-of-the-box integration, are not considered.

The reason for creating this Market Compass is that we observe a rapidly growing number of organizations that standardize on ServiceNow as their ITSM platform, but also as the standard user interface for requesting any type of IT services. IGA (Identity Governance and Administration), with the User Lifecycle Management and Access Governance capabilities, requires specialized solutions that e.g. support in efficiently running access reviews or enforcing SoD controls. Thus, IGA solutions commonly are separate tools, which hardly can be rebuilt as customization of ServiceNow. However, we see first vendors that create new IGA solutions on top of the ServiceNow platform, utilizing the platform services such as workflows.

We recommend customers thoroughly analyzing which integration approach fits best for them. This decision is impacted by a range of factors. These include the range of systems that must be connected – several systems, specifically legacy applications and applications in certain industries such as Healthcare or Finance, are complex to integrate and require strong provisioning capabilities as part of the Identity Lifecycles. The decision also depends on the question whether an IGA solution is already deployed or not, and whether this shall remain or become replaced sooner or later. It is also impacted by the strategic (or non-strategic) role of ServiceNow.

We strongly recommend that customers do a careful evaluation of requirements, current infrastructure, and other factors, before deciding on how to best integrate IGA and ITSM. Most importantly, custom coding should be avoided or at least be limited as much as can.

This Market Compass provides guidance on selecting the IGA solutions that provide the most advanced level of integration to ServiceNow.

1.0.1 Highlights:

  • KuppingerCole observes a major growth in the demand for integrations between IGA (Identity Governance & Administration) and ServiceNow
  • Deep integration, including ServiceNow apps from the app store and API-based integration are expected
  • Only very few solutions are actually running on the ServiceNow NOW platform, and certified
  • Supported use cases go beyond ticketing and access request integration, with an increase in more advanced integrations such as bots for access request
  • Most IGA vendors today deliver some out-of-the-box integration with ServiceNow already, but may need to further extend and improve capabilities
  • Integration with ServiceNow GRC and Risk Management capabilities is still rarely found
  • Featured vendor for the breadth of capabilities is Saviynt, delivering a broad range of integrations, including GRC integration
  • Featured vendor for innovation is EmpowerID, delivering some interesting capabilities such as bot or enhanced workflow integration
  • Featured vendor for maturity is SailPoint, delivering a good set of integrations for the common use cases, including ServiceNow apps
  • Featured vendor for ServiceNow integration is Clear Skye as the vendor that builds on the ServiceNow NOW platform and is certified, fully leveraging this platform

2 Market Segment

This Market Compass covers several of the IGA (Identity Governance & Administration) solutions we also researched in other documents such as the Leadership Compass IGA. In contrast to other documents that primarily focus on the IGA capabilities, we specifically focus on the integration of such IGA solutions with the ServiceNow platform, that is widely used in organizations for ITSM (IT Service Management). Thus, the rating looks primarily at the standard integration and to a lesser extent to the IGA capabilities themselves. This Market Compass provides guidance for organizations that opted for ServiceNow as a strategic platform and need to implement or replace an IGA solution. Notably, many of the integrations also could be implemented on a per-project basis by vendors not covered in this research. However, this causes significant effort in implementation and maintenance, thus building on standard integrations that are provided by the IGA vendor simplify such integration.

2.1 Market Description

This Market Compass builds on our ongoing research on IGA (Identity Governance and Administration), both solutions that run on premises and such that are provided as IDaaS (Identity as a Service). IGA covers the areas of Identity Lifecycle Management, also referred to as Identity Provisioning, and Access Governance.

In this Market Compass, we specifically focus on the integration to ServiceNow as a leading platform for IT Service Management (ITSM). We observe ITSM to IGA integration and specifically integration of IGA solutions with ServiceNow as a common request in the market. Thus, we are evaluating which of the IGA solutions are best suited for integration with ServiceNow.

There is a variety of integration use cases between IGA and ITSM, both from ITSM to IGA and vice versa. ITSM and its service catalogs might serve as the portal for requesting access to systems. It might provide information for application onboarding. ITSM also might deliver services for delegated or self-service registration of users. On the other hand, every IGA implementation comes with the need for manual fulfilment in the creation of user accounts and the assignment of access entitlements. This is best done via tickets in ITSM. Integration between IGA and ITSM is already common for many organizations. However, with ServiceNow becoming the ITSM platform of choice for many businesses, standard integration is increasingly common and can help in reducing complexity and cost in IGA implementation projects.

For this Market Compass, we looked at two groups of criteria:

1) Overall IGA capabilities. For these, we build on our existing research.
2) Specific integration to ServiceNow:

  • Breadth and depth of integration capabilities
  • Out-of-the-box integration (in contrast to just providing APIs for integration)

As indicated above and further detailed later in this document, we looked at various areas, such as workflow integration, access request integration with service catalogs, or ticketing for manual fulfillment of access requests.

We’ve included IGA solutions that run either on premises or as a service and that provide out-of-the-box integration with ServiceNow. We did not include IGA solutions that have no or very limited out-of-the-box integration with ServiceNow, but only offer custom integration approaches, e.g. via APIs.

The capabilities we are looking at are listed in detail in section 2.3 of this report.

2.2 Market Direction

We expect to see an increase in IGA integrations to ServiceNow and other leading ITSM solutions in four areas:

  • There will be more IGA vendors delivering good out-of-the-box integration . We already see several vendors, such as the ones listed further below in the “Vendors to Watch” section, working on improved integrations, and expect others to follow. By 2023, most IGA vendors will deliver standard integrations to ServiceNow.
  • We also expect IGA vendors delivering integrations to other leading ITSM solutions. Currently, the main focus is on ServiceNow, but this is expected to change with the growing demand in IGA-to-ITSM integration.
  • While most vendors today focus on access request and tickets for manual fulfilment as the main integration use cases, we already see a range of other integration use cases that are provided by some vendors. Our expectation is that several vendors will invest in adding further use cases such as ServiceNow eGRC integration or improvements in automated application onboarding for IGA and overall IAM based on information provided by ServiceNow.
  • Aside of that, we expect seeing significant improvements in depth of integration, adding and improving capabilities and delivering more advanced apps.

Integration of IGA solutions and ServiceNow, from our perspective, is influenced by two major trends. On trend are changes in the traditional ITSM market, with platforms such as ServiceNow supporting business processes and workflows well beyond ITSM use cases, and thus taking a strategic role in overall IT architectures. With such platforms serving as the standard user interface to a range of IT services, integration to IGA as an area that requires users requesting specific services becomes key. With added features e.g. around GRC (Governance, Risk, and Compliance), further integration use cases become relevant for many organizations.

On the other hand, we also observe major changes in the way IGA solutions are constructed, and in what customers demand from IGA. These also lead to an evolution where e.g. the primary user interface might be provided by separate solutions, while IGA focuses on delivering backend services such as managing SoDs, and the connectivity to target systems.

Market Trends for out-of-the-box integration of IGA solutions with ServiceNow.
Figure 1: Market Trends for out-of-the-box integration of IGA solutions with ServiceNow.

Overall, we expect seeing a significant uptake in both availability and adoption of out-of-the-box integrations between IGA solutions and ServiceNow over the next few years.

