'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
By default, user identities are distributed among cloud applications, virtual environments, networks and web portals. With no central Identity access management (IAM) strategy, businesses of all sizes lose precious security and productivity.
IAM software platforms make it faster and easier for employees to securely access the data and applications they require to execute their duties. These packages ensure an enterprise that only authorized employees are accessing the correct information. For example, while a human resources staffer needs access to an employee's personal information, the marketing team doesn't need the same files. IAM tools provide effective role-based access to keep an organization's resources safe and out of the hands of intruders.
These tools generally perform two functions: They confirm that the user, device, or application is who they say they are by cross-referencing the credentials they provide against what the system has on file. Then, once those credentials are confirmed, the software only provides the necessary level of access, instead of giving the individual access to everything within a network.
Here are ZDNet's top picks of the leading providers of identity access management software in 2022.
Okta, in May 2021, completed the acquisition of Auth0 for $6.5 billion, picking up a boatload of new intellectual property to go with a new set of customers.
Gartner recognized Okta as a leader in its Magic Quadrant for Access Management 2020 for the fourth year in a row. Gartner analysts described Okta as "one of the most mature and advanced AM tools in the market to meet both internal and external user access management use case's needs."
Okta enables organizations to secure and manage their extended enterprise, whether on-premises or in a private, public or hybrid cloud. With more than 6,000 pre-built integrations to applications and infrastructure providers, Okta claims that its customers can securely adopt the technologies they need to fulfil their missions. Okta provides SSO (single sign-on), MFA (multi-factor authentication) and a universal directory, which gives a SecOps team a single place to manage all user identities. The platform offers several different factors for their MFA, meaning users are not limited to phone or email authentication. Okta also provides zero trust access management for infrastructure, enabling more control over user permissions. It also automatically secures APIs on the backend.
PROS
CONS
Auth0, founded in 2013 and acquired by Okta in May 2021 for $6.5 billion, is a respected alternative for developers who want to create a secure login experience for their personal applications. It is a next-gen identity management platform for web, mobile, IoT, and internal applications.
The software assigns permissions automatically based on a user's role, affording less chance of error than manual assignments. It also can provide access tokens to give users temporary access they might need.
The versatile Auth0 platform handles API authorization to ensure that users only connect to safe applications. The platform offers monthly pricing.
PROS
CONS
Ping Identity, founded in 2002 and one of the most well-established identity management companies in the business, was designed for hybrid IT environments. It works cleanly across public, private and hybrid clouds and with on-premises networks and applications.
The platform combines multi-factor authentication with single sign-on options to provide an intuitive and secure sign-on experience for each user. It also includes an analytics engine to help SecOps teams detect (and predict) anomalies in user behavior that could signal that a phony identity has compromised the system.
Thanks to its vast feature set, Ping Identity also can help enforce business rules for authorization and authentication through customizable policy tracking.
PROS
CONS
Any product with Microsoft in the name is automatically going to get attention from potential buyers. Microsoft Azure Identity Management, considered a service of Active Directory, offers several different identity management products for on-premises, public, private and hybrid clouds.
Azure's Identity Management enables an enterprise to automatically classify and label data to make it easier to assign access rights based on user roles. It also lets users track suspicious activity on shared data and applications, so admins know exactly who is accessing each file and when they're doing it.
PROS
CONS
OneLogin brings to the security table a cloud IAM platform that keeps simplicity for users upfront as its most important feature. OneLogin features integration templates for more than 6,000 different applications to help admins keep users safe across an entire network. The platform is designed to work with various versions of cloud and on-premises applications.
The HR department controls the user identities, allowing a company to adjust them as the employee lifecycle changes or ends easily. Users even have the option to implement certificate-based trust for remote employees, meaning they'll never have to enter a password.
PROS
CONS
CyberArk, the oldest company on the list (founded 1999), has been both a pioneer and innovator in the identity management field. The company also has earned respect in the investment community, having raised more than a half-billion dollars during the past several years, according to Crunchbase.
CyberArk Workforce Identity offers both MFA and SSO to help employees log into applications easily and securely; it automates onboarding/offboarding processes to lighten the load on HR and IT teams.
The company, formerly known as Idaptive, features a frictionless sign-on process that helps prevent shadow IT from flourishing among employees looking for quicker ways to log into the resources they need. The multi-factor process is supported by analytics functionality, making it faster to spot anomalies that could lead to security breaches.
PROS
CONS
ForgeRock's Identity Platform is backwards-compatible, meaning that it supports most legacy enterprise systems. It automates several identity lifecycle processes, including creating new identities when employees are hired, changing access as they are promoted and removing permissions when employees leave. It is compatible with on-premises, cloud and hybrid environments.
ForgeRock is designed to support large numbers of identities, making it optimal for enterprise companies. ForgeRock provides three individual environments (development, testing, and production) for the cost of a single license for cloud deployments.
Users don't have to pay extra to license additional tenancies. ForgeRock also provides the necessary DevOps tools for developers. Pricing is handled per identity registered.
PROS
CONS
JumpCloud is a relatively new entrant (founded in 2012) into the leadership of this segment. Because it is a next-gen identity management company, it makes a point of being among the most versatile on this list. It prides itself on its secure single sign-on (SSO) access. The platform works with both on-premises and cloud applications; it is equally at home being used with Windows, macOS and Linux operating systems and infrastructure.
JumpCloud also provides reporting and analytics that log user activity, allowing a SecOps team to view and log access attempts that might show that an identity has been compromised. It even offers remote management for security admins.
PROS
CONS
Oracle Identity Management provides not only a well-known name and track record with U.S. government and military use cases but also airtight access to both on-premises and cloud applications.
The platform is highly scalable. Oracle enables organizations to set their own rules and policies for access, so they have complete control over their data and applications at all times. It also offers SSO for any integrated application from any type of device, including mobile phones and tablets.
One of the platform's key features is its real-time fraud prevention process to protect against compromised credentials and keep business resources secure.
PROS
CONS
IBM Security Verify is an identity-as-a-service (IDaaS) platform that includes the SSO, MFA and identity analytics features that are quickly becoming standardized. It offers AI-powered authentication and adaptive-access decisions to prevent shadow IT practices among employees and keep identities from becoming compromised. There are options for passwordless authentication, which will become the next standard feature in IAM systems.
IBM also provides user lifecycle management and compliance to make it easy for HR departments to create new identities as they hire new employees and remove identities when employees leave.
PROS
CONS
IAM software platforms make it faster and easier for employees to access the data and applications securely they require to execute their duties.
These packages ensure an enterprise that only authorized employees are accessing the correct information.
Using its constant monitoring ability, AI-powered authentication, and adaptive-access functions help prevent shadow IT practices among employees and keep identities from becoming compromised.
They do the grunge work that humans don't do well; they also keep track of an employee's history in the system and predict if and when they might make a log-in error. Real-time fraud prevention using AI protects against compromised credentials and keeps business resources secure.
Yes. A good identity management package enables an enterprise to automatically classify and label data to make it easier to assign access rights based on user roles.
It also lets users track suspicious activity on shared data and applications, so admins know exactly who is accessing each file and when they're doing it.