The IDaaS market has evolved over the past few years and is still growing, both in size and in the number of vendors. However, under the umbrella term of IDaaS, we find a variety of offerings. IDaaS, in general, provides Identity & Access Management capabilities as a service, ranging from Single Sign-On to full Identity Provisioning for both on-premise and cloud solutions. These solutions also vary in their support for different groups of users - such as employees, business partners, and customers - their support for mobile users, and their integration capabilities back to on-premise environments.
Many vendors provide offerings that can be better described as Managed Services than as Software as a Service (SaaS) offerings. Pure-play SaaS solutions are multi-tenant by design. Customers can easily onboard, usually as simple as booking online and paying with a credit card. On the other side, Managed Service offerings are run independently per tenant.
Generally speaking, supporting hybrid IT environments is amongst the main challenges for IDaaS, across all areas. Connecting back to legacy web applications is more challenging than with most on-premise solutions, and Identity Provisioning as well. This needs to be kept in mind and carefully considered while choosing an IAM solution. The strength and weaknesses of IDaaS solutions in connecting back to on-premise environments is an important factor.
IDaaS offers a springboard for most organizations to start using foundational IAM elements delivered from the cloud and move rest of the IAM functions as they find it appropriate and at a pace that matches the organizational security maturity and cloud strategy. The IDaaS market, with its ease of adoption and cloud-native integrations, is slowly overtaking the on-premises IAM market.
Common high-level features of IDaaS solutions include:
- Outbound Federation and Single Sign-On, providing access to Cloud services and web applications. This also includes Cloud Provisioning, i.e., the ability to provision users to Cloud services.
- Directory Services for managing the users: These services must provide massive scalability, enabling organizations to deal efficiently not only with their employees, but potentially with millions of customers.
- Authentication support, allowing configuration of the authentication requirements, step-up authentication based on risk and context, etc. We also expect to see significant support for upcoming standards that allow flexibly relying on existing strong authentication methods.
- Access Management capabilities that allow configuring flexible policies for controlling access to Cloud service and web applications. Beyond just granting access, the ability for at least coarse-grained authorization management is a key capability for IDaaS SSO.
- Inbound Federation and Self-Registration: While inbound federation support focuses on the rapid on-boarding of users from business partners that already have an Identity Federation infrastructure in place, self-registration capabilities are mandatory for other business partners and customers. Identity Federation also will gain momentum in the customer space, when relying on external Identity Providers.