We changed our name from IT Central Station: Here's why

Top 8 Customer Identity and Access Management Tools

ForgeRockAuth0Omada IdentityFronteggWSO2 Identity ServerSalesforce IdentityOkta Customer IdentitySAP Customer Identity and Access Management
  1. leader badge
    The solution is very scalable. We have a lot of users that have been increasing over the years that we have been using it. We have approximately 20,000 users.
  2. leader badge
    The solution's overall flexibility and customizability were the chief factors for selecting it in the beginning. They still remain among the best reasons to use Auth0. The flexibility that you get, and what it's allowed us to do on top of it in terms of code, is key.
  3. Find out what your peers are saying about ForgeRock, Auth0, Omada and others in Customer Identity and Access Management. Updated: January 2022.
    564,143 professionals have used our research since 2012.
  4. The best feature in Omada Identity is that it enables us to implement standardized employee life cycle processes so that we don't have to create them ourselves. We can then use the standard workflows.
  5. It has Audit Log and many cool features that if we were to develop them by ourselves, it would require a lot of research and development resources. Frontegg gives us everything we need to ensure that our customers have a safe and reliable authentication system in which they can also manage some of the features and roles by themself which gives them more control over their environment.
  6. Some of the valuable features of the solution are the easy integration with processes, such as Single Sign-On. Overall WSO2 is straightforward and does not need customization.
  7. The user experience was great because it had all the features that the client needed. It was fully customized for the client, and it was very simple. It was the best solution at that time.
  8. report
    Use our free recommendation engine to learn which Customer Identity and Access Management solutions are best for your needs.
    564,143 professionals have used our research since 2012.
  9. The solution has great multifactor authentication.I think all the functions of the solution are vital and important because life cycle management is important for some companies. The Single Sign-On feature is fantastic for different customers and advanced server access is really good for access to the servers.
  10. The most valuable aspect of the product is the provisioning of a lot of SAP systems. It offers automated provisioning.

Advice From The Community

Read answers to top Customer Identity and Access Management questions. 564,143 professionals have gotten help from our community of experts.
Ram Chenna
Hello everyone, We are working with an energy and utility client based in the US. Our suite of applications is Bespoke applications built on Microsoft Stack (.NET, MVC, ASP.NET, .NET core, SQL Server, .NET CORE RESTful services, etc). We integrate with a host of external vendor products such as Payment Gateway, eKYC vendors, third-party Aggregators, etc. We are looking to explore an IAM product tool that fits well within our technology landscape. Primarily, we would have internal employees authenticating and connecting to a host of applications from the Internet and as well as external vendors, partners also connecting to it. Currently, we have suggested having an external Domain Controller for external users and a separate Domain Controller - for internal users. This way we can have more granular governance, access, and security policies for external and internal users. In the future, we might expose the authentication using social media as well (such as GMAIL, LI, FB,…
author avatarEmil Gitman (Herjavec Group)
MSP

Hello Ram. 


As additional information is required, you can PM me. So I will be able to forward you to the right contact.

author avatarDhiraj Verma
Real User

You can also look at the https://www.ubisecure.com/ . They have excellent features when it comes to managing external identities. 


Also, a wide variety of APIs available for integration. 

author avatarUmair Akhlaque
Real User

Symantec Security suite (previously) called CA Identity Suite is a good IAM solution. The product is very stable and customizable. Plus it has a complete portfolio that includes security features for a customer. 


PLA licenses enable customers to use all product lines without extra charge. 


In case you need any assistance or Proof of value more than happy to assist. 

author avatarJamesLaPalme
Vendor

Entrust has a portfolio of Identity solutions that address the apps above: on-prem or cloud-based options and support for external ID such as Google or FB.

author avatarJay Bretzmann
Real User

The internal/external domain controller approach could be the right way to go. The internal must already be in place, right?  Microsoft Active Directory (hopefully migrating to Azure Active Directory). Microsoft is the clear market share leader for identity systems so I recommend you start there and figure out why AD/AAD wouldn't work externally.


The downside to two domains is just that; you're identity teams are going to have to master two software stacks.  Granularity and controls sound great, but have you ever tried to create them yet?  Do an internal exercise that would define your access policies and give that list to a shortlist of vendors as an RFP challenge.

author avatarMichel Timp
Real User

Please check the following IAM solutions:


Okta: Okta | Identity for the internet


Hello ID: HelloID - Cloud: Identity: Access

author avatarDoug-MacPherson
User

Hey Rama, it looks like you are looking for an Access Management solution. 


From my experience, since you are heavily invested in Microsoft, it may be the best solution. It tends to be a bit more complex but adding another vendor would also increase the complexity. Best practice would have you maintain separate directories for employees and customers.


Admittedly, I am biased towards SailPoint. It provides the Governance that you need as a Utility by increasing your visibility and centralized management of your users. I just do not see a similar product today that has the IGA capabilities that you need as well as the integration capabilities to support solutions like Microsoft. The two companies work closely together on the integration


As Occam's razor says - other things equal, explanations that posit fewer entities, or fewer kinds of entities, are to be preferred to explanations that posit more. Pick two market leaders and off you go!

author avatarMatt Thomson
Consultant

@Ram Chenna ​ Sounds like there is a lot of things at play here. 


I would suggest reaching out to a trusted IAM service integrator and you need to get your requirements detailed and prioritized. There are all sorts of options from looking inside the Microsoft Stack at Azure IGA although it isn't as mature as some of the market-leading products like SailPoint, One Identity and Saviynt. 