2.3 Capabilities

As mentioned above, there is already a range of integration use
The basic functionality that should be provided by all solutions solution includes:

Capability Description Relevance
Create ticket in ServiceNow IGA solution creates tickets in ServiceNow for manual fulfilment activities. The common use case are manual user account creation, changes, or deletions, or the manual management of access entitlements for IGA target systems that are not directly connected to the IGA system. Must
Track ticket state In addition to the previous capability, it is strongly recommended that the IGA solution can track the state of tickets. This is e.g. of relevance to report the state of tickets and fulfilment back to users, e.g. for requests spanning multiple systems (and thus tickets) or combining automated and manual fulfilment. Should
ServiceNow as Requestor (Deep Link) Another primary use case is using ServiceNow as the portal for service requests, including access request. Thus, support for ServiceNow as “requestor”, i.e. as system that acts as primary user interface for access requests, is essential, with the IGA system being used e.g. for approval, SoD controls, and automated fulfilment to connected target systems – or for issuing tickets in ServiceNow for manual fulfilment. The minimal integration can be done via deep links, linking from ServiceNow to the user interface of the IGA system. Must
ServiceNow as Requestor (API) Alternatively, and more advanced, integration between ServiceNow requests and the IGA system can also be implemented with API-based integration, which allows for full use of the ServiceNow user interface, but execution of requests in the IGA solution. Should
Request in ServiceNow, SoD check in IGA Another integration use case is handling request in ServiceNow, but performing the SoD (Segregation of Duties) checks in IGA, where SoD rules commonly are maintained. Such integration must use API-based integration for receiving immediate feedback on potential SoD conflicts when users are selecting their access entitlements. Should
IGA request approvals in ServiceNow With ServiceNow becoming a standard portal for many use cases in organizations utilizing ServiceNow, integration of request approvals in ServiceNow allows users to handle approvals for a range of services, beyond but including IGA, in a single place. Should
ServiceNow Audit integration Another, still rarely implemented use case is integration of audit information provided by the IGA solution into the audit system of ServiceNow, including cross-referencing requests IDs of both systems. This also includes integration into the GRC and Risk Management solutions of ServiceNow. Could
ServiceNow native app for IGA Most solutions already come with a native ServiceNow app for IGA capabilities. However, the current solutions provided by IGA vendors differ in functionality, from simple access request and approval to comprehensive access review and other capabilities. Should
ServiceNow as CMDB for Application Onboarding IGA might rely on the ServiceNow CMDB (Configuration Management Database) for automating application onboarding to IGA and other IAM services, by automatically identifying new applications and utilizing data held in ServiceNow as parameters in the onboarding flow. Should
ServiceNow GRC Integration IGA solutions also can integrate with the GRC services of ServiceNow, i.e. ServiceNow eGRC. They can automatically push security-related information to corresponding controls in that solution. Could
ServiceNow for user registration self-service ServiceNow as the common place for requesting services also might be used for self-service user registration, specifically around managed registration use cases. This is a logical extension to the access request use cases. Should
ServiceNow Delegated Administration IGA solutions, many of them providing advanced capabilities for delegated administration, also might be used for delegated administration within ServiceNow as part of the common IGA connector for ServiceNow. This allows for more granular access control for ServiceNow environments. Should
Deep workflow integration Another interesting integration use case is around workflow capabilities. This could work both ways. In some way, API-based integration from ServiceNow to IGA is already commonly found in API-based integration scenarios. However, IGA workflows also can integrate calls out to ServiceNow into their workflows, which is still rarely implemented. Could
ServiceNow chatbot integration for IGA ServiceNow chatbots also can be utilized for IGA integrations, which is of specific interest given the fact that IGA requests commonly are complex, e.g. when users must identify and pick appropriate access entitlements. Could
IGA connector for ServiceNow Amongst the most common capabilities are IGA connectors for ServiceNow that support ServiceNow as a target system. This allows managing user accounts and entitlements in ServiceNow centrally, via the IGA solution. However, the depth of integration varies, specifically when it comes to granular control of ServiceNow entitlements. Must
Identity Lifecycle Management built on top of ServiceNow Potentially, IGA capabilities such as Identity Lifecycle Management can be built on top of the ServiceNow platform. This then leads to an IGA solution that is based on ServiceNow and that e.g. utilize the data model, workflow, and other capabilities of ServiceNow. Could
Access Requests & Approval built on top of ServiceNow The same way, access request & approval features can be built on top of ServiceNow, either as partial capability of an IGA solution or as part of an IGA system running on ServiceNow. Could
Access Reviews built on top of ServiceNow Also, access review capabilities can be implemented in ServiceNow, either as part of a ServiceNow-integrated IGA solution or just as a specific capability. Could
Access Management for ServiceNow (not rated) Several IAM solutions also offer Access Management support for ServiceNow. However, this falls into a separate domain within IAM, not being part of IGA. Thus, such capabilities are noted but not part of the rating. Out-of-scope

As mentioned above, we expect certain capabilities to become more standard, shifting from “could” to “should” in relevance, and other innovative capabilities being added by vendors over time.

3 Vendors & Products

For this report, we reached out to the IGA vendors that we cover in other KuppingerCole research such as the Leadership Compass IGA and the Leadership Compass IDaaS IGA (Identity as a Service). From these vendors, we selected the ones already offering a good level of out-of-the-box integration. Some vendors noted that their integration is currently under development and opted for being covered just in the list of vendors to watch. Thus, the list of vendors covered is shorter than in the Leadership Compass documents covering IGA solutions.

However, as mentioned above, we expect more vendors to provide such solutions in the near future. Thus, the list will change over the next 12 to 18 months, and KuppingerCole intends providing an update on the report on time for reflecting the market evolution.

3.1 Vendors Covered

We have included 11 vendors into our rating. All of these vendors provide some out-of-the-box integration with the ServiceNow platform.


Avatier provides a set of IAM solutions, covering aspects such as Lifecycle Management and Access Governance, but also Single Sign-On, Identity Federation, Group Management, and Password Management. Avatier has a strong emphasis on delivering innovative user interfaces, including a new AI-based virtual assistant and integration into tools such as Microsoft Teams or Slack.

Clear Skye

Clear Skye is a relatively young start-up that is focused on IGA capabilities and has decided to implement the solution on the ServiceNow platform. Thus, Clear Skye relies on, and augments, the data model and workflows provided by ServiceNow.


EmpowerID counts amongst the few vendors in the IAM market that provide a fully integrated suite covering all major IAM capabilities, ranging from Identity Lifecycle and Access Governance to Access Management and Federation, but also delivering Privileged Access Management capabilities.


IBM is an established player in the IAM market, delivering both their traditional IGA solutions running on premises, and an innovative IAM cloud service that delivers an already significant set of IAM capabilities via as-a-service deployment models.


Ilantus is one of several IAM vendors that deliver as-a-service offerings and that have shifted from a MSP (Managed Service Provider) approach hosting other vendors solutions to developing and delivering their own technology. Ilantus has a focus on the medium-sized/mid-market organizations.

Micro Focus

Micro Focus also counts amongst the established vendors in the IAM market, with their heritage of Novell and NetIQ. They are providing a comprehensive portfolio of IAM services, delivered both on premises or as-a-service.

One Identity

One Identity is another of the key players in the IAM market, particularly in IGA with their One Identity Manager. Aside of that, One Identity also delivers a strong offering for Privileged Access Management (PAM).


SailPoint also counts amongst the market leaders in the IGA market, delivering a range of IGA solutions for both on premises and as-a-service deployments. Furthermore, they are adding additional components as services, e.g. for AI-based access analytics.


Saviynt is one of the few already established vendors in the IAM market that started with a cloud-first approach, even while the solution is also available in more traditional deployment models. Saviynt focuses on IGA, with specific strengths in Access Governance.


Simeio is another vendor that started in the MSP space, but has shifted to delivering major parts of its technology stack based on own code. Simeio serves most areas of IAM, and provides full services for setting up and operating their solutions.


Soffid is a provider of Open Source IAM solutions, covering both SSO/Identity Federation and IGA. They are still a relatively small vendor, but continuously expanding their offering and adding new capabilities.

