We just raised a $30M Series A: Read our story

Top 8 Identity Management (IM) Tools

SailPoint IdentityIQForgeRockOmada IdentitySymantec Identity Governance and AdministrationSaviyntOne Identity ManagerOracle Identity GovernanceMicrosoft Identity Manager
  1. leader badge
    Deployment takes a bit of time, however, once it's done properly, everything becomes very organized and easy to use.Its customization is valuable. We can adapt the product to our actual needs.
  2. The solution is very scalable. We have a lot of users that have been increasing over the years that we have been using it. We have approximately 20,000 users.
  3. Find out what your peers are saying about SailPoint, ForgeRock, Omada and others in Identity Management (IM). Updated: October 2021.
    542,721 professionals have used our research since 2012.
  4. The Governance and self-service that can be set up so you can use them yourself to work in the system are the most valuable features. End users can be enabled to help themselves.
  5. The solution is easy to scale.Self-registration and self-service password management are valuable features. The role modeling feature is also very useful. It allows you to model your enterprise role.
  6. We have found the implementation process to be very easy.Saviynt has a lot of potential with many features available for users.
  7. We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.
  8. report
    Use our free recommendation engine to learn which Identity Management (IM) solutions are best for your needs.
    542,721 professionals have used our research since 2012.
  9. It's a stable and scalable solution.The most important feature is the connectors. Without the connectors, it can do nothing.
  10. It is a stable product. You will experience some issues with it, but it's a good product.Very powerful synchronization tool.

Advice From The Community

Read answers to top Identity Management (IM) questions. 542,721 professionals have gotten help from our community of experts.
Amimesh Anand
Hi community, Our client is looking for risk elimination but doesn't want IdAM to be implemented? How can we convince the client to choose IdAM? What approach would you use? Also, which tool can be embedded along with IdAM to make security more efficient and more versatile?
author avatarSamuel Paul
Real User

Hi @Amimesh Anand,


It seems to be important first to analyse the current situation of your client. Because you can easily highlight main topics to talk about security.


By the way, you can have 2 different approaches, according to the Identities stuff and Roles subjects.


Identities - to guarantee a unique identity to everyone, a manager for everyone, no orphan accounts, accounts are automatically activated/deactivated on the due date, etc.

Role - to be sure everyone is granted (when they need) specific roles and roles are removed when it is not necessary anymore. Without role management, it is not possible to easily manage it, except if there are 6 employees in the company.


Those are a couple of examples but the list is quite long, actually.

author avatarBharat Halai, CISSP
Real User

It all depends on the risks but just look at Maersk - NotPetya and other cyber incidents. 


Prevention is so much better than cure! Trust me - it is one year of my life - I will never get back.

author avatarJay Bretzmann
Real User

What's the issue, expense?  How does one eliminate risk if they can't positively identify who's logging into the network?  Depending upon the devices (endpoints) in use, I'd recommend steering them toward a push MFA solution (Duo is an example).  A lot of companies will add simple SMS OTP or those annoying six-digit codes sent to your phone, and while it's better than nothing, the SS7 protocol is susceptible to Man-in-the-middle attacks.  


If you need some backup material, go download Verizon's DBIR. The #1 attack vector for years running is identity compromise or credential theft.

author avatarCaseyWhitcher
User

I think in your initial interview, and evaluation with the client, the necessity will answer for itself.  


What is your normal process for adding a new user? what is your normal process for terminating a user from your system? How much time does that take? How much does that cost? How do you know if you have orphaned accounts?  is it important for you to know who has access to what systems? if so, how do you know that answer? Is it important for you to know who has certain roles in certain applications? If so how do you determine that?  


This is really more of a sales question than a tech question if you want to get a positive response, throwing tech at them will just give them room to debate, or dig their heels in, find out what their problems are, find out how to help them, let them tell you their problems or processes, and you show them how to solve them they will be asking you for the solution, you won't have to recommend it. 

author avatarEnrique Leon, CISA
Real User

So we do not give you a textbook answer that may or may not apply. 


