Setup times have shortened, admin consoles have grown simpler, and support for passkeys has become widespread.
Tels furent quelques-uns des constats formulés, fin 2024, dans la synthèse du Magic Quadrant dédié aux solutions autonomes de gestion des accès.
A year later, the passkeys give way, in Gartner’s discourse, to passwordless, a topic expected to enjoy broad adoption. Decentralized identities are not yet at the same stage, but they are “gaining ground,” while solutions improve on the accessibility front.
From one year to the next, the functional requirements to be met have evolved little. They cover directory services, identity administration (basic lifecycle management), SSO/session management, authentication (emphasis on robust MFA methods and controls to mitigate the use of compromised passwords), and authorization (adaptive access based on risk assessment).
Decentralized identity management has been considered, but was not mandatory. The same applies, among other things, to machine access management, consent, personal data, identity verification, and granular authorization (based on roles or attributes).
12 providers, 5 “leaders”
Vendors are evaluated along two axes. One is forward-looking (“vision”), focused on strategies (vertical, geographic, commercial, marketing, product…). The other measures the ability to actually meet demand (“execution”: customer experience, pre-sales performance, quality of products/services…).
The situation on the “execution” axis:
| Rank | Vendor | Yearly Change |
| 1 | Ping Identity | + 2 |
| 2 | Microsoft | – 1 |
| 3 | Okta | – 1 |
| 4 | Transmit Security | new entrant |
| 5 | CyberArk | – 1 |
| 6 | Entrust | – 1 |
| 7 | IBM | – 1 |
| 8 | Thales | = |
| 9 | OpenText | – 2 |
| 10 | One Identity | – 1 |
| 11 | RSA | – 1 |
| 12 | Alibaba Cloud | new entrant |
On the “vision” axis:
| Rank | Vendor | Yearly Change |
| 1 | Ping Identity | = |
| 2 | Okta | = |
| 3 | Microsoft | = |
| 4 | Transmit Security | new entrant |
| 5 | Thales | – 1 |
| 6 | IBM | – 1 |
| 7 | CyberArk | – 1 |
| 8 | One Identity | = |
| 9 | RSA | = |
| 10 | Entrust | – 3 |
| 11 | Alibaba Cloud | new entrant |
| 12 | OpenText | – 2 |
“Leaders” l’an dernier, IBM, Microsoft, Okta et Ping Identity le restent. Transmit Security les rejoint.
Au sens où Gartner définit les solutions autonomes de gestion des accès, Google, Salesforce et SAP auraient pu prétendre à une place dans ce Magic Quadrant. Ils n’ont le droit qu’à une « mention honorable » faute d’avoir été dans les clous sur la partie business. Il fallait être en mesure de revendiquer, avec cette activité, au moins 65 M$ de CA 2025 (maintenance incluse) ou bien au moins 1100 clients n’ayant pas de contrats sur d’autres produits.
A diluted value proposition at IBM…
IBM leverages the strength of its brand, its customer base, its sector-specific know-how, and its ecosystem to support its activity in this market. It has improved the UX of its Verify solution for self-service registration and expanded support for social logins. Gartner appreciates the capabilities for delegated administration and orchestration, as well as extensibility. It also commends a robust roadmap for the short and long term, backed by investments that run above the average for this segment.
The breadth of IBM’s security portfolio tends to dilute the value proposition of access management. User journeys remain complex in the CIAM (customer identity) space: additional support may be necessary. A tendency to contract for the long term can limit flexibility, both in pricing and in scaling.
… as with Microsoft
The Entra ID (employee access) and Entra External ID (customers) offerings benefit from bundling with other Microsoft services, making them cheaper than competing solutions. They are further supported by a proven infrastructure and a broad partner network. Functionally, they stand out in machine access management, identity lifecycle management, adaptive access, and the integration of GenAI.
The bundling trend obviously carries risks of lock-in. Gartner also notes the efforts and technical resources required to connect to third-party services and legacy applications. It also notes that Microsoft’s marketing strategy positions access management as a component of a broader security platform—and, in doing so, makes it harder to identify the solution’s differentiating capabilities. Entra ID, elsewhere, does not offer fine-grained visual orchestration of user journeys.
A pricing model worth studying at Okta
Beyond its global brand and partner network, Okta stands out for its onboarding process. It also earns praise for its sector-focused strategy, blending integrations and customizable workflows. Functionally, its solutions prove more capable than average, particularly in application-development scenarios. As for marketing strategy, it is well aligned with needs and trends.
Okta has, over the past year, seen net customer growth that was slower than some rivals. Its pricing, combining bundles and “à la carte” options, must be carefully evaluated to choose the right model. For those seeking a single-vendor approach, identity verification can be a sticking point due to the lack of native support for the W3C Verifiable Credentials standard.
Ping Identity, more expensive than average for employee and partner access
Like Okta, Ping Identity is above average on functional capability. Gartner particularly values partner access management, delegated administration, orchestration, extensibility, and API access control. It states that the marketing strategy provides a clear understanding of the solution’s positioning. And the customer experience has improved, aided by personalized journeys.
Historically focused on large enterprises, Ping Identity may be seen as less suitable for smaller organizations. Its sales footprint is limited outside Europe and North America, where most of its customers are concentrated. Pricing is also higher than average in certain scenarios (notably employee and partner access). The impact of the ForgeRock acquisition on agility will also be watched.
Transmit Security, lagging on employee access
Functionally, Transmit Security sits above the market on passwordless, adaptive authentication, orchestration, and identity threat detection. Its solution (Mosaic) delivers a robust customer experience, and its pricing models are clear, contributing to one of the strongest corporate-efficiency ratios in the market.
As with Ping Identity, geographic presence is limited and the focus is on large enterprises. Transmit Security is also behind on employee access management. Its sector strategy is evolving, but gaps remain, notably in compliance.