These products cover the depth of full IGA implementations and help you improve your security controls around access and identity management. We normally spend about 20 days working through client requirements before being able to suggest a specific solution. We recently helped a company in the Australian energy sector leverage a Sailpoint implementation for their internal workforce while assisting them with an Azure B2C/B2B implementation for their external userspace

Amimesh Anand
Hi community, Our client is looking for risk elimination but doesn't want IdAM to be implemented? How can we convince the client to choose IdAM? What approach would you use? Also, which tool can be embedded along with IdAM to make security more efficient and more versatile?
author avatarSamuel Paul
Real User

Hi @Amimesh Anand,


It seems to be important first to analyse the current situation of your client. Because you can easily highlight main topics to talk about security.


By the way, you can have 2 different approaches, according to the Identities stuff and Roles subjects.


Identities - to guarantee a unique identity to everyone, a manager for everyone, no orphan accounts, accounts are automatically activated/deactivated on the due date, etc.

Role - to be sure everyone is granted (when they need) specific roles and roles are removed when it is not necessary anymore. Without role management, it is not possible to easily manage it, except if there are 6 employees in the company.


Those are a couple of examples but the list is quite long, actually.

author avatarBharat Halai, CISSP
Real User

It all depends on the risks but just look at Maersk - NotPetya and other cyber incidents. 


Prevention is so much better than cure! Trust me - it is one year of my life - I will never get back.

author avatarJay Bretzmann
Real User

What's the issue, expense?  How does one eliminate risk if they can't positively identify who's logging into the network?  Depending upon the devices (endpoints) in use, I'd recommend steering them toward a push MFA solution (Duo is an example).  A lot of companies will add simple SMS OTP or those annoying six-digit codes sent to your phone, and while it's better than nothing, the SS7 protocol is susceptible to Man-in-the-middle attacks.  


If you need some backup material, go download Verizon's DBIR. The #1 attack vector for years running is identity compromise or credential theft.

author avatarCaseyWhitcher
User

I think in your initial interview, and evaluation with the client, the necessity will answer for itself.  


What is your normal process for adding a new user? what is your normal process for terminating a user from your system? How much time does that take? How much does that cost? How do you know if you have orphaned accounts?  is it important for you to know who has access to what systems? if so, how do you know that answer? Is it important for you to know who has certain roles in certain applications? If so how do you determine that?  


This is really more of a sales question than a tech question if you want to get a positive response, throwing tech at them will just give them room to debate, or dig their heels in, find out what their problems are, find out how to help them, let them tell you their problems or processes, and you show them how to solve them they will be asking you for the solution, you won't have to recommend it. 

author avatarEnrique Leon, CISA
Real User

So we do not give you a textbook answer that may or may not apply. 


Can you help us answer your question by providing a bit of details about the organization? To help guide any customer, understanding their current environment is imperative. For example:  how big is the IT dept, the company? what industry are they in? what workloads are they running? what infrastructure? etc.  


Not too crazy details, but basics.

Evgeny Belenky
Dear IT Central Station community, What advice can you share with the community (especially with enterprise users) on Password Day 2021? Thanks, IT Central Station Community Team
author avatarSylvain Déjardin
Real User

Hi,


As requested by Evgeny, my 2 cents.

Nowadays "Password" are still needed. They should be kept in a vault in order to copy/paste them with some kind of security feeling. Mandatory in IT with compliancies and good thing at home.

Tomorrow maybe endusers would have a "security device" to protect their access and share their controlled identity through unique Authentification service. (Because SMS and OTP are not so secure)

Today only few public website use security device.


But more and more company use them at least to secure each employee vault like Big 4 IT/Compagnies

Kind Regards

author avatarreviewer1324719 (PAM Architect at a tech services company with 11-50 employees)
Real User

The very question is endemic of the problem associated with passwords. A day devoted to password considerations. Tomorrow they will be long forgotten. As I see it, there are a few levels of considerations to be included in this question:



  1. Personally related

    1. Banks

    2. Brokerages

    3. Utilities

    4. Commercial credit cards



  2. Private Memberships

    1. Organization memberships

    2. Financial responsibilities

    3. Membership Roles & Access



  3. Professional

    1. Internal organizational

      1. Email

      2. SharePoint

      3. Workday



    2. Client based

      1. VPN

      2. Access oriented (Systems, applications, resources)






Most personal users use the same password for ALL their connections. Worse, many users cache and remember these connections in their browsers. This is the #1 area I would suggest addressing to have the greatest positive impact for Home User scenarios.


A good password with length and complexity is the start, followed by having a password vault, with Norton Password Safe being my favorite, but Pwsafe and KeePass are good candidates for storage of many complex passwords.


Apply these principles personally and professionally.


Customer Identity and Access Management Articles

Shibu Babuchandran
Regional Manager/ Service Delivery at ASPL Info Services
Dec 16 2021
Does access control terminology puzzle you? Many people often mistake PIM, PAM, and IAM – privileged identity management, privileged access management, and identity and access management. Oftentimes, they also believe that privileged access management (PAM) and privileged account management (al...
Read More »
Shibu Babuchandran
Regional Manager/ Service Delivery at ASPL Info Services
Dec 11 2021
                                What is Privileged Account Management (PAM)? Privileged account management can be defined as managing and auditing account and data access by privileged users. A privileged user is someone who has administrative access to critical systems. For instance, anyone ...
Read More »
Find out what your peers are saying about ForgeRock, Auth0, Omada and others in Customer Identity and Access Management. Updated: January 2022.
564,143 professionals have used our research since 2012.