WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Controlling access to networks, data and applications is one of the most critical roles a security team plays. One popular solution to the challenge is identity and access management (IAM) products.
IAM platforms let IT departments ensure that cloud, on-premises and hybrid environments provide the right level of access to the right roles and individuals at the right time.
The goal of IAM products and services is to ensure that authorized workers, partners and customers have appropriate access to the resources they need, and that the process of onboarding, offboarding, role management, authentication, access management and the like is automated and scalable.
IAM solutions often include technologies such as multi-factor authentication and enterprise mobility management to address the myriad ways data can be accessed in on-premises, cloud, hybrid and mobile environments.
The good news is you have dozens of options for managing identities and access to your resources. You can work with pureplay IAM vendors such as Okta and IdentityIQ as well as major industry players like Microsoft and IBM.
Top 10 IAM solutions
To help you start your buying process, we picked 10 IAM platforms that stood out. To narrow the list to 10 we looked at feedback from sources such as Gartner's Magic Qaudrant, user review sites and industry associations.
Because the breadth and delivery of IAM services vary, an apples-to-apples comparison is difficult; however, the 10 included all offer features that stand out in a crowded market. We've added a chart at the bottom of this article that highlights some key features of each solution.
- Azure Active Directory
- IBM Security Identity and Access Assurance
- Oracle Identity Cloud Service
- RSA SecurID Access
- Keeper Security
Company overview: Microsoft Azure is a cloud computing service for building, testing, deploying and managing applications and services through a global network of Microsoft-managed data centers.
Product overview: Azure Active Directory is an identity and access management cloud platform designed to manage users and groups. It helps secure access to on-premises and cloud applications, including Microsoft web services like Office 365, and many non-Microsoft software as a service (SaaS) applications such as Salesforce, Box, and more. It works across multiple platforms and devices, integrates with on-premises Active Directory, and offers enterprise-level scalability and service-level agreements (SLAs).
Notable Features: Single sign-on, multifactor authentication, access request management, password management, role management, user provisioning, access request management, privileged account management, security monitoring and alerting, user activity monitoring.
Markets and use cases: Office365, Azure and Dynamics CRM Online customers
Pricing: Azure Active Directory is available in four editions: Free, Basic, Premium P1 and Premium P2. The Free edition is included with an Azure subscription. The Basic and Premium editions are available through a Microsoft Enterprise Agreement, the Open Volume License Program, and the Cloud Solution Providers program. Azure and Office 365 subscribers can also buy Azure Active Directory Basic and Premium P1 and P2 online.
Support: Microsoft offers four levels of support: Developer ($29/month), Standard ($300/month), Professional Direct ($1,000/month and Premier (contact Microsoft).
Company overview: IBM offers a complete identity and access management platform built to help strengthen compliance and reduce risk by protecting and monitoring user access in multi-perimeter environments.
Product overview: IBM Security Identity and Access Assurance (previously known as IBM Tivoli Identity and Access Assurance) administers, protects and monitors user access to resources and provides compliance auditing. IBM Security Identity and Access Assurance is designed to enable organizations to set up and manage user identities and access authorizations across the extended enterprise. It includes five products: IBM Security Access, IBM Security QRadar Log Manager, IBM Security Identity Governance Lifecycle, IBM Security Privileged Identity Manager, IBM Directory Suite Enterprise Edition.
The IBM platform offers access to cloud resources while also monitoring, controlling and reporting on the identities of the systems and database administrators, as well as other privileged and entitled users. Identity federation and rapid onboarding capabilities help extend entitlements to applications and environments beyond the corporate firewall.
Notable Features: Single sign-on, access management, privileged identity management, log management and user reporting, user provisioning, multifactor authentication, password management, role management, compliance management, user activity monitoring
Delivery: Cloud, on-premises
Pricing: Contact IBM for pricing
Support: Includes new releases update, Web knowledge base access, 24/7 access to support
Company overview: Oracle has evolved from a database company into an IT powerhouse offering an integrated stack of enterprise applications, platform services and engineered systems.
Product overview: Oracle Identity Cloud Service is a cloud-based identity management system that works by associating specific rights and restrictions with each user's established identity. User provisioning, access control and directory services are critical components of Oracle's cloud-based security portfolio. Oracle Identity Cloud Service is designed to govern how employees, contractors, vendors, partners, customers, and other stakeholders use IT resources — and protects access to sensitive data. It offers identity administration, access management and single sign on, application management, and support for industry standards such as OpenID Connect, SAML, SCIM and others.
Features: Single sign-on, password management, multifactor authentication, compliance management, user provisioning, access request management, role management; security qualifications: SAML, OpenID Connect.
