1 Introduction / Executive Summary
In this Leadership Compass, we evaluate solutions that can serve as a foundation for customers creating their own Identity Fabrics by delivering a wide range of capabilities in a modern architecture.
The term “Identity Fabrics” stands for a paradigm and concept of a comprehensive and integrated set of Identity Services, delivering the capabilities required for providing seamless and controlled access for everyone to every service. Identity Fabrics support various types of identities such as employees, partners, consumers, or things. They deliver the full range of identity services required by an organization.
Identity Fabrics are not necessarily based on a technology, tool, or cloud service, but a paradigm for architecting IAM within enterprises. Commonly, the services are provided by a combination of several tools and services, with up to three solutions forming the core of the Identity Fabric. Most organizations that are using this paradigm as a foundation for the evolution of their overall IAM tend to build on a strong core platform for delivering major features and complementing this by other solutions.
Thus, this Leadership Compass analyzes which of the IAM offerings in the market are best suited to form the foundation for an Identity Fabric, in delivering
- a broad range of IAM capabilities, at minimum including a good level in both IGA (Identity Governance and Administration) and Access Management (Identity Federation, Multi Factor Authentication, etc.)
- by providing a comprehensive set of APIs for consuming these services, beyond the admin and end user UI/UX
- delivering this in a modern architecture, following paradigms such as microservices architectures and container-based deployments
- support for different deployment models, serving the needs of customers for options in their operating models (with some solutions being cloud-only)
- support for all types of identities, including employees, business partners, customers and consumers, connected things, devices, and services
In sum, solutions must not only deliver functionality and support for all types of identities, but also meet our requirements regarding the architecture, deployment model, and their interoperability with traditional applications, cloud services, and new digital services.
1.1 Key Findings
- The market for Identity Fabrics is evolving quickly. The number of vendors in the rating has grown significantly, as well as the maturity of solutions. However, the market is still not at the level of maturity as, e.g., IGA or Access Management. Positively, we observe significant innovation happening in this market segment.
- Few vendors are supporting all three major areas of IAM, i.e., IGA, Access Management, and PAM, with own capabilities. Thus, Identity Fabrics virtually always will consist of offerings provided by several vendors.
- This also leaves space for the leading-edge specialist solutions in the areas of Access Management such as Ping Identity, and in IGA, such as SailPoint or Saviynt. Such solutions can well complement other vendors offerings for forming a comprehensive Identity Fabric.
- We observe a growing number of specialist vendors that add sophisticated capabilities, e.g., for policy-based access or integrating existing identity siloes. Looking at these specialists can help in closing gaps that the core platforms of an organization’s Identity Fabric leaves.
- The support for exposing capabilities via modern APIs is growing fast. However, many vendors still don’t expose all capabilities via an integrated and complete set of REST APIs.
- Many of the vendors, including some of the IAM veterans, are still on their modernization journey for their platforms. While all vendors in the rating have a defined roadmap and showing execution on this roadmap, the current state of transition must be carefully analyzed.
- The deployment approaches supported by vendors vary significantly, and range from multi-tenant, public cloud deployments only to implementations that are single-tenant and run as MSP or private cloud implementations. We advise customers to carefully analyze flexibility in deployment, but also the flexibility for customizations and the approach for updating and patches in this context.
- Overall Leaders are (in alphabetical order) Broadcom, EmpowerID, ForgeRock, IBM, Microsoft, Okta, One Identity, Oracle, SecurID (RSA), and Simeio.
- Product Leaders are (in alphabetical order) Broadcom, EmpowerID, ForgeRock, IBM, Microsoft, Okta, One Identity, and Simeio.
- Innovation Leaders are (in alphabetical order) Accenture, Avatier, Broadcom, Cloudentity, EmpowerID, ForgeRock, IBM, Microsoft, Okta, One Identity, Oracle, SecurID (RSA), and Simeio.