3.2 Featured Vendors

All vendors in our rating provide baseline integrations with the ServiceNow platform out-of-the-box. However, they differ significantly when it comes to more advanced use cases and integrations. All long-term established IGA players we have covered in that report, i.e. IBM, Micro Focus, One Identity, and SailPoint have mature integrations focusing on the core integration use cases. They allow for rapid integration of their IGA solutions and ServiceNow, supporting the major, established integration use cases. However, some other vendors provide advanced, innovative capabilities beyond that.

We have identified a few vendors that are notable for their unique strengths that may not be apparent in the matrix in chapter 4. Vendors are featured for capabilities, innovation, usability and user interface, and the overall ServiceNow integration.

When looking at the ratings in chapter 4 of this report, it becomes apparent that several of the other vendors are very close to the featured vendors. As indicated, we are covering a very dynamic set of capabilities here, and expect to see other vendors coming up with significant innovations and added capabilities quickly. Thus, we strongly recommend carefully evaluating IGA vendors based on the most current information when making decisions.

3.2.1 Featured for capabilities: Saviynt

Saviynt excels with the broadest list of out-of-the-box integration use cases amongst all vendors. They are the only vendor we have evaluated that currently supports using the CMDB of ServiceNow for application onboarding to IGA (some other vendors having this on their roadmap). Furthermore, Saviynt already delivers an integration to the Risk Management and GRC capabilities of ServiceNow, and for auditing use cases.

Aside of that, all major standard use cases such as ticketing integration and access requests from ServiceNow are supported as well. Saviynt is featured for capabilities due to their breadth of supported integration use cases.

Featured for capabilities
Figure 2: Featured for capabilities

3.2.2 Featured for innovation: EmpowerID

EmpowerID comes with good out-of-the-box support for integration with ServiceNow. They are supporting the main integration use cases we expect to see from IGA solutions. Beyond that, EmpowerID comes with some innovative capabilities. These include the ability to fully integrate EmpowerID and ServiceNow workflows in the workflow tool of EmpowerID.

Other innovative features include their chatbot in ServiceNow for supporting users in access requests, and the support for delegated administration within ServiceNow, helping to manage access to ServiceNow at a more granular level.

Featured for innovation
Figure 3: Featured for innovation

3.2.3 Featured for maturity: SailPoint

SailPoint provides a well-thought-out and mature integration to ServiceNow. While they don’t excel in advanced use cases, the standard integrations are mature and supported by a range of apps available in the ServiceNow store. All common integration use cases such as ticketing and access request and approval are supported well, with seamless integration, and a good level of flexibility.

Featured for maturity
Figure 4: Featured for maturity

3.2.4 Featured for ServiceNow integration: Clear Skye

Clear Skye is the vendor delivering the most advanced level of integration by the fact that their IGA solution is built on top of the ServiceNow platform, and has a “Built on NOW” certification. Clear Skye thus is utilizing the platform capabilities such as data management, workflows, and many more, and focuses on adding Identity Lifecycle Management and Access Governance features on top.

When looking at the IGA capabilities themselves, Clear Skye comes with already good capabilities, but it is apparent that they are still a relatively new entrant to the market, sometimes lacking depth and breadth compared to some of the leading-edge IGA vendors. However, for many organizations, these capabilities already will be more than just “good enough”.

Featured for ServiceNow integration
Figure 5: Featured for ServiceNow integration

3.3 Vendors to Watch

In this fast-evolving market, we expect most if not all vendors delivering some out-of-the-box integration to ServiceNow within the next months. Thus, the list of vendors and the capabilities provided will change rapidly. In this list of vendors to watch, we have concentrated vendors that are already delivering some capabilities, but in most cases declined full participation yet given that further capabilities are still under development. Other vendors will, at the time of publication, also either deliver or develop integrations beyond a provisioning connector to ServiceNow. Thus, we strongly recommend reaching out to vendors or to KuppingerCole for the latest information in tools choice processes.

3.3.1 Accenture Memority

Accenture Memority is part of Accenture and provides an integrated IAM solution that supports a range of use cases. They provide APIs for integration and have implemented integrations at a project level already, but don’t yet offer a range of out-of-the-box integrations. However, this is a roadmap item at Accenture Memority, such support being expected for one of the upcoming releases.

Why to watch: Comprehensive IAM capabilities and good set of APIs, project experience in ServiceNow integration.

3.3.2 Alcor

Alcor is a system integrator and consultancy, delivering a series of own software products in certain areas. AccessFlow is their IAM solution built on ServiceNow, and available from the ServiceNow store. It supports common IGA capabilities such as managing users and access requests. However, the range of connectors is limited, given that Alcor does not provide own connectors to other systems as part of the solution, but is limited to the ServiceNow capabilities or custom integrations.

Why to watch: Emerging vendor delivering a standard IGA solution on top of the ServiceNow platform.

3.3.3 Beta Systems

Beta Systems, an established IGA vendor headquartered in Germany, has a connector for provisioning to ServiceNow. Beyond that, they have experience from projects in custom integrations, and working on delivering out-of-the-box integrations for upcoming releases.

Why to watch: Project experience, provisioning connector available, out-of-the-box integrations on roadmap.

3.3.4 Broadcom

Broadcom, which have acquired, amongst others, CA Technologies and Symantec, thus have a comprehensive IAM portfolio. As other vendors, there is some baseline out-of-the-box integration available.

Why to watch: Mature IGA vendor with the ability to deliver ServiceNow integration.

3.3.5 BusinessNow

BusinessNow is another one of the consultancies/system integrators delivering a packaged IGA solution, titled just Identity Access Management. As some others, the solution also runs directly on the ServiceNow platform, utilizing the capabilities of ServiceNow. Connectors are limited to Microsoft Active Directory, SAP, and very few other platforms, which might limit the reach of the solution.

Why to watch: Emerging vendor delivering a standard IGA solution on top of the ServiceNow platform.

3.3.6 CyberArk

CyberArk in 2020 acquired Idaptive, a spin-off from Centrify, and one of the leading IDaaS vendors in the market. They provide a number of apps in the ServiceNow store that can be used for out-of-the-box integration and thus count amongst the IGA providers with above-average capabilities in integration.

Why to watch: Various out-of-the-box integration capabilities, IDaaS-based, strong potential for modern IGA to ITSM integration.

3.3.7 ForgeRock

ForgeRock also counts amongst the established IGA vendors that don’t yet provide a full set of out-of-the-box integrations. However, ForgeRock has an advanced set of APIs, enabling integration with ServiceNow on a per-project basis.

Why to watch: Leading-edge IAM capabilities and strong set of APIs, generally strong capabilities in integration use cases.

3.3.8 Inry

Inry is one more of the consultancies/system integrators providing a packaged IGA solution built on top of ServiceNow. They provide good integration into further ServiceNow areas such as GRC, but are – as most others – limited in the range of connectors for automated provisioning.

Why to watch: Emerging vendor delivering a standard IGA solution on top of the ServiceNow platform.

3.3.9 Lempinen & Partners

Lempinen & Partners is another consultancy/system integrator in the ServiceNow ecosystem that has started delivering its own packaged IGA solution on top of the ServiceNow platform. It focuses on user groups beyond employees, and comes with built-in support for GDPR requirements. As most of these solutions, a challenge is in the limited set of connectors for automated provisioning to target systems.

Why to watch: Emerging vendor delivering a standard IGA solution on top of the ServiceNow platform.

3.3.10 Microsoft

Microsoft has some integration with ServiceNow, allowing to provision ServiceNow, and provides certain Access Governance features. While not delivering a full integration, specifically not from ServiceNow to Microsoft Azure Active Directory, there are APIs available for custom integration.

Why to watch: Strong set of APIs, baseline integration, option for per-project integrations.

3.3.11 Oracle

Oracle is one of the leading vendors in the IAM and IGA space, delivering mature solutions for IGA both on-premises and in the IDaaS deployment model. Oracle also provides some level of out-of-the-box integration, including an app being available in the ServiceNow store.

