KuppingerCole Report
Leadership Compass
By Martin Kuppinger

Identity Provisioning

Leaders in innovation, product features, and market reach for Identity Provisioning. Delivering the capabilities for managing accounts and entitlements across heterogeneous IT environments on premises and in the cloud. Your compass for finding the right path in the market.

1 Introduction

The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment. This Leadersh ...

Login Free 30-day Select Access Get full Access

1.1 Market Segmenet

Identity Provisioning is, despite the rise of integrated IGA offerings, one of the core segments of the overall IAM market – and it is an essential ...

Login Free 30-day Select Access Get full Access

1.2 Delivery models

This Leadership Compass is focused on offerings that run on premises, either at the customer or at a Managed Service Provider (MSP). We do not look at ...

Login Free 30-day Select Access Get full Access

1.3 Required Capabilities

When evaluating the products, we look, generally speaking, at the aspects of

  • overall functionality
  • size of the company
  • number of customers
  • number of developers
  • partner ecosystem
  • licensing models
  • traditional core features of Identity Provisioning

Within the area of functionality, the required capabilities are centered around the key components listed above:

  • Workflow support for request and approval processes
  • Workflow/process support for automating the management of identities and access, i.e. the flow of data back and forth from and to target systems
  • Tools that graphically support creating and customizing workflow
  • Breadth and depth of connectors that allow interfacing with a variety of target systems
  • Cloud connectors, adding provisioning support for common cloud services
  • Connector toolkits for rapidly adding custom connectors
  • Identity repository, managing the links between the identities managed by the provisioning system and the accounts in the connected systems
  • Customization of mapping rules between central identities and the accounts per target system
  • Reconciliation engine for identifying unauthorized changes in target systems
  • User self-services for e.g. password resets and managing their own identities
  • Delegated administration capabilities

Beyond that, we also considered some specific features. These include, amongst others:

  • Heritage of connectors
    Having connectors as OEM components or provided by partners is considered a risk for ongoing support and available know-how at the vendor.
  • ESB interfaces
    Having interfaces to ESBs (Enterprise Service Bus) adds architectural options for integrating Identity Provisioning with existing systems and for connecting to target systems.
  • SRM interfaces
    We expect that systems provide out-of-the-box integration to leading SRM (Service Request Management) systems for manual fulfilment of provisioning requests.
  • SPML/SCIM support
    Support for these two standards (Service Provisioning Markup Language/ System for Cross-domain Identity Management) and in particular SCIM is recommended.
  • Deployment models
    Supporting different deployment models like hard/soft appliances and optional MSP services gives customer a broader choice.
  • Customization
    Systems that require little or no coding and that support scripting or, if programming is required, a range of programming languages, are preferred. We here also look for transport systems between development, test, and production, and the ability of keeping customizations unchanged after upgrades.
  • Mobile interfaces
    Secure apps providing access to certain key capabilities of the product.
  • Authentication mechanisms
    We expect Identity Provisioning systems to support different types of authentication to the system, including strong authentication options, to limit the risk of fraud using these systems.
  • Internal security model
    All systems are required to have a sufficiently strong and fine-grained internal security model.
  • Multi tenancy
    Given the increasing number of cloud deployments, but also specific requirements in multi-national and large organizations, support for multi-tenancy is highly recommended.
  • Baseline Access Governance
    Provisioning should be feasible based on role concepts and with support for the definition of SoD rules (Segregation of Duties), despite the fact that Access Governance tools are increasingly used on top of Identity Provisioning.
  • Shopping cart paradigm
    These approaches are pretty popular for simplifying the access request management process by using shopping cart paradigms familiar to the users.

The support for these functions is added to our evaluation of the products. We’ve also looked at specific USPs (Unique Selling Propositions) and innovative features of products which distinguish them from other offerings available in the market.

2 Leadership

Selecting a vendor of a product or service must not be only based on the comparison provided by a KuppingerCole Leadership Compass. The Leadership Com ...

