Leader and Visionary - OneLogin

July 1st, 2015   |     |  company news

It’s the season - industry experts have weighed in on the Identity & Access Management (IAM) as a Service marketspace (often referred to as IDaaS or Cloud IAM). This year, the landscape suggests enterprises have lots of information to sort through.

As a vendor throughout these evaluations, I wanted to share a perspective on the process and offer recommendations on how to apply this information in your own review cycle. Each assessment has a different objective and provides different views into the vendor landscape. From my perspective, the Forrester Wave best reflects current state of the market, Gartner conveys more of a directional perspective, and Network World a quick rollup of current players.

The Forrester Wave provides a detailed, comparative analysis of the cloud IAM vendor’s products and services which will assist clients in optimizing their vendor selection process. Criteria across two key focus areas, current offering and strategy, were scored to give clients a baseline from which to leverage in building their own evaluation requirements.

The Gartner Magic Quadrant (MQ) takes a wide-angle view by providing relative positions of the market’s competitors based on ability to execute versus completeness of vision. It provides an analyst’s perspective into each technology provider’s strategies and how they are competitively positioning to compete for end-user business.

The Network World SSO Review provides a brief editorial snapshot with the practitioner audience in mind. Consider this a teaser scorecard based on available market data and a look at some of the hot topics in technology.

The following table provides insights into the process:

Forrester Gartner Network World
Product and Strategy Survey / Questionnaire
Vendor Product Demo Against Criteria
Hands-On Product Evaluation Against Criteria
Customer Reference Checks
Vendor Briefing
Fast Check Review with Vendor
Vendor Qualifications > $1M revenue
> 40 customers
> $4M revenue
> 40 customers
Number of Vendors Selected for Evaluation 9 15 7
Duration of Evaluation Cycle 6 months 4 months 2 months

My recommendation is not to look at any one report in isolation, but choose the best of each to drive your evaluation and vendor selection process. Given the dynamics in the IAM market, particularly with born-in-cloud or native-cloud vendors encroaching on traditional on-premise solutions, it’s clearly a daunting task defining your project’s evaluation criteria and selecting a vendor. While one can draw upon existing customer requirements, there are emerging innovations intent on solving new unaddressed problems that should also be factored into the process. Thus, it’s worthwhile to leverage the research of third parties like Forrester and Gartner, and engage with the vendors and their partners to gather the information you need.

Four recommendations in applying these resources:

1) For business and IT leaders, become familiar with the marketspace, trends, and key vendors

All three reports will help organizations build a list of vendors and frame key functional requirements, however I would look to Forrester and Gartner for richer information. Their authoring analysts are domain experts who talk weekly if not daily to customer clients and vendors to stay abreast of the market’s true state and direction.

2) For IT leaders, define your requirements based on your business needs

While every customer will want to define their own criteria based on their unique business needs and IT strategy, gather the applicable elements from both the Forrester and Gartner reports, and then extend your efforts to include additional recommended research and technical notes provided by these firms.

3) For evaluators, make your short list base on vendors who meet your functional requirements

Forrester provides an Excel-based vendor comparison tool where you can adapt their criteria weightings to fit your individual needs. The report itself provides a broad table of product capabilities that are scored and weighted.

I will volunteer that Forrester Research was the only research team that took a truly hands-on approach and actually evaluated products against the criteria they defined. I feel this is an important part of the process- like test driving a car. Knowing the analysts were directly working with each product as an administrator and end user, and transparent about their scoring, provided an air of objectivity in the vendor reviews.

4) For decision makers, narrow your buying criteria based on strategic alignment with the vendors and their vision

Forrester evaluates and weighs each vendor’s strategy against a set of criteria such as future development, customer satisfaction, and staffing. Gartner takes a strengths and cautions approach, taking into consideration criteria such as product and strategy, execution, and innovation. Whichever analyst you elect to consult, the authors of these reports and their peer analysts will be able to discuss the IAM vendor landscape in more detail.


As market-makers create new segments or adjacencies to existing markets, as is the case of IDaaS relative to IAM, the pace of adoption is predicated on the organization’s motivation to embrace technology innovations and its tolerance for risk. As IDaaS enters mainstream the risk is reduced and we’re seeing more and more cloud IAM projects emerge. There are really only two vendors to evaluate: OneLogin and Okta. From here you need to do your due diligence, partake in your own evaluation, and make an assessment regarding which vendor you want to have as your partner. OneLogin is confident you’ll place your trust in us.

About the Author

Chip Epps joined OneLogin in 2014 to help advance cloud security initiatives and the evolution of identity and access management. Having worked previously at Symantec, Trend Micro, and Websense he focused on securing virtual data centers and implementing SaaS-based compliance solutions. Prior to a career in security, Chip worked at Peregrine Systems (now HP), promoting ITSM and service management within a dynamic IT environment.

View all posts by Chip Epps

Secure All Your Apps, Users, and Devices