Cloud-based IAM (Identity and Access Management) is a competitive market within IAM in particular and Information Security in general. Within the broader Cloud IAM market, we observe a number of solutions that are focused on specific capabilities, such as providing a Single Sign-On (SSO) experience to users.
For overall Cloud IAM, we expect to see the following capabilities:
- Support for rapid on- and off-boarding of users, primarily external users such as business partners, customers, citizens, students, etc. To achieve this, Identity Federation capabilities and self-registration support are essential.
- Directory service capabilities for managing users, either through integration with existing directory services on-premises and in the Cloud or through integrated Cloud-based directory services.
- Access Management for Cloud services and web applications including Cloud Single Sign-On for users. We look for both coarse-grained and fine-grained approaches on access management/authorization.
- Reporting capabilities, including interfaces to provide information about current access control as well as logging information to on-premise or Cloud solutions for Access Management.
- Support for versatile authentication, mobile access, and social logins.
- Integration capabilities with on-premises IAM/IAG (Identity Access Management/Governance) infrastructures.
- Integration with Security Intelligence solutions, such as syslog feeds to SIEM/RTSI.
- Additional features such as integrated support for strong authentication, provisioning to/from Cloud services, etc.
From the KuppingerCole perspective, Cloud IAM must be complementary to existing on-premises IAM, enabling organizations to seamlessly extend the reach of their IAM to new groups of external users. Some organizations will rely fully on IDaaS solutions, but for most of them, it is about enhancing their existing infrastructures.
PingOne is a solution that specifically focuses on what Ping Identity calls “Workforce Identity” and “External Identity”, i.e., it provides Cloud-based identity and access management experience for employees and other groups of people when managing identities and accessing private and public cloud, and SaaS, applications and services. While PingOne is primarily an Identity-as-a-Service (IDaas) solution with self-service identity bridges for common identity stores, it integrates with PingFederate to provide additional capabilities. When used with PingOne, PingFederate provides an enterprise-grade identity bridge that provides a lightweight solution for supporting more complex use cases, policies and integrations.