The Forrester Wave™: Identity-As-A-Service, Q4 2017 · The Forrester Wave™: B2E Cloud IAM, Q2 2015 Ten Critical Questions To Ask Before Adopting Identity-As-A-Service (IDaaS)

The Forrester Wave™: Identity-As-A-Service, Q4 2017The Seven Vendors That Matter Most And How They Stack Up

by Andras Cser and Merritt MaximNovember 17, 2017

FOR SECURITY & RISK PROFESSIONALS

FORRESTER.COM

Key TakeawaysOkta, Centrify, And Microsoft Lead The PackForrester’s research uncovered a market in which Okta, Centrify, and Microsoft lead the pack. OneLogin Ping Identity, and Oracle offer competitive options. Gemalto lags behind.

S&R Pros Want Broad Access Control, Mobile Protection, And Identity ProvisioningThe IDaaS market is growing because more S&R pros see IAM, and specifically IDaaS, as a way to ensure users have the appropriate level of application access. It’s also growing because S&R pros increasingly trust IDaaS providers to act as strategic partners who help solve their various challenges involving identity and access.

Ease Of Administration, Identity Analytics, And Mobile Device Support Are Key DifferentiatorsAs on-premises IAM solutions become dated, costly to maintain, and less effective, improved administration, application and device support, and breadth of IAM standards support will dictate which providers will lead the pack. Vendors that can provide large catalogs of out-of-the-box-supported SaaS apps, include outstanding self-service in their mobile apps, and position themselves to successfully deliver seamless data protection and authentication experiences to their customers will succeed.

Why Read This ReportIn our 41-criteria evaluation of IDaaS providers, we identified the seven most significant ones — Centrify, Gemalto, Microsoft, Okta, OneLogin, Oracle, and Ping Identity — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk (S&R) professionals make the right choice.

2

4

6

12

© 2017 Forrester Research, Inc. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Unauthorized copying or distributing is a violation of copyright law. [email protected] or +1 866-367-7378

Forrester Research, Inc., 60 Acorn Park Drive, Cambridge, MA 02140 USA+1 617-613-6000 | Fax: +1 617-613-5000 | forrester.com

Table Of Contents

IDaaS Reduces Costs, Supports Flexibility, And Improves Security

IDaaS Evaluation Overview

Evaluated Vendors And Inclusion Criteria

Vendor Profiles

Leaders

Strong Performers

Contenders

Challengers

Supplemental Material

Related Research Documents

The Forrester Wave™: B2E Cloud IAM, Q2 2015

Ten Critical Questions To Ask Before Adopting Identity-As-A-Service (IDaaS)

Understand The State Of Identity And Access Management: 2017 To 2018


The Forrester Wave™: Identity-As-A-Service, Q4 2017The Seven Vendors That Matter Most And How They Stack Up

by Andras Cser and Merritt Maximwith Stephanie Balaouras, Madeline Cyr, and Peggy Dostie

November 17, 2017

Share reports with colleagues. Enhance your membership with Research Share.

http://www.forrester.com/go?objectid=RES113063





http://www.forrester.com/go?objectid=BIO1762



https://go.forrester.com/research/research-share/?utm_source=forrester_com&utm_medium=banner&utm_content=featured&utm_campaign=research_share

https://go.forrester.com/research/research-share/?utm_source=forrester_com&utm_medium=banner&utm_content=featured&utm_campaign=research_share


The Forrester Wave™: Identity-As-A-Service, Q4 2017November 17, 2017

© 2017 Forrester Research, Inc. Unauthorized copying or distributing is a violation of copyright law. [email protected] or +1 866-367-7378

2

The Seven Vendors That Matter Most And How They Stack Up

IDaaS Reduces Costs, Supports Flexibility, And Improves Security

Identity-as-a-service (IDaaS) was an emerging technology and deployment model in the last IDaaS Forrester Wave™.1 Since that time, the market has matured considerably and shows strong demand from enterprise clients. This is because IDaaS:

› Reduces labor costs by 30% to 35%. The biggest benefit of using IDaaS compared to on-premises IAM solutions is a 30% to 35% lower ongoing maintenance rate, most of which is manifested in a lower need for (expensive) IAM skilled employees.2 In addition, you no longer have to upgrade a heavily customized on-premises IAM solution every year — vendors seamlessly update their IDaaS solutions once every two to four weeks.

