Market Overview: Identity Governance & Administration (IGA)

Thank you Matthias. So in this session we will look at the market overview from the Kuppinger call research Analyst point of view. We just published the leadership Compass on IGA last year and it includes insights from that leadership compass. We'll first take a look at the IGA overview, then we will talk about the evaluation criteria, groups that we used for evaluation of all the vendors. Then the METHODO methodology for evaluating these vendors and what categories we used as well. And finally we'll talk about the results which we achieved in this leadership compass. To start with a quick overview introduction of IGA combines in in our research, we combined it in two different parts is one is I identity lifecycle management and second is access governance. In I ilm, we looked at the mechanisms for creating, modifying and terminating identities. While in access governance part we looked at the overall centralized, centralized visibility to manage all the identities and now we come to the core capabilities of i g, which we evaluated.
We evaluated hundreds of it, but these are the highlights of them. First is ilm. Then we had the policy and workflow management. So this was the mechanism for introducing policies and using rule decisions which were made based on rules. And then finally workflow which used all these rules to facilitate the functions. Then the role governance part focused more on the providing visibility to the roles entities lifecycle. Then password management focused mostly on password research facilities. Then passwordless authentication was also evaluated in this one. Then identity analytics and AI and machine learning. So this was one of the part which FOC we focused slightly more because we saw the trend is shifting towards this side is using AI and machine learning more for various purposes, such as recommending access, then generating reports for auditing rep purposes. And then access certification is also very core element of iga.
SRD controls management looked at the controls which were, which provide you with the tools to identify any SRD policy violations, reporting and dashboarding. All this information which you get, this needs to be consolidated in a way so that this can be used for making effective business decisions. The ease of deployment as well. It's quite important to have a very good ease of deployment. Many solutions are complex, igs complex, so it's very important to have that automation support. This again goes back to AI and machine learning, using all the strokes to automate workflows, policies, third party integration and finally scalability of the product and the performance.
The also activities which are supported by IG, which we evaluated were automated provisioning and deprovisioning management of access and entitlements, data governance configuration and informance enforcement of all kinds of policies. User self-service, mostly about the interface, how users can request access, request change of password, anything like that. Access certification, mostly based on the Porwal mechanism for requesting reviewing access and auditing and reporting. Finally, so now we will go towards the evaluation criteria, the technical requirements that we have assessed in this report. It starts with access and review support, then the architecture and hybrid environment support. We focused on the architecture of the solution and if it supports hybrid environment, then the centralized governance visibility focused on access governance part. If the solution can provide good tools for seeing who has access to solu, who has accessed, who has granted the access I ILM was also main part as mentioned. So and then we come to the identity and access intelligence. This involved again AI and machine learning parts, target system support, very important connectors to on-premise and cloud target systems and workflows and automation.
So how did we come to this? How did you make this leadership compass? So let's start with first the differentiating between the categories. Overall we took nine categories, so five are here, which is the first is security. Does a product provide good security measures, respect mitigation policies? Then the overall functionality of the product integration is also important. Is it easier to deploy? Is it good to integrate with other solutions? Interoperability work with other services? Usability for admins users is easy to use. User experience is very important. Then the innovation part, we looked at the products which offer new features or, and also the features which they're providing in the near future in 24, 36 months. Market segment focus more on how many customers they have, customers they have and what kind of customers they have. Are they in the middle market in segment, enterprise segment and in which region they are split out globally and in which industries ecosystem focused mostly on the partners, integration partners.
And finally the financial strength of the particular IGA solution provider. This includes their, if they're profitable, what are the revenues and if they are investing up, what percentage are they investing into new. So new features and this lend gave us the final four categories. Categories in which we have summarized all the vendors. The first is product leadership. This product leadership summarizes all the functionality of the re products. Second is market leadership. This focuses on the number of customers, the foothold in the market, how many customers they have gained in the last 24 months, are they profitable? And then the innovation leadership focuses on the FE new features, the and and finally the overall leadership. This overall leadership combines all the three leadership scattered diagrams and gives us a final picture. What, what happens then in this process? How do we come to the final solution? We start with the research, we identify the vendors, we conduct briefings demonstration with these vendors and we also send them a technical questionnaire, which they send it back to us based on this. We then we then start the analysis of the vendors. Then after we have done the analysis and written a draft, it goes to the vendors for a fact check. They can check if there's anything missing and if there are any updates in between this time from analysis until fact check. And finally it goes live publishes on the Kuppinger call.com.