Can you help us answer your question by providing a bit of details about the organization? To help guide any customer, understanding their current environment is imperative. For example:  how big is the IT dept, the company? what industry are they in? what workloads are they running? what infrastructure? etc.  


Not too crazy details, but basics.

Juma Alshehhi
I am researching identity management solutions. Who in the team should be managing the IDM product?
author avatarJay Bretzmann
Real User

It also depends upon what capabilities are required in your environment. Is the basic need for an access control product? This is what ITOps did back in the days before there were security teams. 


Do you require advanced authentication capabilities or privileged user monitoring? If so, then you should either have a security team in-place or build one. 


Are there compliance reporting requirements that might justify investing in a governance solution? Again, security FTEs would be the right people.


Smaller companies should consider outsourcing all of this to Managed Service Providers. Let a couple of experts do the driving for you.

author avatarJoakim Thorén
Real User

Typically we see IDM products being managed by a system owner in the security team.

author avatarHasan Zuberi ( HZ )
Real User

Depends on the Level of organizations. There are teams sometimes specifically deployed for the same or it goes to CIO or CSO's also. 

author avatarMichaelLindskov
Real User

Identity Management is best managed by the group in a company most capable of getting the job done. 


The group most likely to be successful tends to be the IT Security team. They tend to be the group most centrally involved with the implementation of security tools and are frequently called on to manage attestation processes.  Audit teams and business operations teams may be able to provide support but they rarely have the technical skills to sustain the level of automation needed to be successful.


Another aspect to look at when deciding who should manage Identity is to understand the separation of duties. If you have an Operations or Business team managing Identity you will have conflicts of interest. It is better if a Security, Compliance, or Audit team takes up the role to avoid the issue.


This does not mean that other groups are not a good fit. The trick is to understand what group has the mandate within the business and make sure that they have the right technical support and oversight.  Any group with the right motivation and support can do the job.  Don't get locked into saying it has to be with one group or another.  I have seen a lot of companies fight over the who and never get to the do.

author avatarUmair Akhlaque
Real User

Its depending on the organization structure. Operational Security generally manages tools while Governance & Policies from Risk or CISO. 

Rony_Sklar
Hi peers, What role does IAM play in preventing data breaches? What are the risks associated with not using an IAM solution?
author avatarAhmad Zuhdi
Real User

Absolutely! IAM is so important to prevent a data breach. With IAM we can make sure only the right user can access the right DATA. If there is a privilege abuse or lateral movement action, IAM will inform us and we can take an action to investigate, block or prevent it.

author avatarAmimesh Anand (Cognizant)
Real User

There could be 2 types of action that can be taken to measure the data breach


1) Proactive, where management decides the policy and a team implements those policies to avoid a data breach. Like DlP, Firewall along with IDAM.


2) Passive: where you take action to avoid as much data loss you can. Here the management is mostly interested in who, from where and why tried to brach data. Documentation and announcement is an important role here.


Now coming to IDAM :


IDAM makes policies, where an admin has control to implement who, when and how will access your data and at what level.


IDAM also segregates the duties of each employee so that everyone has accountability for work done.


If we look at the access part, IDAM will ensure that only authorized people have access to your application including the level of access decided by an admin.


In short, IDAM is a solution to all the actions a user or employee can take on your data and how they can view your data. it will help you to clearly divide the threat and real user( either outsider or insider)

author avatarSteveAndrews
Real User

Since cybercrime is on the aggressive rise, and our organizations working practices have evolved from on-premise with some VPN to full remote workers - the security perimeter around physicals buildings with firewalls has moved down the list of importance. No the security perimeter is around your individual users, and the key foundation security elements are Identity & Access Management.  To determine and confirm a user is who they say they are! Identity & Access Management feeds into all other security products which are layered on top so it's critical to have one that addresses all your needs and is somewhat future proofed - as this landscape is constantly changing.