Why to watch: Established IGA vendor delivering out-of-the-box integration capabilities to ServiceNow.

3.3.12 RSA Security

As some other IGA vendors, RSA Security also delivers out-of-the-box integration to ServiceNow and an app on the ServiceNow store. Thus, they are another option for integrating IGA and ServiceNow, as several of the other vendors in the market.

Why to watch: Established IGA vendor delivering out-of-the-box integration capabilities to ServiceNow.

3.3.13 ZertID

ZertID is a software vendor specializing on delivering an IGA solution built on top of the ServiceNow platform. In contrast to some other players in the market, they focus on software and are not just a part of a consultancy or system integrator. They come with common IGA capabilities, but also lack support for a broad range of connectors to target systems yet.

Why to watch: Emerging vendor delivering a standard IGA solution on top of the ServiceNow platform.

4 Ratings at a Glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in the following table.

Product Security Interoperability Usability Deployment Tickets and Manual Fulfilment Access Request and Approval Auditing Advanced Integration IGA Services built on ServiceNow
Avatier IGA Strong Positive Positive Strong Positive Strong Positive Strong Positive Neutral Positive Neutral
Clear Skye IGA Strong Positive Positive Strong Positive Strong Positive Strong Positive Strong Positive Positive Positive Strong Positive
EmpowerID IGA Suite Strong Positive Strong Positive Strong Positive Positive Strong Positive Strong Positive Weak Positive
IBM Security IGI & Verify Strong Positive Strong Positive Strong Positive Positive Strong Positive Strong Positive Neutral Neutral
Ilantus Compact Identity Strong Positive Strong Positive Positive Strong Positive Strong Positive Positive Neutral Neutral
Micro Focus Identity Governance & Administration Strong Positive Strong Positive Positive Positive Strong Positive Positive Weak Weak
One Identity Manager Strong Positive Strong Positive Positive Strong Positive Strong Positive Strong Positive Weak Weak
SailPoint IdentityIQ Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Neutral Neutral
Saviynt Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Strong Positive Neutral
Simeio Identity Orchestrator Strong Positive Strong Positive Positive Strong Positive Strong Positive Positive Weak Weak
Soffid IGA Positive Positive Positive Positive Positive Neutral Weak Weak

In contrast to other Market Compass and Leadership Compass documents, we work with the rating of “N/A” regarding the criteria for solutions that are built on top of the ServiceNow platform. This is to reflect which of the solutions – most in the rating – are independent IGA products and which are running on top of the ServiceNow platform. We opted for “N/A” as rating, given that this is not a weakness, but an important differentiation between solutions. With various other vendors listed amongst “Vendors to Watch” that are building IGA solutions on top of the ServiceNow platform, we expect seeing more of these solutions in upcoming releases of this report.

5 Product/Service Details

Spider graphs

In addition to the ratings for our standard categories we add a spider chart for every vendor we rate, looking at specific capabilities for the market segment researched in the Market Compass. For this Market Compass, we look at the following five areas:

  • Tickets & Manual
    Fulfilment In this area, we look at the out-of-the-box capabilities for creating and tracking tickets in ServiceNow as part of manual fulfilment processes. This might include SLA tracking.
  • Access Request & Approval
    Here, we rate the capabilities in managing access requests and approvals. This includes abilities such as using ServiceNow approval flows and seamless integration into the ServiceNow user interface.
  • Auditing
    With ServiceNow providing an ever-increasing level of audit and GRC capabilities, integrating IGA solutions back to ServiceNow for central tracking of audit information and risks becomes increasingly relevant to businesses. These capabilities and out-of-the-box integration are covered in this part of the spider graph. An important factor here is supporting ServiceNow GRC and Risk Management out-of-the-box.
  • Advanced Integration
    Last not least, vendors come up with additional use case they support, such as application onboarding support based on information in the CMDB, user self-service registration from ServiceNow, or deep workflow integration. Other aspects we consider here are bots.
  • IGA solution built on ServiceNow
    While most solutions are running independently of ServiceNow, few solutions are built based on ServiceNow. This is rated in this area, where we focus only on solutions that are fully based on ServiceNow. Partial integrations such as apps in the ServiceNow store are covered in the ratings for deployment, usability, and in the various functional areas.

These spider graphs provide comparative information by showing the areas where the products are stronger or weaker. Some products may have gaps in some areas, while being strong in others. These might be a good fit if only the specific features are required. Other services deliver strong capabilities across all areas, thus being a better fit for strategic choice of product.

5.1 Avatier

Avatier is providing a range of functional modules as part of their Avatier Identity Anywhere suite of products. These modules span various IAM capabilities, with IGA being covered by modules such as Avatier Lifecycle Management for Identity Provisioning and Avatier Access Governance, but also Avatier Password Management, providing self-service password reset capabilities.

Avatier counts amongst the pioneers when it comes to integrating IGA with ServiceNow, delivering such solutions since 2014 and thus supporting a range of ServiceNow releases, including the most current ones. Integration is available or planned for all three IGA modules listed above. The baseline integration is around requesting access via Avatier and then creating tickets in ServiceNow for manual fulfillment.

The integration also covers extensive Access Governance support for ServiceNow, specifically around access reviews with a comprehensive set of features for running access review campaigns and understanding SoD conflicts in ServiceNow and between ServiceNow and other solutions. However, the major capabilities as of now are run from the Avatier UI, not the ServiceNow UI. This is about to change in Q1 2021, with native ServiceNow interfaces being on the roadmap for a range of use cases.

Avatier, as virtually all players in the IGA space, also provides a connector for managing accounts and entitlements in ServiceNow from the IGA solution. This component also provides access reviews for access entitlements in ServiceNow. Furthermore, Avatier provides a comprehensive set of APIs for further integration with ServiceNow and other platforms. In addition, and not part of the rating, Avatier also supports integrated single sign-on (SSO) to ServiceNow and other applications, based on their Identity Federation and SSO capabilities.

Beyond these capabilities, Avatier has a series of new features on their roadmap, with an expected release date in Q1 2021. This will further strengthen their integration. Additional capabilities will be centered around delivering the catalog of access entitlements in ServiceNow and fine grain access reviews, thus supporting stronger features in integrated access request and approval.

Overall, Avatier delivers a good baseline for integrating with ServiceNow, with major updates to be expected soon. A strength of Avatier is their long experience in providing integrations, including two native apps already available. We expect Avatier to significantly improve its positioning for future releases of this report.

Product capabilities
Ratings Security Strong positive
Interoperability Positive
Usability Strong positive
Deployment Strong positive
Tickets and Manual Fulfilment Strong positive
Access Request and Approval Neutral
Auditing Positive
Advanced Integration Neutral
  • Established integration to ServiceNow, supporting a range of releases
  • Broad set of APIs for integration
  • Mature ticketing integration
  • Some apps for integration use cases (e.g. ticketing) available in the ServiceNow store
  • Good capabilities for managing and reviewing access to ServiceNow
  • Connector for managing ServiceNow available
  • Significant extensions planned for Q1 2021
  • Challenges
  • Features in various areas still a roadmap item
  • This results in incomplete coverage of use cases, but we expect seeing some major innovations soon
  • Advanced use cases such as automated application onboarding based on ServiceNow CMDB not yet planned
  • Limited presence outside of the North American market and small partner ecosystem
  • 5.2 Clear Skye

    Clear Skye differs from the other vendors in the rating in the fact that it is the only vendor that builds its solution on top of the ServiceNow platform, instead of delivering a separate IGA solution. While there are some other offerings for IGA solutions built on ServiceNow listed in the vendors to watch section, Clear Skye is the only of these that is a pure-play software vendor, whilst the others are consultancies providing some standard IGA solutions as well. From the perspective of executing on a roadmap and focusing on delivering a standard software, this makes Clear Skye stand out from the competition.