› Provides easy-to-configure access control and auditing solutions. IDaaS solutions provide a simple way to control access and provide single sign-on (SSO) to SaaS (and, to a lesser degree, on-prem) applications, and they require minimal initial implementation investment. IDaaS solutions now offer much better support for industry protocols (e.g., SAML, OpenID Connect, OAuth2, etc.) and boast thousands of pre-integrated applications in their SaaS app catalogs. Certification with SaaS apps means the burden of troubleshooting falls on the vendor, not the client organization. Security teams also often use IDaaS solutions to direct traffic to cloud security gateways (CSGs), also known as cloud access brokers (CASBs). According to our surveys, 73% of global network security decision makers have implemented, are implementing/expanding/upgrading, or plan to implement an IDaaS solution (see Figure 1).

› Enables cost-effective two-factor authentication (2FA). In the light of recent high-profile data breaches, it’s imperative to protect application access with stronger passwords and 2FA. IDaaS solutions allow S&R pros to centrally and cost effectively define and enforce password policies for Active Directory (AD) as well as to add on software/hardware token, push notification, SMS one-time passwords, and biometrics as 2FA to those applications that do not by themselves support it. In this Forrester Wave, we saw early signs of IDaaS solutions allowing administrators not only to define static rules-based policies but also to rely on an IDaaS-generated risk score (which can be high, for example, when a user accesses the IDaaS solution from a new device from a new IP address).

› Helps to protect credentials and data on mobile devices. Okta, Centrify, and Microsoft bundle their own native enterprise mobility management (EMM) solution with their IDaaS platform. For smaller organizations that have no preexisting investment in a larger EMM platform, such as Airwatch and Mobile Iron, this can be a simple and cost-effective alternative to protect application credentials as well as data on mobile devices.3

› Simplifies basic SaaS identity management tasks. Today’s IDaaS solutions provide simple provisioning from HR systems (e.g., BambooHR, Workday) or Active/LDAP Directory using SCIM, SAML Just In Time (JIT), or even SaaS native user management APIs to many SaaS apps (Conjur, Salesforce, ServiceNow, etc.). While identity governance (attestation, periodic recertification, etc.)




3


features are currently lacking, vendors actively partner with RSA, SailPoint, and other vendors for this functionality. Forrester expects that IDaaS solutions will provide native identity governance capabilities for SaaS apps in the next 18 to 24 months.4

› Increasingly supports hybrid environments especially for provisioning. Security teams want to expand IDaaS solutions to: 1) manage SSO and identity management and governance (IMG) and 2) provide a single pane of glass of auditing access for SaaS as well as on-premises applications. As a result, we’re seeing Oracle and Ping Identity bridging their on-premises SSO and IMG product portfolios to their IDaaS solution, while Okta and OneLogin build and acquire on-prem SSO solutions. This ultimately increases the complexity of IDaaS solutions and raises questions on how to build connectors to on-prem apps in a scalable and repeatable way. This will help organizations that struggle with the high cost of implementing today’s complex workflows in on-prem IMG solutions.

› Provides valuable identity analytics for detection of malicious activity. Identity analytics (IA) is one of the most dynamically evolving and improving aspects of today’s IDaaS solutions. IA allows security teams to take feeds from the IDaaS vendors about compromised accounts, websites, and IP addresses and use them in detecting, alerting, and preventing unauthorized employee or customer access to the firm’s critical properties: external website, internal apps, mobile devices, etc.

FIGURE 1 IDaaS Adoption Accelerates

“What are your firm’s plans to adopt the following identity and access management technologies?”(Providing single sign-on portals to employees for SaaS-based app access [IDaaS])

Base: 604 global network security decision makers

Source: Forrester Data Global Business Technographics® Security Survey, 2017

Don’t know 5%

Planning to implement withinthe next 12 months

19%

Not interested/Interested butno immediate plans

22%

Implementing/implemented/expanding/upgrading implementation

53%




4


IDaaS Evaluation Overview

To assess the state of the IDaaS market and see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top IDaaS vendors. After examining past research, user need assessments, and vendor and expert interviews, we developed a comprehensive set of evaluation criteria. We evaluated vendors against 41 criteria, which we grouped into three high-level buckets:

› Current offering. We assessed each IDaaS solution’s capabilities alongside the following criteria: 1) user directory support; 2) access policy administration; 3) protocol support and step-up authentication; 4) breadth of SAML and non-SAML application integration; 5) breadth of provisioning connector support, setup, and policy administration; 6) identity analytics; 7) on-prem app SSO support; 8) end user self-service from the portal and from the IDaaS solution’s native mobile applications; 9) mobile device management; 10) breadth of support for mobile operating systems; 11) API security and solution APIs; 12) reporting breadth; 13) report creation and customization; 14) dashboard customization; 15) scalability; and 16) security certifications. In scoring, we took into account not only to what degree the vendor’s IDaaS solution satisfies a functional criterion but also assessed how easy and intuitive the feature is to find and use.

