Identity Access Mgt

Solutions in this category determine what each user can do across each of the organisation’s internal systems after they have entered, as well as solutions relating to the overall management, governance and administration of those user identities. Various nuances of identity governance, management, administration and user authentication solutions make up the core of this solution segment, as described further in Table 6.5.

Table 6.5 Identity and Access Management Subdomains Analysis

Key Product/Solution Subdomains

Identity and Access Management (IAM) Solutions can be further broken into several key market sub-domains, with categorisations varying depending on analyst source. Gartner’s present categorisation scheme is leveraged here, whereby IAM is broken up into (1) Identity Governance and Administration (IGA) solutions and (2) User Authentication (UA) solutions, both of which work in close concert in a typical IAM deployment. In broad terms, IGA is concerned with the administration and lifecycle maintainance of a users identity, whereas UA focusses on providing appropriate technical mechanisms for tight enforcement of that administrative policy in real-time. Other defined market sub-segments within IAM (and across IGA and UA), particularly the emerging notion of Identity and Access Management as a Service (IDaaS) which provides IAM services via the cloud across both cloud-based and traditional usage contexts (3).  

Identity Governance and Administration (IGA)

Focus: Solutions provide a set of processes to manage identity and access information across systems. This can include:

(1) Creation, maintainance and deletion of user’s identities

(2) Governance of access requests – including approval, certification, risk scoring and segregation of duties enforcement.

IGA solutions support provisioning of accounts among heterogenuous systems, access requests (either IT administered or via user self-service), and access to critical systems. Other typical IGA capabilities include role management, role and entitlements mining, and identity analytics and reporting. An IGA solution will typically be tightly integrated with one or more user authentication (UA) solutions in the target deployment scenario.  

Key Players (Products): Key leading IGA players in the space in EMC (RSA Aveksa), Sailpoint (IdentityIQ), Oracle (Identity Manager Suite), Courion (Access Assurance Suite), Hitachi (ID Identity Management Suite), Net IQ (Identity Manager, Access Governance Suite), IBM (Security Identity Manager) and Dell (Q1IM) among others.

Key and emerging Europe IGA players include Omada (HQed in Denmark), Atos (France), Beta Systems (Germany), CrossIdeas (Italy), Evidian (France), Bay31 (Switzerland), Brainwave (France) and Efecte (Finland).

User Authentication (UA)

Focus: UAvendorsdeliver on-premises software/hardware that makes real-time decisions for users using an arbitary end-point device to access one or multiple applications, systems or services across multiple possible use cases. Vendors also deliver client-side software or hardware allowing end-users to make real-time authentication decisions. While password methods are still most widely used, many other authentication methods providing higher trust levels have also been developed and adopted by the market. Broad methods include:

(1) Password-based approaches

(2) “Out of band” techniques leveraging SMS, voice, push and email factors among others (3) Hardware and software tokens

(4) Biometrics

(5) Emerging contextual authentication approaches among others.

Like many other PACs segments, cloud and mobile trends in particular are creating new UA challenges and market opportunities, as well as providing new authentication delivery options.

Key Players: A broad fragmented range of UA players exist in the market place - over 200 were identified in most recent Gartner market analysis.Leading players include SafeNet, EMC/RSA, Gemalto, Vasco Data Security, CA Technologies, and Technology Nexus. Symantec, Telesign, HID Global and SecurEnvoy are all viewed as other prominent players in the space.

Identity as a Service (IDaaS)

Focus: Emerging cross-cutting market subsegment within IAM that supports delivery of cloud-based services in a multi-tenant or dedicated/hosted delivery model, that supports IGA brokering, as well as access and intelligence functions to target systems on both customer’s premises and in the cloud. IDaaS originally focused on web-application use cases, supporting SMEs with most of their key applications in the cloud and with a preference for buying rather than building IAM infrastructure. IDaaS vendors typically create one-off connections to SaaS vendors to support authentication, single-sign on (SSO) and account management, with SaaS vendors typically providing enabling API support. They then reuse these APIs for multiple clients, relieving SaaS customers of the need to build their own customer connections, and by extention increased IAM automation.   

Key Players: Leaders in the emerging IDaaS segment include (1) Okta, (2) Ping Identity, (3) Covisint, (4) OneLogin, (5) Centrify, (6) CA Technologies, and (7) Lighthouse Security Groupamong others. Many large mainstream ICT players (Salesforce, Google, Microsoft etc) would also be regarded as IDaaS players in support of their own SaaS offerings, as well as offering IDaaS as part of their PaaS portfolios.


Other Sub-Segments

Other emerging IAM subsegments of note include solutions focussed on protecting access to highest-risk infrastructure access points, such as shared accounts and those managed by system administrators. Forrester refers to these as Priviliged Identity Management (PIM) solutions (referred to as PAM, or Privileged Account Management by other sources), with a solution focus on ensuring that authorised administrators can only access such high-risk environments; that irrefutable and tamper proof evidence of access is provided; ensuring access protection at the application/API level; and protection in highly scalable virtualised environments, particularly in the cloud provider context. 