    From a capability perspective, the current set of features is focused on five areas:

    1. Identity Lifecycle Management
    2. Access Requests
    3. Access Reviews
    4. Workflow Management
    5. Application Governance

    From a technical architecture, all capabilities are provided on the NOW platform, leveraging standard capabilities of that platform such as the Service Portal, workflow and approval capabilities, and security features. Clear Skye enhances these by adding the IGA specific functionalities as a standard product offering.

    However, aside of all capabilities for lifecycle management, access reviews, etc., the value of IGA stays and falls with the integrations to target systems – even for a solution that is integrated with ServiceNow and can build on integrated ticketing and task management for manual fulfillment. Clear Skye provides out-of-the-box integrations to a range of leading SaaS services such as Microsoft Office 365 and Azure Active Directory (AD), Workday, or Okta. For these, integration via the REST APIs are provided. The list of supported SaaS services is growing, but still relatively short.

    For on-premises applications within organizations, Clear Skye builds on the ServiceNow MID Server, which is the common approach for connecting ServiceNow with other services running in corporate data centers. They provide integrations via JDBC, Microsoft PowerShell, REST APIs, SOAP, and CSV-based file sharing to connect to target systems such as Oracle databases, Microsoft AD, OpenLDAP, PeopleSoft, SAP, and others. Again, the number of pre-configured integrations is limited.

    Clear Skye delivers a fair level of IGA capabilities out-of-the-box and is extending these rapidly, benefiting from the ServiceNow platform capabilities. However, customers must carefully check whether the available connectors are already sufficient.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Positive
    Usability Strong positive
    Deployment Strong positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Strong positive
    Auditing Positive
    Advanced Integration Positive
    IGA Services built on ServiceNow Strong positive
  • Good set of core IGA capabilities
  • Focuses on automated, policy- and attribute-based assignment of entitlements
  • Fully integrated into the ServiceNow NOW platforms
  • Rapid deployment and simple updates based on the ServiceNow platform features
  • Full integration into ITSM for access requests and fulfillment
  • Flexible, adaptable workflows
  • Modern UI and dashboards
  • Challenges
  • Some common features such as role management and SoD support still lacking
  • Relatively few connectors to target systems yet, but well-thought-out integration approach to systems running on premises
  • Limited language support
  • Still a small vendor with small, but growing partner ecosystem
  • 5.3 EmpowerID

    EmpowerID is an IAM vendor based in the U.S., delivering an integrated suite of IAM solutions, covering IGA, Access Management, and Privileged Access Management. They deliver strong IGA capabilities with a broad feature set. For ServiceNow, EmpowerID comes with an impressive range of supported integration use cases, including some capabilities that are rarely found.

    EmpowerID comes with a range of integration approaches, ranging from Service Catalog integration with service requests in ServiceNow and fulfilment in EmpowerID to Service Desk integration for ticketing and, last not least, the IGA connector, which allows managing the lifecycle of users and their access in ServiceNow. In the latter area, a less common feature is the ability for managing delegated administration for ServiceNow from EmpowerID and thus the option for restricting access of certain groups of users in ServiceNow.

    Standard access requests of users can be initiated from both ServiceNow and EmpowerID. EmpowerID provides an app for ServiceNow, from which both user lifecycles and access requests can be triggered. Roles and other entitlements are mapped to the ServiceNow catalog.

    Ticketing is also well integrated, with comprehensive monitoring of the ticket status in EmpowerID. This grants users a full insight into where access requests stand in fulfilment, regardless of whether these have been initiated in EmpowerID or ServiceNow. Furthermore, approvals can be performed in ServiceNow.

    Amongst the unique capabilities, there is deep workflow integration. Based on that feature, EmpowerID workflows can branch out to ServiceNow and provide deep integration. This is supported by a comprehensive set of APIs in EmpowerID and the ability to integrate with the APIs of other solutions such as ServiceNow.

    Another rare but interesting feature is the chat bot that integrates into the ServiceNow user interface and supports users in identifying the right level of access and their required roles and entitlements. Other important capabilities include integration to the ServiceNow CMDB, e.g. utilizing location information in joiner, mover, and leaver processes.

    Aside of the specific IGA integrations, there is also support for managing access to ServiceNow by providing Single Sign-On and also adaptive Multi-Factor Authentication. Overall, EmpowerID counts to the leading-edge providers of ServiceNow-integrated IGA solutions.

    In sum, EmpowerID provides one of the most advanced and mature integrations from IGA solutions to ServiceNow. Together with the fact that EmpowerID supports other IAM capabilities as well, this makes them to an interesting choice for an IGA solutions for customers already using ServiceNow and looking for an IGA tool.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Strong positive
    Deployment Positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Strong positive
    Auditing Weak
    Advanced Integration Positive
  • Broad support for a variety of integration use cases
  • Various innovative solutions such as chat bot in the ServiceNow UI and deep workflow integration
  • Strong ticketing integration with full insight into status
  • Builds on ServiceNow CMDB for optimizing standard IGA processes
  • Strong bi-directional integration for access requests and approvals, allowing flexible use of ServiceNow or EmpowerID as user interface
  • Strong set of APIs for further integration use cases
  • Challenges
  • No support for providing auditing information to ServiceNow GRC and audit yet
  • Growing but still small global partner ecosystem
  • Good but not leading-edge set of connectors, however with strong SCIM support
  • 5.4 IBM

    IBM has two solutions in the field of IGA, on one hand their IBM Security IGI (Identity Governance and Intelligence), and on the other hand their IDaaS (Identity as a Service) solution named IBM Security Verify. While there is ServiceNow integration out for IGI for long, the integration with IBM Security Verify has just recently been released. Feature-wise, integration for both IBM solutions is at the same level, focusing on the common integration use cases.

    Integration is provided for both access request and approval, and for manual fulfilment and ticketing. For access request and approval, IBM can sync entitlements to ServiceNow. Given the rather powerful entitlement model IBM supports, which e.g. also includes business activities, ServiceNow would come to its limits in supporting all complexities and dependencies in that model. For simplifying exports and allowing for easy access request in ServiceNow, e.g. via the ServiceNow app provided by IBM, an entitlement visibility policy is used in the IBM IGA solutions to limit the entitlements.

    ServiceNow app uses IBM IGA APIs to return the list of visible entitlements for selected user during access request. After a request is approved, the request is submitted to IBM IGA using APIs. End-to-end request tracking is supported by the IBM solution, and ServiceNow audit information is updated with IGA fulfillment status for each request submitted from ServiceNow . The ServiceNow App provides View Request capability to show end-to-end request status.

    SoD controls are analyzed by the IBM IGA solutions, with API-based requests being sent to them. On the other hand, the approval workflow runs fully on ServiceNow, including e.g. escalations and other capabilities. IBM just provides the fulfilment for the access requests and, as mentioned, the SoD checks.

    For ticketing, IBM supports the creation of multiple tickets for a single request, e.g. when a role comprises entitlements across multiple target systems. The IBM solution keeps track of ticket status in ServiceNow and update fulfillment status in the IGA solution accordingly. Besides Access Request, the ServiceNow App also supports Account Management and Password Management for applications managed by IBM IGA. Authorized users can use the ServiceNow App to create/modify/delete accounts for self and others. Account form and application specific attributes visible in the ServiceNow App can be configured in IBM IGA.

    IBM delivers a comprehensive set of APIs, allowing customers adding further (custom) integrations. The out-of-the-box integration comes, as mentioned, with a ServiceNow app, and builds for other use cases also on API-based integration.

    Other, more advanced use cases such as CMDB integration for automation in application management and onboarding or deliver of audit-relevant information back to the respective tools in ServiceNow are not supported out-of-the-box.