› Strategy. We assessed each IDaaS vendor’s: 1) future overall and development plans; 2) customer satisfaction; 3) ability to answer RFPs; 4) ability to conduct effective proof of concept demonstrations; 5) North American, Central and South American, EMEA, and Asia Pacific system integration ecosystems; 6) solution development, sales, support, and implementation strength; and 7) pricing transparency.

› Market presence. We evaluated vendors using their: 1) IDaaS revenues; 2) IDaaS revenue growth; 3) direct installed base; 4) indirect installed base; and 5) vertical presence.

Evaluated Vendors And Inclusion Criteria

Forrester included seven vendors in the assessment: Centrify, Gemalto, Microsoft, Okta, OneLogin, Oracle, and Ping Identity. Each of these vendors has (see Figure 2):

› A thought-leading IDaaS portfolio of products and services. We included vendors that demonstrated IDaaS thought leadership and IDaaS solution strategy execution by regularly updating and improving their productized IDaaS product portfolio.

› Total annual IDaaS revenues of at least $15 million with at least 35% growth. We included vendors that have at least $15 million in combined revenues from the IDaaS solution and at least 35% year-over-year growth.

› At least 400 paying IDaaS customer organizations in production. We included vendors that have an install base of at least 400 paying IDaaS customer organizations in production.




5


› An unaided mindshare with Forrester’s end user customers. The vendors we evaluated are frequently mentioned in Forrester end user client inquiries, vendor selection RFPs, shortlists, consulting projects, and case studies.

› An unaided mindshare with Forrester’s vendor customers. The vendors we evaluated are frequently mentioned in Forrester vendor client inquiries and briefings as formidable competitors.

FIGURE 2 Evaluated Vendors: Product Information And Selection Criteria

Company

Centrify

Gemalto

Microsoft

Okta

OneLogin

Oracle

Ping Identity

Product

Centrify Application and Endpoint Services

SafeNet Trusted Access, a cloud-based access management service

Microsoft Azure Active Directory

Okta

OneLogin

Oracle Managed Security Services for Oracle Public Cloud

PingOne

Product number

17.6

2017.09

30-Jun-17

version 11gR2 PS3 or 11. 1.2.3

• A thought-leading IDaaS portfolio of products and services. We included vendors that demonstrated IDaaS thought leadership and IDaaS solution strategy execution by regularly updating and improving their productized IDaaS product portfolio.

• Total annual IDaaS revenues of at least $15 million with at least 35% growth. We included vendors that have at least $15 million in combined revenues from the IDaaS solution and at least 35% year-over-year growth.

• At least 400 paying IDaaS customer organizations in production. We included vendors that have an install base of at least 400 paying IDaaS customer organizations in production.

• An unaided mindshare with Forrester’s end user customers. The vendors we evaluated are frequently mentioned in Forrester end user client inquiries, vendor selection RFPs, shortlists, consulting projects, and case studies.

• An unaided mindshare with Forrester’s vendor customers. The vendors we evaluated are frequently mentioned in Forrester vendor client inquiries and brie�ngs as formidable competitors.

Vendor inclusion criteria




6


Vendor Profiles

This evaluation of the IDaaS market is intended to be a starting point only. We encourage clients to view detailed product evaluations and adapt criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool (see Figure 3).

FIGURE 3 Forrester Wave™: Identity-As-A-Service, Q4 ’17

Challengers Contenders LeadersStrong

Performers

StrategyWeak Strong

Currentoffering

Weak

Strong

Go to Forrester.comto download the Forrester Wave tool for more detailed product evaluations, feature comparisons, and customizable rankings.

Market presence

Full vendor participation

Incomplete vendor participation

Centrify

Gemalto

Microsoft

Okta

OneLogin

Oracle

Ping Identity




7


FIGURE 3 Forrester Wave™: Identity-As-A-Service, Q4 ’17 (Cont.)

All scores are based on a scale of 0 (weak) to 5 (strong).