Login Free 30-day Select Access Get full Access

2.1 Overall Leadership

When looking at the Overall Leader segment in the Overall Leadership rating, we see a picture that is common for mature market segments, where a significant number of vendors delivers solutions with a rich feature set. The market is very crowded, with close to 30 vendors we have considered in our rating plus several other vendors we have listed in the “vendors to watch” section.

For Overall Leadership, we find SailPoint slightly in front, closely followed by a group of three vendors, consisting of Micro Focus, Oracle, and CA Technologies. Next to them we find IBM and EmpowerID, followed by ForgeRock, One Identity, and Hitachi ID. All these vendors have an established market presence in the Identity Provisioning market segment, with EmpowerID and Hitachi ID being the two least known of these vendors, but both delivering comprehensive offerings, positioning them clearly in the Overall Leaders segment.

SAP also made its entry into the Overall Leader segment, after maturing and enhancing their product significantly over the past years. Further vendors we find in this segment include Avatier, Beta Systems, Omada, Evidian, Pirean, and Core Security. All provide solutions which move them, in combination with their ratings on Market Leadership and Innovation Leadership, into the Overall Leader segment.

The Challenger segment is also well-populated. The vendors in this segment also provide strong offerings, which challenge the established players. Some of the vendors in this segment benefit more from their strong market position, while others such as Beta Systems are higher placed in Product Leadership. We strongly recommend thoroughly reviewing both the other Leadership charts and the detail descriptions on these vendors.

In the Challenger section, we find OpenIAM and Fischer International slightly ahead, followed by two other vendors, Ilex and Tools4ever. Other vendors in the section are Systancia, a vendor which started in the Healthcare market; iSM Secu-Sys, a German vendor with an interesting product offering but limited market reach; Econet, Evolveum, and Propentus all as smaller vendors with specific focus areas. All of them can be interesting alternatives to the established players. We also find FSP in this segment, another German vendor, which shows its strength in the combination of Identity Provisioning and Access Governance, while having several gaps when looking at Identity Provisioning capabilities only.

Finally, we see one vendor in the Follower segment, which just recently entered the market and still shows gaps in the products’ capabilities, plus having only initial customers. This is Login Alliance. They show potential in this market, but still have some way to go.

Overall Leaders are (in alphabetical order):

  • Avatier
  • Beta Systems
  • CA Technologies
  • Core Security
  • EmpowerID
  • Evidian
  • ForgeRock
  • Hitachi-ID Systems
  • IBM
  • Micro Focus
  • Omada
  • One Identity
  • Oracle
  • Pirean
  • SailPoint
  • SAP

2.2 Product Leadership

The first of the three specific Leadership ratings is about Product Leadership. This view is mainly based on the analysis of product/service features ...

Product Leadership, or in this case Service Leadership, is the view where we look specifically at the functional strength and completeness of products ...

Login Free 30-day Select Access Get full Access

2.3 Innovation Leadership

Another angle we take when evaluating products/services concerns innovation. Innovation is, from our perspective, a key capability in IT market segmen ...

Again, we rate many vendors as Innovation Leaders in the Identity Provisioning market. Given the maturity of Identity Provisioning, the amount of inno ...

Login Free 30-day Select Access Get full Access

2.4 Market Leadership

Finally, we looked at Market Leadership, i.e. the number of customers, the partner ecosystem, the global reach, and related factors affecting the lead ...

In the Market Leaders rating, we get a somewhat different picture. While there is a group of leading, well-established vendors, others rate lower, giv ...

Login Free 30-day Select Access Get full Access

3 Correlated View

While the Leadership charts identify leading vendors in certain categories, many customers are looking not only for, say, a product leader, but for a ...

Login Free 30-day Select Access Get full Access

3.1 The Market/Product Matrix

The first of these correlated views looks at Product Leadership and Market Leadership.

Vendors below the line have a weaker market position than expected according to their product maturity. Vendors above the line are sort of “overperf ...