    Aside of that, IBM also has an adapter to ServiceNow for managing users and entitlements in ServiceNow, including role-based access control. Beyond that, IBM also can support single sign-on and MFA to ServiceNow, based on the Access Management capabilities of both IBM Security Verify and IBM Security Verify Access (previously known as ISAM).

    In sum, IBM delivers a solid level of integration between their IGA offerings and ServiceNow, with some room for further improvement. However, standard integrations can be implemented based on these out-of-the-box capabilities, allowing for rapid delivery of integrated solutions.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Strong positive
    Deployment Positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Strong positive
    Auditing Neutral
    Advanced Integration Neutral
  • Strong IGA offerings for both traditional on-premises and for SaaS deployments
  • ServiceNow integration available for both offerings
  • Flexible synchronization of entitlements to ServiceNow catalog
  • Multiple tickets per access request supported
  • End-to-end tracking of requests and tickets status and audit IGA fulfillment status in ServiceNow
  • SoD controls can be checked per access request
  • App in ServiceNow store available
  • Comprehensive set of APIs for further integration available
  • Support for Access Management to ServiceNow
  • Challenges
  • No integration with ServiceNow GRC and Risk Management solutions
  • Thus no support for advanced use cases around audit integration
  • No CMDB integration e.g. for automated application onboarding out of the box, although it is possible using bulk load and APIs
  • 5.5 Ilantus

    Ilantus is one of the newer providers of IAM solutions, which emerged from a system integrator role into a provider of own IAM solutions. Their Compact Identity offering is an integrated offering for IGA that provides a good feature set for common use cases. It also comes with out-of-the-box integration into ServiceNow. For that integration, Ilantus differentiates between inbound integration from ServiceNow to Ilantus Compact Identity, and outbound integration, where the Ilantus tool initiates the interaction.

    In contrast to most other vendors in the market, Ilantus builds on a standard framework that allows for interfacing to various ITSM tools, beyond ServiceNow. While this approach of a standard framework provides more flexibility in integration, it also has limitations by the fact that integration is URL-based and not API-nbased. Ilantus, in contrast to several other IGA vendors, does not provide an app in the ServiceNow store yet.

    For the inbound integration, end users are creating access-related tickets in ServiceNow. This then initiates an access request workflow in Compact Identity. All subsequent steps, specifically approving the access request, can take place in Compact Identity, which then also can trigger the fulfillment process, unless this is integrated with the outbound integration by creating tickets for manual fulfillment. Alternatively, the approval could also be done in ServiceNow based, and only fulfilment is done in Ilantus Compact Identity.

    For outbound integration, requests for creating identities and granting access can initiate ServiceNow tickets for manual fulfilment. On access request can raise both tickets for manual fulfilment in ServiceNow, and automated provisioning to systems where Ilantus Compact Identity provides connectors to. The status of ServiceNow tickets is not fetched during execution, but tickets are updated only as soon as the actions are completed. Thus, the status of more complex access requests spanning multiple actions only indicates whether ticket-based fulfilment requests have been completed or not. Also, relevant IGA related events can be set back to ServiceNow for auditing.

    Aside of that integration, Ilantus Compact Identity also provides a comprehensive set of REST APIs for custom integrations, and there is a connector for managing ServiceNow as a target system of Compact Identity.

    In sum, Ilantus provides a baseline integration to ServiceNow, which allows for a rapid start but that lacks the depth some of the other IGA vendors in the market already provide. For Ilantus customers already using ServiceNow, the out-of-the-box solution provides a good starting point anyway, but might require further customization.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Positive
    Deployment Strong positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Positive
    Auditing Neutral
    Advanced Integration Neutral
  • Out-of-the-box integration for common use cases
  • Access approval can take place in both ServiceNow and Ilantus Compact Identity
  • Framework approach will allow supporting different ITSM solutions
  • Supports ticket-based fulfilment via ServiceNow
  • Rapid setup and customization
  • Challenges
  • Good baseline set of capabilities, but few advanced capabilities
  • No app in ServiceNow store available
  • No support for advanced use cases such as integration into ServiceNow GRC or further integrations
  • 5.6 Micro Focus

    Micro Focus counts, as some of the other vendors in this analysis, to the IGA veterans, delivering a mature IGA solution. Micro Focus comes with some standard integration to ServiceNow, and other capabilities that have been implemented for customers, while not yet been fully incorporated into the product standard.

    The major part of integration, aside of having a connector to ServiceNow and (outside of the scope of the rating in this document) delivering Access Management capabilities for managing Single Sign-On including ServiceNow, is their integration for ServiceNow for manual fulfilment, as the “last mile” approach for systems that aren’t connected for automated provisioning.

    This area is very mature, allowing for creating both incident and request tickets and catching the current status of execution to be displayed in Micro Focus Identity Governance. It can be integrated with various processes such as access request and access review.

    Integration with the ServiceNow catalog has been implemented with customers, but is not yet in the product standard. Micro Focus supports both deep link integration, which requires minimal setup of single sign-on, and API-based integration, which can be implemented on a per-project basis, for e.g. adapting to the customer’s governance model. There is no app available yet in the ServiceNow store.

    As virtually all IGA solutions, Micro Focus also has a connector for provisioning into ServiceNow, that allows for managing user and their entitlements. Furthermore, there is also integration for Access Governance requirements, which allows for e.g. including ServiceNow entitlements in access request, access approval, and access reviews. It also enables customers defining and managing SoD controls for ServiceNow specifically or cross-system SoD controls including ServiceNow.

    Last, not least, and as mentioned above, the Access Management capabilities of Micro Focus also cover ServiceNow, allowing for integrating ServiceNow into SSO concepts.

    In sum, Micro Focus comes with good baseline capabilities in integrated support for ServiceNow. However, an app and full out-of-the-box support for catalog integration and access request & approval should be added.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Positive
    Deployment Positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Positive
    Auditing Weak
    Advanced Integration Weak
  • Mature IGA solution supporting all major capabilities
  • Good Access Governance integration including SoD controls for ServiceNow
  • Good ticketing integration with comprehensive status check
  • Connector for provisioning to ServiceNow
  • Access Management use cases supported as well
  • Challenges
  • No support for advanced use cases yet
  • No standard app in ServiceNow store
  • Limited support for catalog integration and access request & approval
  • 5.7 One Identity

    One Identity with their One Identity Manager is one of the other leading vendors in the IGA market, delivering an IGA solution covering all major capabilities with expect to see around Identity Lifecycle Management and Access Governance. As others, they come with some integration capabilities to ServiceNow, primarily focusing on manual fulfilment and ServiceNow catalog integration.

    For ticketing integration and manual fulfilment, One Identity Manager can create tickets and track their status. This is done by the “ServiceNow component” in the One Identity Job Server, which is available for every customer of One Identity Manager. The request history is visible in the standard user interface of One Identity Manager, as well as in ServiceNow.

    This standard integration supports two approaches for integrating service requests. Users can request access via the ServiceNow IT shop. Entitlements can be integrated as items into the shop and start their access requests from there. One Identity supports both deep link integration, which factually just links to the One Identity Manager user interface, and API-based integration.

    All activities are then performed in One Identity Manager, e.g. approvals for access requests. One Identity also integrates with the ServiceNow workflows and their task management for approvals. These approaches allows for seamless integration with the SoD controls of One Identity Manager and other capabilities.

    Integration of items into the ServiceNow catalog can be flexibly configured via integration tables, thus supporting a flexible integration and the control about which entitlements shall be available in the ServiceNow catalog.

    An additional use case supported by One Identity is new user onboarding, which also can be triggered from the ServiceNow IT shop via API-based integration. This is e.g. of interest for partner onboarding, which commonly is triggered manually and not invoked by a source system such as HR.

    One Identity also has a connector for ServiceNow, based on their Starling Connect technology for connecting to SaaS services. This allows for adding ServiceNow as a managed system to One Identity Manager.

