Top 10 Identity and Access Management (IAM) Solutions
Credential theft and account takeover attacks form a disproportionately large share of cyberattacks. IT can mitigate these risks by using a strong identity access management (IAM) solution. We list the top ten platforms for your consideration – to find that perfect IAM solution for your company.
The recent Spotify attack showed exactly how critical identity access management (IAM) is for enterprises. A malicious entity launched a credential-stuffing operation that could defraud over 300,000 Spotify accounts. In response, Spotify has initiated a “rolling reset” of passwords for targeted users. Attacks like these can be preempted by an enterprise IAM solution that keeps credentials safe, manages access, and reveals analytics insights into potential vulnerabilities.
If you look at the estimated total economic impact of leading IAM vendors, the numbers are staggering. Forrester reports that the Auth0 IAM software could deliver a massive 548% ROI, with $11.7 million worth of benefits, in less than six months. Similarly, OneLogin’s solution delivers a 482% ROI in only two months. Given these numbers, IAM investments must be a top priority for companies going into 2021.
Here, we shortlist top IAM software platforms available today (in alphabetical order) and how they address key security requirements such as credential management, analysis, integrations, and data security.
Disclaimer: The listings are based on publicly available information and include information from vendor websites that sell to mid-to-large enterprises. Readers are advised to conduct their own final research to ensure the best fit for their unique organizational needs.
1. Auth0
Overview – A secure access solution for enterprises (B2B, B2C, and employee identity access management), as well as developer/security professional enablement.
Credential management – Breached password detection and access blocking until the password is reset; passwordless login to eliminate one of the most common attack vectors.
Analytics – User behavior analytics, profile dashboards, and authentication trends.
External integrations – Auth0 marketplace for integrations with consent management, identity proofing, IT, social media, SMS, and customer success tools.
Data security – Secure credential storing in the Auth0 database or in-house enterprise repositories; single sign-on and MFA for secure data access.
Pricing – Free for up to 7000 active users, developer solutions for $23 or $1070 (customer-facing) or $1020 (for employees) per month, and enterprise solutions with custom pricing.
2. Azure Active Directory
Overview – Azure Active Directory is Microsoft’s cloud-based IAM solution for enterprises that acts as the backbone for Office 365 applications.
Credential management – Authentication and conditional access policies to protect user credentials; machine learning to detect leaked or stolen credentials and suspicious login attempts.
Analytics – Security analytics via integration with Azure Monitor logs (logs for audit, sign-in trends, risky sign-ins, flagged user, and provisioning patterns).
External integrations – The Azure marketplace contains 3300+ integrations for Azure active directory.
Data security – It packs the ability to integrate Azure IAM with user applications (Workday, DocuSign, Jive, etc.) for secure data access
Pricing – Starts at $6 per user per month (PUPM).
3. BeyondTrust Endpoint Privilege Management
Overview – This is a privilege and identity access management software for Windows, Mac, Unix, Linux, and networked devices.
Credential management – Enables passwordless administration to eliminate credential theft risk; quick-start templates for credential protection policies
Analytics – Features privileged threat analytics to identity data breach risks; enterprise auditing and reporting support.
External integrations – PowerShell-based integrations for automated workflows, custom connectors, etc. and has pre-built integrations with Splunk and ServiceNow.
Data security – In terms of data security, it offers automated application whitelist and exception handling to protect data access; trusted application protection via pre-built templates.
Pricing – Custom pricing; free trial available on request.
4. CyberArk Idaptive
Overview – This IAM software provides access management for employees, contractors, and partners.
Credential management – Features Idaptive SSO to enforce stronger password policies, request-based app access, and browser extensions to recognize new credentials.
Analytics – Machine learning-based user behavior profiling and anomaly detection; integration with external analytics apps like Splunk.
External integrations – An app catalog enabling pre-built integrations with customer service, HR, ERP, IT, marketing, project management, social media, and other apps.
Data security – Features adaptive MFA to protect user access to data across Mac and Windows endpoints, virtual desktops, and even servers.
Pricing – Feature-based pricing starting at $2 per user per feature per month (an updated pricing model yet to be announced by CyberArk).
5. ForgeRock Identity Platform
Overview – This is an AI-powered IAM platform for consumers, workforce, and partner network built on the cloud.
Credential management – A user dashboard to manage credentials and privacy preferences across various applications/websites; consistent password policies across applications, devices, users, and IoT objects.
Analytics – Autonomous Identity, using AI to collect and analyze data such as accounts, roles, user activity, and privileges to identify any blind spots.