Login Free 30-day Select Access Get full Access

3.2 The Product/Innovation Matrix

The second view shows how Product Leadership and Innovation Leadership are correlated. It is not surprising that there is a pretty good correlation be ...

Vendors below the line are more innovative, vendors above the line are, compared to the current Product Leadership positioning, less innovative.

Her ...

Login Free 30-day Select Access Get full Access

3.3 The Innovation/Market Matrix

The third matrix shows how Innovation Leadership and Market Leadership are related. Some vendors might perform well in the market without being Innova ...

Vendors above the line are performing well in the market compared to their relative weak position in the Innovation Leadership rating, while vendors b ...

Login Free 30-day Select Access Get full Access

4 Products and Vendors at a glance

This section provides an overview of the various products we have analyzed within this KuppingerCole Leadership Compass on Identity Provisioning. Asid ...

Login Free 30-day Select Access Get full Access

4.1 Ratings at a glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in table 1.

Login Free 30-day Select Access Get full Access

In addition, we provide in table 2 an overview which also contains four additional ratings for the vendor, going beyond the product view provided in t ...

Login Free 30-day Select Access Get full Access

Table 2 requires some additional explanation regarding the “critical” rating.

In Innovativeness, this rating is applied if vendors provide none, or ...

Login Free 30-day Select Access Get full Access

5 Product/service evaluation

This section contains a quick rating for every product/service we’ve included in this KuppingerCole Leadership Compass document. For many of the pro ...

Login Free 30-day Select Access Get full Access

5.1 Avatier

Avatier has evolved from a vendor that focused primarily on providing smart user interfaces, but sometimes lacked the underlying depth of capabilities ...

Login Free 30-day Select Access Get full Access

5.2 Beta Systems

Beta Systems, a German vendor, is amongst the vendors with the longest market presence in the Identity Provisioning market. Their offering has gone th ...

Login Free 30-day Select Access Get full Access

5.3 CA Technologies (was acquired by Broadcom Inc. in 2018/11)

CA Technologies is among the largest infrastructure software vendors worldwide and offers a broad portfolio of products in the IAM market segment, inc ...

Login Free 30-day Select Access Get full Access

5.4 Core Security

Core Security is a vendor that is a result of various acquisitions, including the one of Courion. Courion, on the other hand, had evolved from support ...

Login Free 30-day Select Access Get full Access

5.5 Econet

econet is a German software company, which is delivering IAM solutions for many years. Their core product is named Identity & Service Manager and is f ...

Login Free 30-day Select Access Get full Access

5.6 EmpowerID

EmpowerID with its product also named EmpowerID takes a unique approach to Identity Provisioning. It is built from scratch on a Business Process Manag ...

Login Free 30-day Select Access Get full Access

5.7 Evidian (was acquired by Atos)

The French vendor Evidian is part of Atos, one of the leading European IT service companies. Evidian has been in the IAM business for many years. Thei ...

Login Free 30-day Select Access Get full Access

5.8 Evolveum

Evolveum is an Open Source IAM vendor based in Slovakia. Their midPoint product is provided for free, but with subscription for professional services ...

Login Free 30-day Select Access Get full Access

5.9 Fischer International Identity

Fischer International Identity is a vendor which is different from all other provisioning vendors in that the company from the very beginning focused ...

Login Free 30-day Select Access Get full Access

5.10 ForgeRock

ForgeRock has established itself as a leading provider of IAM solutions, based on a common IAM platform. The company started its business as a provide ...

Login Free 30-day Select Access Get full Access

5.11 FSP Software & Consulting

The German software vendor FSP provides an integrated IGA solution named “IGA Suite ORG”. As an integrated suite, the product covers both Identity ...

Login Free 30-day Select Access Get full Access

5.12 Hitachi ID Systems

Hitachi ID provides a product named Identity Manager, which is a mature solution for managing identities and their access. It integrates Access Govern ...

Login Free 30-day Select Access Get full Access

5.13 IBM

IBM Security Identity Governance & Intelligence is the successor of former IBM Security/Tivoli Identity Manager (ISIM/ITIM) and one of the more mature ...

Login Free 30-day Select Access Get full Access

5.14 ILEX International

ILEX is a French vendor which provides two different but closely related tools around Identity and Access Management. Both are somewhat different from ...

Login Free 30-day Select Access Get full Access

5.15 iSM Secu-Sys

iSM Secu-Sys is a German vendor which offers an Identity Provisioning solution named bi-cube with a well-thought out approach to role management and p ...

Login Free 30-day Select Access Get full Access

5.16 Login Alliance

Login Alliance is a German software vendor that just recently entered the IAM market. The companies behind the product, Syntlogo and Intension, origin ...

Login Free 30-day Select Access Get full Access

5.17 Micro Focus

Micro Focus Identity Manager is the former NetIQ and Novell Identity Manager which became part of Micro Focus after the acquisition of NetIQ, which ag ...

Login Free 30-day Select Access Get full Access

5.18 Omada

Omada, a Danish vendor, provides the Omada Identity Suite. Omada focuses on adaptable business-centric and collaborative features such as workflows, a ...

Login Free 30-day Select Access Get full Access

5.19 One Identity

One Identity is a newly founded company, which is part of Quest Software. It owns the IAM portfolio that came from Dell Software. The main product is ...

Login Free 30-day Select Access Get full Access

5.20 OpenIAM

OpenIAM counts among the less known vendors in the IAM market, taking a different approach than others. They started with an IAM offering deployed in ...

Login Free 30-day Select Access Get full Access

5.21 Oracle

Oracle Identity Governance Suite is the on premise offering within Oracle’s IAM portfolio. It includes Oracle Identity Manager (OIM), which delivers ...

Login Free 30-day Select Access Get full Access

5.22 Pirean

Pirean is a UK-based software company that is not yet well-known outside of their home market, but shows strong potential. Their Access:One offering c ...

Login Free 30-day Select Access Get full Access

5.23 Propentus (was acquired by Telia)

Propentus, a Finnish software vendor, is one of the IAM vendors entering the market with a comprehensive suite that covers a variety of aspects around ...

Login Free 30-day Select Access Get full Access

5.24 SailPoint

SailPoint originally started as a vendor specialized in Access Governance. However, since 2010 they have made strategic personnel and technology inves ...

Login Free 30-day Select Access Get full Access

5.25 SAP

SAP has established a considerable IAM portfolio over the past years. It consists of both on premises tools and cloud services. For Identity Provision ...

Login Free 30-day Select Access Get full Access

5.26 Systancia

Systancia is a software company that started in the healthcare business. They have merged with French vendor Avencis a while ago. Avencis originally s ...

Login Free 30-day Select Access Get full Access

5.27 Tools4ever

Tools4ever is a Dutch software company that started in the SMB market segment, but has grown its portfolio to a level where it also can serve the IAM ...

Login Free 30-day Select Access Get full Access

6 Vendors and Market Segments to watch

Aside from the vendors covered in detail in this Leadership Compass document, we also observe other vendors in the market that we find interesting for ...

Login Free 30-day Select Access Get full Access

6.1 Atos

Atos has, aside of acquiring Evidian indirectly via their Groupe Bull acquisition, also acquired the former Siemens Business Services, which included ...

Login Free 30-day Select Access Get full Access

6.2 Avanpost

Avanpost is a Russian vendor of an IAM solution, covering primarily Identity Provisioning capabilities, but with some limited Access Governance featur ...

Login Free 30-day Select Access Get full Access

6.3 Caradigm

Caradigm is a software vendor focused on delivering solutions for the Healthcare industry. Amongst other solutions, they deliver an IAM solution cover ...

Login Free 30-day Select Access Get full Access

6.4 Cion Systems

Cion Systems is addressing the market more from the Active Directory management angle. They thus might best be understood as a direct competitor to Mi ...

Login Free 30-day Select Access Get full Access

6.5 Deep Identity

Deep Identity is a company based in the APAC (Asia/Pacific) region. The company primarily focuses on its IACM (Identity Audit and Compliance Manager) ...

Login Free 30-day Select Access Get full Access

6.6 E-Trust

E-Trust is an IAM/IAG vendor headquartered in Brazil that delivers its own IGA solution called Horacius. The platform provides good workflow capabilit ...

Login Free 30-day Select Access Get full Access

6.7 Identity Automation

Identity Automation has been in the market for more than a few years, however it was initially in the system integrator business around IAM, before be ...

Login Free 30-day Select Access Get full Access

6.8 Ilantus

Ilantus Technologies is a specialized vendor in the IAM domain. Being primarily a system integrator, it has recently moved to becoming an IDaaS vendor ...

Login Free 30-day Select Access Get full Access

6.9 ITconcepts

Cognitum is a development platform for IAM solutions that allows quickly creating IAM solutions, based on connectivity to target systems and integrate ...

Login Free 30-day Select Access Get full Access

6.10 ITMC Soft

Danish company ITMC is a software vendor that was founded by several persons with deep backgrounds in IAM system integration. Their product, IDM365, f ...

Login Free 30-day Select Access Get full Access

6.11 Microsoft

Microsoft’s offering in the Identity Provisioning market segment is the Microsoft Identity Manager 2016 (MIM). The product has undergone various nam ...

Login Free 30-day Select Access Get full Access

6.12 Ogitix

Ogitix is a German company that provides an IAM solution targeted at the SMB market, with focus on the local market. It provides some interesting capa ...

Login Free 30-day Select Access Get full Access

6.13 RSA Security

RSA Security delivers, as part of their RSA SecurID Suite, its own IAM solution. The product named RSA Identity Governance & Lifecycle is based on the ...

Login Free 30-day Select Access Get full Access

6.14 SmartAIM

SmartAIM is a company delivering a number of IGA solutions covering various aspects of this market. They are still small, but might become a vendor th ...

Login Free 30-day Select Access Get full Access

6.15 Trustverse

TrustVerse is a vendor based in Moscow, Russia. Their Cube solution is a standard IAM product that allows provisioning changes to various systems. Tru ...

Login Free 30-day Select Access Get full Access

6.16 Usercube

Usercube is a French software company delivering an IAM solution based on the Microsoft technology platform. We consider it a product that might be in ...

Login Free 30-day Select Access Get full Access

6.17 Wise Identity

Wise Identity has acquired the former IAM solution of Netprof. The solution is a specialized Identity Provisioning solution targeting the Education ma ...

Login Free 30-day Select Access Get full Access

6.18 WSO2

WSO2 is a company based in Palo Alto, CA. They provide a platform for connecting businesses, based on SOA (Service Oriented Architecture) concepts. Th ...

Login Free 30-day Select Access Get full Access

7 Methodology

KuppingerCole Leadership Compass is a tool which provides an overview of a particular IT market segment and identifies the leaders in that market segm ...

Login Free 30-day Select Access Get full Access

7.1 Types of Leadership

We look at four types of leaders:

  • Product Leaders: Product Leaders identify the leading-edge products in the particular market segment. These prod ...
Login Free 30-day Select Access Get full Access

7.2 Product rating

KuppingerCole as an analyst company regularly does evaluations of products/services and vendors. The results are, among other types of publications an ...

Login Free 30-day Select Access Get full Access

7.3 Vendor rating

For vendors, additional ratings are used as part of the vendor evaluation. The specific areas we rate for vendors are

  • Innovativeness
  • Market posi ...
Login Free 30-day Select Access Get full Access

7.4 Rating scale for products and vendors

For vendors and product feature areas, we use – beyond the Leadership rating in the various categories – a separate rating with five different lev ...

Login Free 30-day Select Access Get full Access

7.5 Inclusion and exclusion of vendors

KuppingerCole tries to include all vendors within a specific market segment in their Leadership Compass documents. The scope of the document is global ...

Login Free 30-day Select Access Get full Access

Methodology

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top