Markets: Oracle offers solutions in more than two dozen industries.
Pricing: Basic - Enterprise User, $1 per hosted named user (100 user minimum); Standard - Enterprise User, $4 per hosted named user (100 user minimum); Standard - Non-Enterprise User $0.02 per hosted named use (1,000 user minimum).
Support: Oracle support services include 24/7 technical assistance, product updates and access to 50,000+ development engineers and customer support specialists.
Company overview: Okta's products use identity information to grant access to applications on any device at any time, while still enforcing strong security protections. The company is publicly traded on the NASDAQ under the symbol OKTA.
Product overview: Okta's identity and access management services are designed to securely connect workers to the technologies they interact with every day, helping IT to decrease costs and increase efficiency through solutions like Okta's Single Sign-on, Universal Directory, and Lifecycle Management provisioning tools. The services protect organizations against data breaches with robust security and tools like Adaptive Multi-Factor Authentication, enabling a mobile workforce through unified management across devices and solutions like Okta Mobility Management, and also helping organizations accelerate their own growth through Okta's Developer Platform. Okta's Identity Cloud also integrates external partners and customers, enabling them to manage their own identities.
Notable Features: Single sign-on, multifactor authentication, access request management, account management, compliance management, password management, role management, user activity monitoring, user provisioning. Security qualifications: SOC 2, Type I and Type II; FedRamp certification; Cloud Security Alliance Security, Trust, & Assurance Registry Level 2 Attestation; HIPAA compliant.
Markets and use cases: Technology, education, finance, media, nonprofit, government and other industries.
Delivery: Cloud, but also offers on-premises provisioning that supports web-based apps, apps with different API versions and languages, and apps with or without Simple Cloud Identity Management (SCIM) compatibility.
Pricing: Okta's Universal Directory product starts at $1.00 per month per user, with additional products such as Single Sign-On, Lifecycle Management, MFA and Mobility Management available.
Support: Customer Success Managers work with new customers on deployments and also serve as the client contact for escalations, product updates, requests, and any other questions. Okta's website hosts a support center for developers and customers to ask and answer questions about topics.
Company overview: Santa Clara, Calif.-based Centrify is another pure IAM vendor, offering a single platform to secure each user's access to apps and infrastructure through identity services.
Product overview: Centrify Identity Service is designed to help IT provision new accounts across applications, provide single sign-on, and secure and manage devices used to access those apps. It supports internal users such as employees and contractors as well as external users (partners, customers). You can manage apps, mobile devices and Macs via Active Directory, LDAP or cloud identity stores. It's designed to combine user identity with device context to provide secure allowing/blocking access or challenging for multi-factor authentication based on a set of parameters. Centrify Identity Service provides secure, encrypted access to on-premises apps with one click, without needing a VPN.
Centrify Identity Service is designed to help IT enable BYOD initiatives and embrace the cloud with integrated policy and multifactor authentication, and improves end-user productivity via single sign-on.
Notable Features: Single sign-on, multifactor authentication, access request management, account management, compliance management, password management, role management, user activity monitoring, user provisioning, application provision.
Markets and use cases: Centrify's markets include enterprises and government organizations.
Delivery: Mobile, cloud.
Pricing: Centrify offers two editions with varying levels of customer support and optional add-on features. Apps is $4 per user per month and App+ is $8 per user per month. Contact the company for more pricing details.
Support: Centrify offers three levels of support: Standard, Premium and Elite. Standard support includes portal access, access to a customer community, product updates and business hour support. Premium adds options such as 24x7 global support and Elite adds features such as a customer success manager, annual health check from its professional services team, and more.
Company overview: RSA, a Dell company, offers products and services for cyber threat detection and response, identity and access management, online fraud prevention, and business risk management.
Product overview: The RSA SecurID Suite is built to mitigate identity risk. It combines access management and authentication with identity governance and user lifecycle management in one suite. The company says it goes beyond the capabilities of traditional identity and access management systems by using risk analytics to provide identity and access assurance.
The IAM suite is designed to offers users secure, anywhere access from any device to the applications they need, whether in the cloud or on-premises. RSA SecurID Access protects resources with a wide range of authentication methods, including push notification, biometrics, OTP, SMS, and traditional hardware and software tokens.
Notable Features: Multifactor authentication, access request management, single sign-on, user activity monitoring, compliance management, SAML support.
Markets: Public sector, manufacturing, retail, financial services, energy and utilities.
Delivery: Cloud, on-premises.
Pricing: RSA SecurID Access is available in three editions: Base ($1-3 per user per month), Enterprise ($1-4 per user per month) and Premium ($2-6 per user per month).