    Overall, also based on the comprehensive and flexible set of APIs provided by One Identity Manager, there is a good level of integration between One Identity Manager and the ServiceNow platform, based on the standard components provided by One Identity. While there might be enhanced support for advanced use cases such as audit integration to the ServiceNow modules, the standard components allow for rapid implementation and good support of common integration use cases.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Positive
    Deployment Strong positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Strong positive
    Auditing Weak
    Advanced Integration Weak
  • Feature-rich and mature IGA solution
  • Good out-of-the-box integration at no extra cost
  • Full support of ticketing integration for manual fulfilment
  • Support for both deep link and API-based integration for access request
  • Flexible control of synchronization from One Identity Manager to ServiceNow catalog
  • Supports user registration from the ServiceNow IT shop
  • Strong set of APIs for further integration
  • Connector for managing ServiceNow
  • Challenges
  • No support for advanced integration use cases aside of user registration
  • No audit and GRC integration into respective ServiceNow services
  • 5.8 SailPoint

    SailPoint is another of the leading IGA vendors that deliver an out-of-the-box integration to ServiceNow. The integration is primarily focused on their on-premises solution IdentityIQ, with some limited support for their IdentityNow SaaS service. Integration is based on a number of apps that are available from the ServiceNow store.

    One element of that standard integration is ticket-based fulfilment of SailPoint requests in ServiceNow. Based on access request in SailPoint, tickets in ServiceNow can be created automatically. Their status is tracked until completion. Based on that, both ServiceNow can provide an overview about open tickets, as SailPoint can deliver comprehensive information about the status of requests spanning multiple automated and manual fulfilment tasks.

    For access requests, users can use ServiceNow as well. In contrast to some of the other solutions in the market, SailPoint does not synchronize entitlements into the ServiceNow catalog, but provides an app that gives access to the current entitlements managed by SailPoint. All further steps in the access and approval process are performed in SailPoint, aside of the option for using ServiceNow approvals instead of SailPoint approvals. Due to the use of the app, integration is deep and seamless to the user.

    Support for various types of requests and additional requirements is broad, such as supporting sunrise and sunset requests that define the begin and end of life of the assignment of entitlements. There is even baseline support for access review requirements from the ServiceNow user interface.

    Due to the standard ServiceNow apps provided, the SailPoint integration solutions are neatly integrated into the ServiceNow user interface, providing users with a consistent user interface.

    Beyond that, SailPoint also supports the management of users and entitlements in ServiceNow, based on their ServiceNow connector. ServiceNow thus can become a target system as any other from a SailPoint perspective. This also allows for integrating ServiceNow access entitlements into the SailPoint governance model.

    In sum, SailPoint comes with well-thought-out and well-implemented out-of-the-box integration to ServiceNow covering the common use cases around ticketing/manual fulfilment and access request. However, there is little support for more advanced use cases such as user onboarding or audit integration into the ServiceNow solutions. Anyhow, the solution allows customers of SailPoint to rapidly integrate with ServiceNow, delivering a seamless experience to their users.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Strong positive
    Deployment Strong positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Strong positive
    Auditing Neutral
    Advanced Integration Neutral
  • Mature IGA solution with broad range of features
  • Various apps for integration use cases available in ServiceNow store
  • Good integration of ticketing for manual fulfilment
  • Access request & approval integration from ServiceNow IT shop to SailPoint
  • Access approvals can be run on ServiceNow
  • Rapid deployment due to standard apps and lack of need for synchronizing information to ServiceNow catalog
  • Strong set of APIs for further integration
  • Connector for managing ServiceNow
  • Challenges
  • No support for advanced use cases such as CMDB integration for application onboarding
  • No out-of-the-box audit and GRC integration towards ServiceNow, but APIs delivered
  • Lack of synchronization to ServiceNow catalog simplifies integration, but may cause higher network traffic
  • 5.9 Saviynt

    Saviynt is one of the early “cloud-born” providers of IGA solutions. Their common deployment model is IDaaS (Identity as a Service), while also supporting other deployment models on demand. Saviynt has a strong focus on Access Governance and delivers deep integration into a range of application such as SAP, Oracle, and others.

    For the integration with ServiceNow, Saviynt delivers the expected baseline capabilities such as ticketing integration and access requests, but also deeper integration into the ServiceNow CMDB or to ServiceNow eGRC. Integration is primarily based on the ServiceNow app provided by Saviynt, but can also be extended via the ServiceNow APIs.

    For ticketing, the standard capabilities we expect to see are supported, i.e. creating tickets, fetching the current ticket status, and closing tickets. Thus, Saviynt can deliver an always up-to-date perspective on the status of access requests.

    For access request, the integration support access request and approvals. Access requests can be initiated via a request form from ServiceNow, with integration at the API level. The approval can be fully integrated into ServiceNow workflows. Optionally, alternative ways of integration, e.g. running approvals in Saviynt, are supported as well.

    Another integration area that is rather unique in the market is application onboarding based on the ServiceNow CMDB. If information changes in the CMDB, application onboarding in Saviynt can be initiated.

    Furthermore, information for user onboarding can be sourced from ServiceNow, such as location data, and used in onboarding processes. However, while this integration is supported, it is not a standard feature yet.

    A unique capability is the integration into ServiceNow eGRC, based on a partnership between Saviynt and ServiceNow. This allows for tracking the risks and status from Saviynt’s Access Governance across multiple applications into ServiceNow eGRC and thus the broader IT Risk Management.

    Last not least, Saviynt also comes with a connector for ServiceNow as a managed application, covering all aspects such as role and group management, SoD controls, and access reviews. The level of Access Governance over ServiceNow provided by Saviynt is well above-average.

    In sum, Saviynt comes with one of the most advanced sets of integration capabilities to ServiceNow, beyond the standard use cases. This gives customers the option for building comprehensive integrations between IGA and ServiceNow.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Strong positive
    Deployment Strong positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Strong positive
    Auditing Strong positive
    Advanced Integration Neutral
  • SaaS based IGA solution with a comprehensive set of features
  • Strong Access Governance capabilities
  • Full ticketing support for manual fulfilment
  • Deep integration of access request and approval
  • Access approvals can be run within ServiceNow
  • Saviynt can consume ServiceNow CMDB data for automation of application onboarding
  • Broad set of APIs for further integration
  • Strong, feature-rich connector for managing ServiceNow users and entitlements
  • Supports integration of IGA information into ServiceNow eGRC
  • Challenges
  • Few capabilities such as using information from ServiceNow CMDB for application onboarding not fully productized
  • Saviynt still being a relatively young vendor with growing market presence
  • Global partner ecosystem growing but still relatively small
  • 5.10 Simeio

    Simeio is a US-based software vendor and system integrator. Their Simeio Identity Orchestrator (IO) solution has emerged from a standardized service approach for delivering IGA solutions towards an integration framework for existing IAM solutions, including PAM and other areas, delivering a reach set of out-of-the-box services. For the integration to ServiceNow, Simeio delivers a good baseline integration covering the major integration use cases.

    One use case is the creation of tickets and incidents. Based on access requests managed in Simeio, the Identity Orchestrator can create issues and tasks in ServiceNow for manual fulfilment. The tasks can be assigned automatically to the respective resolver groups. Simeio IO provides comprehensive tracking of the tasks within the solution, delivering a current status on the fulfilment of access requests.

    On the other hand, Simeio IO can act as a consumer of ServiceNow actions and perform the last mile provisioning. Integration is API-based, with a request originating in ServiceNow, but e.g. SoD rules being checked in Simeio IO. The requests are tracked in Simeio IO, providing a full audit circle within Simeio IO.

    Last not least, Simeio IO also provides a connector to ServiceNow, allowing for provisioning users and entitlements such as roles to ServiceNow.
    In sum, Simeio delivers good baseline integration, covering the major features, but lacking more advanced capabilities. For many customers, these features though might be sufficient and allow for rapid delivery of integrated solutions covering Simeio IO and ServiceNow.

    Product capabilities
    Ratings Security Strong positive
    Interoperability Strong positive
    Usability Positive
    Deployment Strong positive
    Tickets and Manual Fulfilment Strong positive
    Access Request and Approval Positive
    Auditing Weak
    Advanced Integration Weak
  • IGA solution that can integrate existing IAM products
  • Good set of IGA features
  • Connector for managing and governing ServiceNow
  • Support for creating and tracking tickets in ServiceNow
  • Access requests can be issued in ServiceNow, SoD checks in Simeio IO
  • Full tracking of access request status in Simeio IO
  • Challenges
  • No coverage of advanced integration use cases yet
  • Does not utilize the ServiceNow catalog
  • No pre-defined apps on ServiceNow store
  • Limited presence outside of North America
  • 5.11 Soffid

    Soffid is a software vendor based in Spain, delivering an open source IGA solution. They come with a good level of IGA capabilities, and also provide out-of-the-box support for integrating Soffid with ServiceNow.

    As other solutions, Soffid can utilize ServiceNow for last mile provisioning and manual fulfilment to systems that are not directly connected to Soffid. The integration works from every type of workflow, e.g. access request, deprovisioning, permission approval, or access review. Soffid does not fetch the current status of the tickets, but can put the workflow into an idle state until it receives a notification from ServiceNow that the ticket has been closed. Thus, the information available in Soffid only shows that there is an open ticket in ServiceNow, but not the current status.

    Further integration is custom and based on the APIs (“webhooks”) provided by Soffid. This allows customer to integrate Soffid with ServiceNow workflows such as user registration, access request and approval, and others. Soffid supports various means for SSO integration with ServiceNow.

    In customer implementations, Soffid has released further capabilities such as synchronizing information between Soffid and the ServiceNow catalog. However, these are, as some of the other integration capabilities, not yet standard elements. There also is no ServiceNow app available yet.

    Last not least, Soffid comes with a connector for managing ServiceNow. The connector utilizes the REST APIs of ServiceNow and supports the management of users and their entitlements in ServiceNow.

    In sum, Soffid is an interesting option as an open source solution for IGA that comes with baseline integration into ServiceNow. This should be a good starting point for common customers of that type of solutions.

    Product capabilities
    Ratings Security Positive
    Interoperability Positive
    Usability Positive
    Deployment Positive
    Tickets and Manual Fulfilment Positive
    Access Request and Approval Neutral
    Auditing Weak
    Advanced Integration Weak
  • Open source solution for IGA
  • Efficient implementation and good set of IGA capabilities
  • Ticket-based integration provided out-of-the-box
  • Connector for ServiceNow available, allowing to create user and manage their entitlements
  • Broad set of APIs for custom integration
  • Best practices for integrating access request and approvals
  • Challenges
  • Small vendor of IGA open source solution
  • Few out-of-the-box integration capabilities, mainly API-based custom integration
  • No support for advanced integration use cases
  • Small partner network
  • 6 Related Research

    Leadership Compass Access Governance & Intelligence – 80099
    Leadership Compass Identity Governance & Administration – 80063
    Leadership Compass Identity as a Service (IDaaS) IGA - 80051
    Executive View Clear Skye IGA: IGA on the ServiceNow NOW platform – 80412
    Executive View IBM Cloud Identity – 79065
    Executive View Ilantus Compact Identity – 80177
    Executive View Micro Focus Identity Governance – 80103
    Executive View One Identity Manager – 80310
    Executive View SailPoint IdentityIQ – 80321
    Executive View SailPoint Predictive Identity – 80124
    Saviynt Security Manager for Enterprise IGA - 80325

    7 Methodology

    7.1 About KuppingerCole's Market Compass

    KuppingerCole Market Compass is a tool which provides an overview of a particular IT market segment and identifies the strengths of products within that market segment. It assists you in identifying the vendors and products/services in that market which you should consider when making product decisions.

    While the information provided by this report can help to make decisions it is important to note that it is not sufficient to make choices based only on the information provided within this report.

    Customers must always define their specific requirements and analyze in greater detail what they need. This report doesn’t provide any recommendations for picking a vendor for a specific customer scenario. This can be done only based on a more thorough and comprehensive analysis of customer requirements and a more detailed mapping of these requirements to product features, i.e., a complete assessment.

    7.2 Product Rating

    KuppingerCole Analysts AG as an analyst company regularly evaluates products/services and vendors. The results are, among other types of publications and services, published in the KuppingerCole Leadership Compass Reports, KuppingerCole Executive Views, KuppingerCole Product Reports, and KuppingerCole Vendor Reports. KuppingerCole uses a standardized rating to provide a quick overview on our perception of the products or vendors. Providing a quick overview of the KuppingerCole rating of products requires an approach combining clarity, accuracy, and completeness of information at a glance.

    KuppingerCole uses the following categories to rate products:

    • Security
    • Deployment
    • Interoperability
    • Usability
    • Market Standing

    Security is a measure of the degree of security within the product / service. This is a key requirement and evidence of a well-defined approach to internal security as well as capabilities to enable its secure use by the customer are key factors we look for. The rating includes our assessment of security vulnerabilities and the way the vendor deals with them.

    Deployment is measured by how easy or difficult it is to deploy and operate the product or service. This considers the degree in which the vendor has integrated the relevant individual technologies or products. It also looks at what is needed to deploy, operate, manage, and discontinue the product / service.

    Interoperability refers to the ability of the product / service to work with other vendors’ products, standards, or technologies. It considers the extent to which the product / service supports industry standards as well as widely deployed technologies. We also expect the product to support programmatic access through a well-documented and secure set of APIs.

    Usability is a measure of how easy the product / service is to use and to administer. We look for user interfaces that are logically and intuitive as well as a high degree of consistency across user interfaces across the different products / services from the vendor.

    Market Standing is a measure of financial strength and market position. This is based on publicly available information, and takes the amount of funding received, the profitability, and the private or public status of the vendor into consideration.

    We focus on security, deployment, interoperability, usability, and market standing for the following key reasons:

    • Increased People Participation: Human participation in systems at any level is the highest area of cost and the highest potential for failure of IT projects.
    • Lack of excellence in Security, Functionality, Ease of Delivery, Interoperability, and Usability results in the need for increased human participation in the deployment and maintenance of IT services.
    • Increased need for manual intervention and lack of Security, Functionality, Ease of Delivery, Interoperability, and Usability not only significantly increase costs, but inevitably lead to mistakes that can create opportunities for attack to succeed and services to fail.

    KuppingerCole’s evaluation of products / services from a given vendor considers the degree of product Security, Functionality, Ease of Delivery, Interoperability, and Usability which to be of the highest importance. This is because lack of excellence in any of these areas can result in weak, costly and ineffective IT infrastructure.

    7.3 Rating Scale For Products

    For vendors and product feature areas, we use a separate rating with five different levels. These levels are:

    • Strong positive: Outstanding support for the subject area, e.g. product functionality, or security etc.)
    • Positive: Strong support for a feature area but with some minor gaps or shortcomings. Using Security as an example, this could indicate some gaps in fine-grained access controls of administrative entitlements.
    • Neutral: Acceptable support for feature areas but with several of our requirements for these areas not being met. Using functionality as an example, this could indicate that some of the major feature areas we are looking for aren’t met, while others are well served.
    • Weak: Below-average capabilities in the area considered.
    • Critical: Major weaknesses in various areas.

    8 Copyright

    © 2023 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole's initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks ™ or registered trademarks ® of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

    KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst company, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

    KuppingerCole Analysts AG, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

    For further information, please contact