Executive View

OpenIAM Identity and Access Management

OpenIAM provides a comprehensive suite for both Identity Management and Access Management, covering the full range from Identity Provisioning and Access Governance to Enterprise SSO, Cloud SSO, and Identity Federation. The product is based on a modern, well-thought-out software architecture and exposes its capabilities through a consistent API layer, which makes it an interesting option for organizations looking for an “identity platform”.

Martin Kuppinger

mk@kuppingercole.com

1 Introduction

IAM (Identity and Access Management) requirements of organizations not only differ vastly, but are also undergoing massive change. The history of IAM started with homegrown solutions and evolved to COTS (commercial off the shelf) software for various areas of IAM. Now we observe both a growing number of organizations moving to SaaS models and, on the other hand, more organizations which need to integrate their IAM solutions tightly with their business processes and applications. This latter trend drives the demand for “Identity Platforms”, which allow for flexible customization of the IAM solution and integration into business solutions.

We observe such demand in both customer-facing scenarios and in employee-facing environments. IAM is increasingly considered to be not only a turnkey solution but also a capability that needs to tightly integrate with existing and future applications. This requires both a strong set of out-of-the-box features and a comprehensive set of APIs that allow for flexible integration with other types of applications and services.

Thus, there is a growing need for Identity Platforms, be it as an on premises platform or an API platform run as a cloud-based service. Traditional Enterprise IAM is focused on efficient and complex processes in a structured environment, with little integration into other applications. This is changing, with integration being a challenge in many organizations, but also when it comes to new types of services such as Consumer IAM and managing consumer IoT devices. There, such integration is essential to provide one consistent interface to the customer, not only and not even primarily for the management of his identity and access, but for the business functions that rely upon well-managed identities, flexible authentication, and the coordinated management of things.

From the KuppingerCole perspective, there are some key requirements for such platforms. One is scalability. A second key requirement is flexibility. Identity Platforms must provide a good baseline level of user interfaces and standardized capabilities, but, in particular, they must deliver flexibility for integration into business applications and services. Supporting that integration, starting with a comprehensive and well-thought-out set of APIs, and flexible customization are essential for such platforms.

Finally, there is the need for strong standards support. When interacting with consumer devices for authentication, when being integrated into existing customer business application and services, and when being built for growth and a flexible and rapid extension and adaptation to new requirements, standards take on a central role. Identity Platforms deliver the backend and the services for building new customer-facing solutions, by delivering both APIs and broad standards support.

They thus also must follow a modern architectural paradigm, providing the flexibility for customization and expansion of such platforms. Microservice architectures are the choice of today, moving away from complex, monolithic software architectures to more flexible and expandable approaches. Also availability in different form factors, including soft appliances and managed service or cloud-based deployments, are essential for covering the variety of customer requirements.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.