Couple of question to ask yourself - 


What is your current security landscape related to identity?


What are your greatest security concerns related to identity?


What are your top three desired improvement areas?



Cheers!



Steve


Identity Management (IM) Articles

Rony_Sklar
IT Central Station
Members of the IT Central Station community are always happy to take a few minutes to help other users by answering questions posted on our site. In this Q&A round-up, we’re focusing on our users’ answers about SIEM, Identity and Access Management, and the Differences between Hyper-converged… (more)


Members of the IT Central Station community are always happy to take a few minutes to help other users by answering questions posted on our site. In this Q&A round-up, we’re focusing on our users’ answers about SIEM, Identity and Access Management, and the Differences between Hyper-converged Infrastructure vs Converged Infrastructure.

Which is the best SIEM tool for a mid-sized enterprise financial services firm: Arcsight or Securonix?

One of our users was looking for SIEM recommendations, and was specifically looking at ArcSight and Securonix. As always users were very helpful, and suggested possible tools based on their own experience.

ArcSight appeared to be the popular recommendation between the two tools; One user, Himanshu Shah, suggested that Securonix may be better suited for a mid-sized business as ArcSight “works on EPS (Events per second) costing”, which can become costly. Users also suggested looking at other options, such as QRadar, Splunk, and LogRhythm.

However, Consulta85d2 responded, “Neither, or both. Having done literally thousands of SIEM deployments, I can tell you from experience that the technology choice isn’t the most important choice. The critical choice is in the resources and commitment to manage and use the system.”

Aji Joseph held similar sentiments and highlighted the key role that the SoC team plays: “The success of SIEM solutions depends a lot on the expertise of the SoC team that will be managing the alerts generated by SIEM solutions.” He also suggested evaluating the forensics capabilities of the various solutions before buying.

What are some tips for effective identity and access management to prevent insider data breaches?

Insider breaches can be a real issue in businesses. Users gave advice on how to effectively implement Identity and Access Management to tackle this issue.

Mark Adams, a Senior Manager, IT Security and Compliance / CISO at a large construction company, gave great advice for implementing a solution, noting that it’s important to “make the implementation a formal project and involve all key stakeholders, including those from the business, not just IT folks.” He gave practical tips, including identifying and classifying all information assets and creating rules for access to those assets. He also highlighted the importance of reviewing access periodically. He stated, “Data owners should be involved in the review since they are usually in a better position to determine if individuals’ access is still legitimate.”

What are the key differences between converged and hyper-converged solutions?

Users helped to clarify key differences between hyper-converged (HCI) and converged infrastructure. Based on the users’ answers, the key differences revolve around ease of use, flexibility, and price.

HCI solutions are typically more expensive, but have significant advantages. Steffen Hornung pointed to the scaleout nature of HCI, noting that “add more nodes to the system to support new workloads without losing Performance because you add all types at once (compute, storage and networking).”

Dan Reynolds summarised the appeal of HCI really well, pointing out that it’s a complete solution: “Hyper-converged is typically an “all in one box/rack” solution. It consists of compute, storage & network resources all tied together physically (and through software)….You don’t have to architect it. All you have to know is how much “power” you need (what you want to do with it).” In contrast, he noted that “with converged infrastructure (which can still be ‘software defined’) you have to match and configure the components to work together.”

Thanks, as always, to all the users who are taking the time to ask and answer questions on IT Central Station!

IT Central Station is here for you, to learn and help your peers. In a market full of vendor hype, we enable you to get real, unbiased information from people like you.

Do you have a question that you’d like to ask our IT Central Station Community? Ask now!

(less)
Rony_Sklar@Himanshu Shah ​@Consulta85d2 ​@Aji Joseph ​@Mark Adams ​@Steffen Hornung ​@Dan… more »
Find out what your peers are saying about SailPoint, ForgeRock, Omada and others in Identity Management (IM). Updated: October 2021.
542,721 professionals have used our research since 2012.