Single sign-on (SSO) solutions have become an important part of the security landscape. These solutions do away with the need for users to enter usernames and passwords for individual applications and systems. Instead, users simply sign in once and the solution communicates the appropriate credentials to the separate applications and systems.
SSO technologies utilize proxy and agent architectures, as well as standards-based identity federation. SSO can either be sold as a standalone product or as part of an access management or security suite. Single-sign on is often bundled with access control, centralized authentication, session management, authorization enforcement, multi-factor authentication and other functions.
Some SSO solutions run on-premises, while others run in the cloud, and some provide multiple deployment options. But the cloud is increasingly becoming the preferred option for SSO. Most vendors offer at least a software-as-a-service (SaaS) option on top of on-premises software offerings. And more than a few are now favoring SaaS-only SSO. According to Gartner, while SaaS remains in the minority of SSO offerings, it is by far the largest growth area of SSO and the market is steadily moving in that direction. By 2021, it is predicted to overtake on-premises deployments as the dominant model. Thus vendors hoping to perform well will need to provide cloud-based SSO services.
The following products and services are among the most popular and highly rated SSO solutions, followed by a table breaking down key features of each. For more on our methodology, see Our Top Security Vendor Methodology.
IBM Authentication Solutions
IBM Security Access Manager (ISAM) is IBM’s on-premises SSO solution. The company also offers a SaaS SSO solution called Cloud Identity. Gartner Peer Reviews are 73 percent positive, with strong marks for product capabilities, technical support. Those users tend to be from large enterprises. Startup costs are higher relative to most other vendors partly due to the need for professional services. In addition, the SaaS capabilities of Cloud Identity lag some other vendors. Thus, IBM is mainly a candidate for existing IBM customers and enterprises looking for an on-premises deployment.
ForgeRock Identity Platform
ForgeRock is strong in financial services, manufacturing, telco, media, and retail. In other words, large enterprises with complex access management requirements gravitate to ForgeRock. Due to its scalability and extensibility, it works well for any large-scale, customer-facing deployment. As it goes well beyond SSO, those needing only sign-on functions will probably look elsewhere.
Micro Focus Access Manager
Micro Focus tends to serve mainly large- to medium-size enterprises for employee and B2B access management. This standalone SSO product can be delivered as SaaS, on premises, appliance or software. It should be considered along with other top vendors such as Okta, Microsoft, and Ping.
OneLogin Unified Access Management Platform
OneLogin Unified Access Management Platform is primarily for workforce to cloud-based applications (B2E), as well as managing access for business partners, customers, and consumers. It gets a 92 percent thumbs up rating in Gartner Peer Reviews. However, SSO is just one function of the platform. It is a good fit for companies of all sizes needing SSO plus broader access management functions.
CA Single Sign-On
CA Single Sign-On only gets 59% positive reviews on Gartner Peer Reviews despite being widely considered a market leader. But it does get high marks for user authentication. It is probably best for large enterprise environments with content that is highly sensitive or regulated. It can be used as on-premises software and in cloud and hybrid cloud environments.
Oracle Enterprise Single Sign-On
Another leader that users seem lukewarm on, Oracle Enterprise Single Sign-On only managed 47% positive reviews in Gartner Peer Reviews. Problems cited include complex integration, lack of pricing flexibility, integration challenges, and lackluster service. However, it is used by some of the largest brands across the globe in financial services, retail, higher education, and government. It is probably best suited to large enterprises already running on an Oracle infrastructure.
Okta Identity Cloud
Okta has 91% positive reviews on Gartner Peer Reviews and earned the top spot in the last Gartner Magic Quadrant. It can serve SMEs to large enterprises and offers industry-specific content tailored to education, energy, financial services, technology, non-profit, healthcare and government verticals. It is available only as a SaaS solution, so some enterprises with compliance or confidentiality hurdles may need to look elsewhere due to the lack of an on-premises option. But anyone willing to run SSO from the cloud should put Okta on their short list.
Ping is used by eight of the ten largest banks, seven of the ten largest biopharmaceuticals, four of the five largest healthcare plans and two of the three largest hospitals. It received 91% positive user reviews from Gartner Peer Reviews, but its SSO was rated behind Okta, ForgeRock and OneLogin on single sign-on functionality. Where it beats out some of these rivals, though, is by offering both on-premises and cloud options, making it a top contender for those seeking both.
Idaptive Application Services
Idaptive is a new spinoff from Centify, and its Identity-as-a-Service offerings appeal mainly to small businesses and midsize enterprises. Users give it 85 percent positive ratings on Gartner Peer Reviews. But it goes beyond SSO to offer a wide range of application services, and that may be more than some companies desire.
Microsoft Azure AD
Microsoft Azure Active Directory (Azure AD) includes Azure AD Connect to support on-premises directory integration and synchronization. Additionally, it includes Active Directory Federation Services (AD FS) as an option to support SSO. Azure AD includes reporting, security analytics, multifactor authentication and user provisioning for SaaS apps. It appeals to any organization, large or small, that uses the Microsoft Azure cloud platform. It’s hard to beat for anyone running Azure.
Top SSO Solutions Compared
Top Single Sign-On Providers
|Top Single Sign-On Providers|
|Vendor||Use Cases||Metrics||Gartner MQ Position||Delivery||Pricing|
|IBM||Finance, government, communications, insurance and manufacturing?verticals||Can handle up to 42,000 requests per second||Leader||Cloud, on premises, virtual appliance or hybrid||Per appliance, per processor or per user (starting at $2.50 per employee per month)|
|ForgeRock||Financial services, automotive/manufacturing, telco/media, and retail||Largest installations top 100 million identities||Visionary||On premises or in the cloud||Subscription pricing model|
|Micro Focus||Large- to medium-size enterprises||Largest installation is 38 million active users. Each server supports 70,000 concurrent sessions and 500 logins per second.||Challenger||SaaS, on premises, appliance, and software||Primarily per managed identity|
|OneLogin||Companies of all sizes||Scales up to hundreds of thousands of users||Leader||Software||Starting at $2 per month per user|
|CA Technologies||Large enterprise||Largest customers: 3 billion transactions per month, 80 million+ users||Leader||On-premises software, cloud and hybrid||Per user pricing|
|Oracle||Financial services, retail, higher education, and government||Supports hundreds of millions of users||Leader||Software or cloud||Prices vary from one-time set up fees to monthly subscriptions|
|Okta||Companies of all sizes||Supports tens of thousands of employees and partners and millions of users||Leader||SaaS||From $2 per month per user|
|Ping Identity||Large enterprise||Scales to hundreds of millions of users||Leader||Physical server or cloud||From $28 per user annually|
|Idaptive||Small business to midsize enterprises||New cloud infrastructure supports hundreds of thousands of simultaneous users||Visionary||Identity-as-a-Service||$4 per month per user|
|Microsoft Azure||Azure cloud users||Millions of users in B2C use cases||Leader||Identity-as-a-Service||From $1 per month per user, $6 for premium|