Web Access Management (WAM), Federated Single Sign-On (SSO) and Virtual Private Networks (VPN) would also be regarded as overlapping subsegments within IAM.

Competitive Trends and Innovation Gaps

Despite being a well established market in its own right the IAM marketplace is still broadly viewed as a dynamic and growing one, particularly as notions of extended enterprises and more advanced B2B interactions become more commonplace, driven by rapid adoption of cloud services, new hosting models and diversity in mobile form factors, and diversifying partners and relationships. Hence, legacy IAM approaches are no longer sufficient. Core challenges exist around cross-domain user provisioning, weakened control of authentication and authorisation in these new distributed contexts, and siloed approaches to IAM across different user groups and purposes, the latter driving demand for federated single sign-on solutions. 


IGA: market is expected to experience significant yet volatile growth throughout the remainder of this decade, supporting new opportunities for many new entrants providing new IGA product features and delivery methods. Greater integration between previously seperate IAM functions will continue. Gartner estimated a 2013 IGA global market size of $2.2bn – up $400m on 2012 revenues. From there, double sigit IGA growth (10%) is anticipated over the next 5 years.  Service-based IGA revenues (i.e. consulting and system integration) are estimated to account for 2 to 3 times that of direct product revenues. A number of other emerging IGA innovation points exist – for example supporting flexible hybrid IAM/ÌGA deployment models that incorporate both cloud and on-premises delivery;  integration with other product solutions such as SIEM, DLP and similar security intelligence sources; tighter integration with PIM/PAM solutions mentioned above; and support for emerging issues around governing data access at more granular levels for both structured and unstructured data types.



UA: Despite being highly fragmented with a large number of players, the market is still relatively consolidated and dominated at the top tier, with approximately 10 or so key vendors dominating the majority of the UA market. Much of the market is mature, with some vendors offering key product lines existing over multiple decades. Despite this the market has remained innovative due to several factors, including increasing breadth of potential use cases in line with infrastructure changes (cloud and mobile in particular), as well as continued emergence of new innovative authentication techniques. While technically “strong” authentication is a key purchase decision factor, other overriding concerns include ability to implement proposed UA solution, as well as overall solution usability that meets ever higher business user expectations as IT becomes increasingly consumerised, and increasing emphasis on improving ease of managing authentication the customers of the IAM buyers, particularly buyer segments directly targeting consumer mass markets.

Cloud is increasingly relevant to UA in multiple ways, providing a new delivery option for new cloud offerings, as well as providing another integration target for UA offerings (see IDaaS in this section).  While many players exist in the segment the commercial credibility of a large proportion of them is questioned by key analyst sources. By year-end 2016, it is estimated that about 30% of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations. Mobile computing is also highly relevant from several dimensions, for example as a new form factor for authentication tokens; as a new endpoint and context to which users must authenticate; and a new potential platform for biometric methods. It is also believed by some key UA market participants that compliance is still the most significant driver for UA purchase above actual threats.

Contextual authentication is another innovation trend, combining multi-source data and analytics to increase UA strength. By year-end 2016, it is predicted that more than 30% of enterprises will use contextual authentication for workforce remote access — up from approximately 5% today.



IDaaS: Most recent market estimates estimated that the overall global IDaaS market was worth $215m in 2013. Presently it is estimated that IDaaS will be the preferred delivery model for 10% of the overall space at present, increasing to 20% by 2017. The IDaaS market is still at an early stage, with vendors coming from distinctly different backgrounds, and with significant variances among providers with regard to IAM functional depth and support provided for different use cases. Key market drivers in the IDaaS space include the need to enforce proper IAM discipline over SaaS application usage, enhancing  and speeding SaaS ROI vs traditional on-premise software, reducing IAM implementation risks, and reduced IT operational costs around cloud-related IAM implementations.

Existing client concern around IDaaS implementations focuses on data security and protection of enterprise users' passwords, as well as the possibility that IDaaS may introduce single points of failure. Web-centric IDaaS vendors (e.g. Centrify, Okta, OneLogin, Ping Identity and Symplified) are gaining best traction with SMEs without heavy IAM legacy infrastructure, whereas other vendors with deeper functionality and greater support for hybrid scenarios are gaining more traction in larger enterprise sites where larger but more custom implementations are necessary. Complete replacement of existing IAM solutions with IDaaS deployments is still rare, hence the ability of IDaaS vendors to integrate with existing systems is desirable.


Key Source Data: : (all downloaded from publically available sources, both online (vendor-based) and via third party libraries)

“Gartner Magic Quadrant for Identity Governance and Administration”, Dec 2013

“Gartner Magic Quadrant for User Authentication”, Dec 2013

“Forrester Wave, Identity and Access Management Suites”, Sept 2013

“Gartner Magic Quadrant for Identity and Access Management as a Service”, June 2014

“Forrester Wave: Privileged Identity Management”, Q1 2014

“Forrester TechRadar: Data Security”, Q2 2014



Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

Framework Overview

Navigate through the different parts of the Framework


Joomla! Debug Console


Profile Information

Memory Usage

Database Queries