Now in the i g leadership compass of 2022, these were the results which we achieved. We evaluated overall 25 vendors in this leadership compass and it ranged from traditional IGA players to new entrants in this segment. And also there are a few vendors in the vendors watch section. These vendors have the necessary capabilities, but we are, they were not evaluated in this segment, but they're definitely worth looking towards to. And this is what we finally came up with is the overall leaders that we have achieved in this leadership compass. You can see it's divided in three segments. First is the leaders second segment is the challenges. They have very good capabilities, they have good breadth of capabilities but maybe lacking some depth. And finally you have the follow segment and this is a combination of the product leadership, market leadership and the innovation leadership. This scatter diagram, as much as mentioned earlier, we love scatter diagrams. This one is focused on the product leadership and in this we evaluate all the functionalities of the product ranging from ilm, access, governance, authenticators, what kind of authenticators they're providing to the customer, to the users, connect us to target system for on-premise and success and deployment models, SOD role management. And this segment, this scatter is again divided in three segments is the leaders at the top. We can see a large cluster of traditional players at the top. Then you have the challenges segments and follow the follower.
Next is the innovation leaders in the leadership C of iga. In this, while evaluating this one, we looked at the features around intelligent discovery, the AI and machine learning capabilities, what kind of approach they have when it comes to customizing, is it zero code, no code and identity analytics, which is more about using all this information and then how the system can recommend new fee, new ways to make it more efficient and better.
Then we have the final one, which is the market leadership di scatter diagram. This one evaluates the vendor, so vendors overall strength in terms of finance, the customers, the ecosystem globally, how they're distributed in which industry and geographically as well. We focus mostly on small and medium enterprise, but also we have enterprise level customers, vendors in this segment. And this is an example of spider that we create. This is for every vendor. This is an example. We use eight categories while coming to a conclusion. As you can see there are eight ones which on management, self-service, mobile support, access and review support, target system support. And then this is the final picture which we come of with. And yeah, so that is it for this report. You can find this report on our KuppingerCole website and if you have any questions, you can definitely ask.
Okay, great. Thank you very much, Nish. Thank
You.
We have a few minutes left and this is the perfect time for you asking questions around what Nita just presented. Are there any questions in the room regarding this evaluation? No. Yep, just a sec.
Thank you. Thank you. You were mentioning that there are leaders, challenges and followers. Is it obvious that there are actually no followers and that the market is more or less settled now with the company's historic system? Maybe
Louder and there are no followers. Is the market already so mature, so saturated that it's no longer in the follower segment?
Yes, I agree. So market has definitely matured and it has reached a bit of saturation point, but it continues to evolve and grow in terms of new features around intelligence and ai, machine learning.
Sorry sir. Sorry sir. It's different. Okay, you you, you're done. Sorry, other questions in the room? Okay, let's start here. Come over then.
Okay, thank you. Hello. Thanks for the explanation. I have one question about, yeah, when, when have you made all the overview? So when, when did you ask all the vendors for the, is the questionnaire, so how old this is, is the information that you provided now and the second part is especially for Microsoft, what kind of Im solution is it behind the name of Microsoft? Because there are different parts and the most probably Im solution for Microsoft is deprecated in 2 20 25. That's the reason why I'm asking.
Thank you this, to answer your first question, this, this report is six months old around, we conducted all the briefings, asked the questions around exactly one year ago, may to June. You can say 2022. And for Microsoft question, the one we should consider is Thera Microsoft identity governance. So that has been included in this report. Thank
You. Okay,
Thanks.
Hi. I was interested in knowing what are some of the intelligent features that you have noticed in the windows that you evaluated. Is, does your report have any details?
Sorry, can you please repeat
The, the intelligent, intelligent features within the solutions, which, which are already there. What can you highlight there?
Yes. So intelligent features, we are seeing more shift towards policy. One approach Sanja nicely mentioned earlier today than the next new features around mostly around using artificial intelligence and machine learning for workflows, for recommending use access wise, access reviews. This is helping them to, you can say save time for low priority access requests, but then then they can you save this time to review manually the high, high risk level access.
Right. Any other questions? Yep,
Thank you.
Hey there, is there any addition to the report to put this into perspective, like to see the trends over the years? So which vendors maybe changed positions or lost a position within V Compass and also maybe then an elaboration on why that is. So if certain vendors missed out trends and maybe then also a perspective into the future, what will be important, what will be the challenges for all these lovely producers here?
Okay, thanks.
Thank you. Regarding the challenges and the trends that we have seen is auto adoption of automation, adoption of policy based approach using, again, AI machine learning for various functions. The vendors are shifting towards these functions more in the last one or two year, which we, we have seen this for this new thing coming up. So in this report we specifically used a few questions around this particular capability of vendors to see where they stand and what are the features coming in the next few months, 24 year months to 36 months in that.
Right. And to add to that, no, there is no review mirror to say, okay, what happened in the past. But what we do provide is that we do do still have all the recent reports available for those who want to compare. That is still available. So that you can see how, how position changed. There is no, there's no no charts with the, the previous week position. This is not available, but we do have the reports and this market is always, although it is very mature, it is also changing very much. There are mergers and acquisition and name changes and takeovers. So it's sometimes even difficult to take care of that because even I think that happens all the time. You start doing the research one year ago and when you're done and starting that the product has a different name or is no longer available or has been merged into another product that is, that is happening all the time. Yes. So this is really an, an, an important factor to take into council. Doing it for yourself on a base by base basis. Why is vendor A now on top and was not last year or the other way around, which, which is much more interesting if they lose in the, in the ranking. That is, that can be done, but it's requires some, some work. Maybe you can ask judge PT and feed that into that.
So one question and then we are up to lunch.
Thank you. Question about maybe you do this kind of analysis during the year market share, for example, per per country, how many IGA projects per different countries and what's the market share of different vendors? That would be very practical information actually to see how, how many, let's say in Germany, how many AJ projects during the year and what vendors have this projects. This is one question. And the second, do you do any statistics out of AGA projects in the country? What percentage of customers actually go beyond journey mobile, liver and basic functionality to any governance or advanced IGA functionality? It would be interesting to also understand to, to see the statistic of the, of this.
Okay, thank you. Thank
You. To answer your first question, it's always a tough balance. We have to maintain, some vendors want a more globalized view of themselves, but we are definitely starting from this year a new kind of analysis which will be focused not on country based but on region based. So we'll start with first just review the vendors in Europe. We'll review the ones only in North America, so that is the next focus which we are having. And second question, can you please repeat what
Was second question? Successful projects, products within the, within the regions?
Yes. On that we have not created any statistics around that one, but the, we deal with the research part of the, of that thing and analyzing the vendors and their capabilities. But this is something we haven't done yet.
Yes and no. A bit controversial, sorry for that. Martin will present I think on Friday we have created a study which adds our market observation over time, which will be, it is out there, but he will present the results I think on Friday or Thursday. I don't know. Okay. There's a large study which actually looked at these figures. How are the market segments evolving? Who is now, yeah, really the market trends and it's really based on figures, on market volume, on, on, on market trends that will be presented. This is a, a rather huge study that they executed that Marina Lan. Yeah. And, and Martin did and that will be published during EIC and it will be made available to the audience at least as I, as an extract. I'm not in the publishing process, as I said, I'm not the sales guy, I don't know. But the study is available. It will be out there and results will be presented. So that will be a, a thing to look into as well. That is a 50, 55 pages. This is really a massive amount of data, which requires some interpretation, but interpretation is there as well. So that would be the next starting point.