External integrations – SDKs to connect with mobile and web apps; pre-built support for open security standards; data connectors like Microsoft Active Directory and LDAP; integration with social media.
Data security – Secure data access via the cloud on endpoints and across the IoT ecosystem.
Pricing – Custom pricing; free trial and ROI calculator available.
Learn More: How to Get Identity & Access Management (IAM) Right, Finally
6. JumpCloud
Overview – A cloud directory platform to securely manage identity and access across Windows, macOS, and Linux environments.
Credential management – Single sign-on (SSO) for credential management with group-based access control and a user portal for managing credentials.
Analytics – System Insights for endpoint visibility, compliance reporting, and vulnerability detection (unauthorized peripherals, unencrypted systems, etc.).
External integrations – Restful API and PowerShell module for custom integrations; thousands of apps covered by JumpCloud; SAML adapter for customer apps.
Data security – Browser-based access provisioning/de-provisioning to VPN and Wi-Fi networks for hassle-free data security, encryption of all data at rest.
Pricing – Free for up to 10 users and 10 systems; $10 per user per month, for core directory services; $2 per user per month and above for custom feature selection.
7. Okta
Overview – Okta Identity Cloud, providing IAM for your workforce and customers, Platform Services to address specific identity use cases via modular components.
Credential management – Features single sign-on (SSO) and strong password management policies for safe credentials.
Analytics – Analytics available by integrating with one of Okta’s data analytics partners.
External integrations – Integrates with nearly every popular application like Zoom, Slack, Salesforce, etc. and has a vast API library for custom integrations.
Data security – Data security measures to prevent cross-site scripting, SQL injections, and forgery requests.
Pricing – Feature-based pricing starts at $ 2 per user per month for only SSO, and goes up to $29,000 annually for B2B integrations.
8. OneLogin Trusted Experience Platform
Overview – A unified platform for customer identity, workforce identity, and developer experience management.
Credential management – Single sign-on (SSO) to securely access multiple apps with one set of credentials; synchronization with directories like Workday, LDAP, etc., for credential porting.
Analytics – Centralized audit trail and standard/custom reports; Vigilance AI for entity and user behavior analytics; threat intelligence to arrive at a risk score and power MFA.
External integrations – An app catalog with 6000+ integrations; developer portal with open APIs.
Data security – Context-aware access management to filter access to sensitive data; enterprise sandbox feature for production data cloning.
Pricing – Features-based access starts at $2 per user per month (PUPM).
Learn More: How to Avoid Identity Governance Buyer’s Remorse
9. Ping Intelligent Identity™ Platform
Overview – IAM solution combines security with ease of use, across public cloud, private cloud, and third-party software.
Credential management – Secure password self-management; single sign-on (SSO), social login, and unified authentication for customers, employees, and partners.
Analytics – Risk management features to detect suspicious behavior via AI and ML; PingIntelligence for APIs to analyze API traffic for possible threats.
External integrations – 1500+ IAM integrations as part of the integration directory, featuring first-party apps as well as integrations with SaaS apps and AWS enablers.
Data security – User consent collection for data privacy; secure data access through agents or proxy; data access governance with customer data privacy compliance.
Pricing – Starts at $5 per user per month (PUPM) for workforce solutions.
10. SecureAuth
Overview – This is a comprehensive IAM solution with a focus on user experience quality, analytics, and workforce engagement.
Credential management – Dynamic IP blocking technology to protect against password spray attacks; ML-based credential checking; passwordless authentication; a self-service portal for credentials reset.
Analytics – Detailed user behavior analytics such as failed login attempts, MFA enrollment, etc.; prescriptive authentication workflows; intelligent risk engine.
External integrations – A global partner network of integrators, resellers, and technology companies; dedicated partner portal.
Data security – 30+ authentication methods to secure data access.
Pricing – Custom pricing on demo request; ROI calculator available.
Learn More: Top 10 Threat Modeling Tools in 2020
Closing Thoughts
Each of these 10 IAM vendors has its own pros and cons. Some only offer internal solutions, while others cover customer identity as well. Most provide built-in analytics, while a few need to be connected with external analytics dashboards. But most importantly, one of the key determining factors for choosing an IAM solution has to be the hosting environment. The software platforms listed offer cloud-hosted usage, while Okta and SecureAuth can be deployed on-premise.
Ultimately, the decision will depend on your exact business and IT requirements, as well as the user base (internal/external, IoT device, etc.) you’re looking to cover.
Do you agree that identity access management (IAM) can be a game-changer for cybersecurity in 2020? Comment below or let us know on LinkedIn, Twitter, or Facebook. We would love to hear from you