Support: Support is available 24x7, 365 days a year.
Company overview: Chicago-based Keeper Security offers password management and digital vault software to protect businesses and consumers from cyber theft.
Product overview: Keeper Security is designed to protect passwords and sensitive digital assets to cut cyber security risks. Keeper provides employees with on-demand access to encrypted passwords, websites and applications while protecting them with best-in-class security. The company partners with OEMs and mobile operators to preload Keeper on smartphones and tablets.
The company says information that is stored and accessed in Keeper is accessible only by the customer because it is encrypted and decrypted on-the-fly using AES (Advanced Encryption Standard) with a 256-bit key length on the device that is being used.
Features: Single sign-on, multifactor authentication, compliance management, password management, role management, user activity monitoring, user provisioning. Security qualifications: Certified SOC2 Compliant, Export Administration Regulations (EAR).
Markets and use cases: Businesses of all sizes across all major industries including education, financial services, government, healthcare, hospitality, manufacturing, retail and others.
Delivery: Cloud, on-premises
Pricing: Business version is $30 per user, per year. A Family version is available for $59.99 per year up to five users and an Individual version is available for $29.99. Free trial available.
Training and Support: Documentation, Webinars, live online, support online, live rep (24/7).
Company overview: Austin, Tex.-based SailPoint's enterprise identity management platform is designed to give organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis.
Product overview: IdentityIQ is designed for complex hybrid IT environments. It unifies identity management processes across cloud, mobile and on-premises environments. It is built to see apps, users, data and access so security teams can make the right security decisions.
Notable Features: Single sign-on, security qualifications, multifactor authentication, access request management, account management, compliance management, password management, role management, user activity monitoring, user provisioning.
Markets and use cases: SailPoint's earliest customers came from highly regulated industries such as banking, financial services and insurance. In recent years, SailPoint says it has extended its reach to more industries, including manufacturing, hospitality, consumer, government and healthcare.
Delivery: IdentityIQ is delivered on-premises; IdentityNow is cloud-delivered.
Pricing: Contact company for pricing details.
Support: SailPoint offers 24x7 support around the globe, staffed by employees in the U.S., Europe, Israel and India. It incorporates both online, phone and on-site support.
Company overview: San Francisco-based OneLogin offers single sign-on and identity management software for businesses of all sizes.
Product overview: OneLogin provides a cloud-based identity-management service. It offers open-source SAML toolkits; OneLogin Mobile, a mobile application for tablets and smartphones; Web Access Management, software that integrates with hybrid on-premises or legacy apps and infrastructure; Web Access Management software for NASA, Department of Defense, OpenText, ARM, and restaurants; OneLogin OTP, which provides an integrated user experience that is available on Android, iOS and other mobile operating systems.
OneLogin provides access to more 5,000 pre-integrated applications including Office 365, G Suite, AWS and Workday. And when employees depart, real-time offboarding protects corporate data.
Notable Features: Single sign-on, multifactor authentication, access request management, account management, compliance management, password management, role management, user activity monitoring, user provisioning.
Markets: Education, government, finance, insurance, healthcare, high tech, industrial, manufacturing, media, non-profit, professional services, retail, and service customers worldwide.
Pricing: OneLogin offers four levels of pricing: Free SSO for employees for up to three apps and five personal apps; $2 per user per month for SSO and multi-factor authentication for all apps (minimum of 25 users); $4 per user per month for policy-driven security, MFA and end-to-end user management (minimum of 10 users); $8 per user per month for total identity management for the complex enterprise (minimum of five users).
Support: OneLogin offers documentation, webinars, online support.
Company overview: Denver-based Ping says it uses identity as the unifying paradigm to secure users, devices, networks and applications based on open identity standards.
Product overview: Ping offers a unified, standards-based platform that can be deployed as SaaS, software or both and can scale to handle millions of identities. From multifactor authentication and single sign-on to access security, directory and data governance, the company says its capabilities work together to give employees, partners and customers secure access to cloud, mobile and enterprise applications, securing and streamlining everything from sign-on to sign-off and everywhere in between.
The PingOne cloud offers an application catalog with thousands of pre-configured applications; integration with existing identity stores; a customizable user portal for access to applications; automated user provisioning and de-provisioning; access policies to enable granular security; integrated multi-factor authentication; reporting and usage metrics.
Notable Features: Single sign-on, multifactor authentication, access request management, password management.
Markets and use cases: Enterprises in all verticals
Delivery: Cloud and on-premises software
Pricing: 30-day free trial
Training and Support: Documentation, support online
Top IAM products compared
Here is a chart comparing features of the top IAM products: