Leadership Compass

Identity API Platforms

Identity API Platforms expose APIs to capabilities ranging from IAM to Federation and more while supporting both the agile and DevOps paradigms that address the more complex IT environments seen today. This Leadership Compass will give you an overview and insights into the Identity API Platform market; providing you a compass to help you find the product that you need.

Richard Hill

rh@kuppingercole.com

1 Introduction

Many different factors are driving Digital Transformation in the market today. One factor is the change in how businesses interact with their consumers requiring changes in the services they provided to their customers. Another factor is more on the technical side that addresses the implementation of new Digital Services that have become more complex due to the different environments and the many integration points to consider. This is driving the rapidly growing demand for exposing and consuming APIs. APIs are enabling organizations to create new business models, connect with partners and customers while providing a seamless experience by linking systems and services together.

These changes in which services expose and consume APIs are also enabling agile paradigms and DevOps by providing a well-defined set of APIs to security services instead of creating their own identity and security (and other) services in each and every application again and again. One of the most common use cases we currently see is around Digital Services for customers that are created against “identity backends. Although the concept and use of Application Programming Interfaces (APIs) have been around for quite some time, the availability of IAM and its associated APIs has grown into a new market segment KuppingerCole calls Identity API Platforms in this Leadership Compass. To get to the how or why this new Identity API Platforms market segment has developed; it may be helpful to look at how IAM has changed over time.

Traditionally, the IT environment has run within the walls of their perimeter. IAM solutions were more monolithic, centralized and identities were managed and stored on-premises. Local access control systems were used to ensure employees have access to just the resources they need through authentication & authorization, with the ability to audit user access.

And then we started to see federation hubs, or bridges that extended the reach of where identity and access controls reside. Federation allowed for the secure exchange user information that could be between divisions with organizations or between organizations in the same sector. Single sign-on (SSO) systems gave users the ability to authenticate once, not only across multiple IT systems but organizations too.

Cloud services gave organizations new options for IT, motivated by the business need to increase IT flexibility, and scalability, while reducing cost. Under the umbrella of IDaaS, there are many abilities. Not only traditional IAM but also capabilities ranging from SSO to full Identity Provisioning.

As organizations began reaching out to customers and gathering info about the consumers who are using their products & services, they found that they needed to provide a better digital experience. This improved user experience manifested through the use of consumer's mobile devices or social networks and providing an easier onboarding experience for consumers. But they also needed to be concerned about privacy compliance such as GDPR or PSD2.

Evolution of IAM over time
Figure 10: Evolution of IAM over time

Now we are beginning to see Identity APIs platforms becoming available. This market is driven by the need to meet emerging IT requirements such as hybrid environments that span across on-premises, the cloud, even multi-cloud environments supporting the different functional requirements of IAM, Federation, IDaaS & CIAM, as well as the ability to select these market segment capabilities a la carte as needed. By exposing key functionality via APIs, it allows for workflow and orchestration capabilities across environments as well as better DevOps support through automation. Another critical characteristic of Identity API Platforms is their focus on being developer-centric. In a nutshell, IAM is continuing to evolve to meet the growing list of IAM requirements.

1.1 Market Segment

The Identity API Platforms share many of the same capabilities seen in the IAM, CIAM, IDaaS, and Adaptive Authentication/Consumer Authentication market segments. In fact, many offerings in the market today are serving multiple segments. Although there are crossover capabilities between these segments, Identity API Platforms must support the basic functionality of identity and user management, authentication, authorization, and support for auditing. Other capabilities can be added to the Identity API Platforms based on the solutions target market use cases such as capabilities found in CIAM to support consumers like user consent management workflows, federation in IDaaS, or more intelligent authentication as seen with Adaptive Authentication as well as support for compliance and access governance offered by IGA solutions. Beyond these capabilities, evolving requirements such as IoT, workflows and orchestration, DevOps, and API security functionality are also taken into account.

Where Identity API Platforms diverge from the COTS solutions offered in the past, is defined by the use cases of Identity API Platforms. Identity API Platform use cases focus on vendors that allow its customers to build their identity backend for defined services through APIs whether on-premises, the cloud or in hybrid environments. Other Identity API Platform use cases are targeted at organizations that due to the complexity of internal processes and other operational reasons are looking to build their own C/IAM platform, automate or enhance existing IAM capabilities. Also, where traditional turn-key COTS are primarily UI driven, Identity API Platforms use cases require that the solution is developer ready and can provide anywhere in the range from COTS API Toolkits such as widgets and SDKs that facilitate rapid development to a pure API platform.

Since Identity API Platforms are developer-centric, useful online developer portals with proper API documentation and code examples, are all needed to build a good developer ecosystem.

This leadership compass focuses on those Identity API Platforms that provide a higher percentage of their IAM, CIAM, and IDaaS capabilities via API. All use cases (IAM, CIAM, IDaaS) should support APIs for core functionality at a minimum. Support for more advanced and modern technologies that support risk/ context-based authentication and authorization, biometrics, mobile support, and graph-based APIs, to name a few are evaluated in the ratings as well.

High level architectural overview of IAM API usage
Figure 11: High level architectural overview of IAM API usage

Picking solutions always require a thorough analysis of customer requirements and a comparison with product features. Leadership does not always mean that a product is the best fit for a particular customer and their needs. However, this Leadership Compass will help to identify those vendors that customers should look at more closely.


Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package