Centri

fy

Gemalt

o

Micr

osof

t

Okta

OneLo

gin

weight

ing

Forre

ster’s

50%

4%

4%

4%

5%

5%

4%

5%

4%

4%

4%

4%

4.28

3.00

5.00

5.00

2.00

4.00

5.00

4.00

5.00

5.00

4.00

0.00

1.05

2.00

1.00

3.00

1.00

1.00

2.00

1.00

0.00

1.00

0.00

0.00

3.84

5.00

2.00

3.00

3.00

2.00

3.00

4.00

3.00

5.00

5.00

5.00

4.37

5.00

5.00

2.00

5.00

5.00

4.00

5.00

5.00

5.00

3.00

3.00

3.21

5.00

5.00

4.00

5.00

5.00

4.00

5.00

3.00

5.00

0.00

0.00

Oracle

Ping Id

entit

y

1.89

3.00

2.00

4.00

1.00

1.00

2.00

1.00

2.00

2.00

3.00

1.00

3.10

1.00

3.00

3.00

4.00

4.00

5.00

2.00

3.00

5.00

0.00

0.00

Current Offering

User directory support

Access management policy administration

Protocol support, step-up authentication,

risk-based policies, multifactor authentication

(MFA), and social login

Breadth of SAML-based SaaS app

integration for access management

Breadth of non-SAML-based SaaS app

integration for access management

Breadth of authentication protocol support

Breadth of provisioning connector support for

SaaS applications

Policy management for user account

provisioning to SaaS cloud web applications

Setting up connectors for new SaaS apps

Identity analytics and threat feeds

Consuming external threat information in the

IDaaS solution




8




Centri

fy

Gemalt

o

Micr

osof

t

Okta

OneLo

gin

weight

ing

Forre

ster’s

4%

4%

7%

7%

7%

7%

4%

3%

3%

3%

1%

3%

5.00

5.00

5.00

5.00

5.00

5.00

5.00

5.00

5.00

5.00

2.00

1.00

1.00

1.00

0.00

0.00

0.00

0.00

2.00

5.00

3.00

0.00

5.00

3.00

5.00

5.00

2.00

5.00

5.00

5.00

3.00

1.00

3.00

4.00

5.00

5.00

5.00

3.00

5.00

5.00

5.00

4.00

5.00

4.00

5.00

1.00

4.00

5.00

3.00

3.00

3.00

2.00

2.00

3.00

2.00

3.00

5.00

1.00

1.00

4.00

Oracle

Ping Id

entit

y

2.00

3.00

2.00

2.00

3.00

0.00

3.00

1.00

1.00

0.00

2.00

3.00

3.00

5.00

3.00

5.00

3.00

3.00

5.00

3.00

2.00

2.00

3.00

2.00

Current Offering

Policies for SSO into a SaaS and on-prem

apps, end users’ management of their own

apps, access request, and reviews to apps

End user self-service

End user management of the SSO portal

login experience

IAM from the vendor’s own portal

mobile application

IDaaS solution’s mobile device

management and data protection

Breadth of mobile operating system support

API security and solution APIs

Breadth of built-in reports

Creating and customizing reports

Dashboard customization

Scalability

Breadth of security certi�cations




9




50%

12%

10%

10%

10%

10%

6%

8%

8%

6%

6%

6%

7%

1%

0%

20%

20%

20%

20%

20%

4.02

5.00

5.00

5.00

5.00

3.00

5.00

4.00

4.00

2.00

2.00

3.00

3.00

5.00

3.00

1.00

2.00

3.00

4.00

5.00

1.83

1.00

1.00

2.00

2.00

0.00

1.00

0.00

0.00

5.00

5.00

4.00

4.00

3.00

3.60

3.00

5.00

2.00

5.00

3.00

4.12

5.00

5.00

3.00

1.00

4.00

4.00

5.00

5.00

5.00

3.00

5.00

5.00

5.00

4.80

5.00

4.00

5.00

5.00

5.00

4.14

5.00

4.00

5.00

5.00

5.00

0.00

5.00

4.00

4.00

5.00

2.00

3.00

5.00

3.80

5.00

5.00

5.00

3.00

1.00

2.61

5.00

2.00

3.00

5.00

1.00

1.00

1.00

5.00

1.00

1.00

1.00

2.00

5.00

2.40

1.00

3.00

5.00

2.00

1.00

3.54

5.00

1.00

1.00

2.00

5.00

5.00

3.00

4.00

3.00

5.00

5.00

5.00

5.00

2.00

4.00

1.00

1.00

1.00

3.00

2.34

2.00

3.00

3.00

3.00

2.00

3.00

2.00

3.00

1.00

1.00

1.00

3.00

3.00

2.80

2.00

2.00

4.00

1.00

5.00

Strategy

Future overall development and market plans

for IDaaS and technology

Customer satisfaction

Vendor’s RFP response

Vendor’s proof of concept and demonstration

North American implementation partner

ecosystem

Central and South American implementation

partner ecosystem

EMEA implementation partner ecosystem

Asia Paci�c implementation partner ecosystem

Solution development strength

Solution sales strength

Solution support strength

Solution implementation strength

Pricing transparency

Market Presence

IDaaS revenue

IDaaS revenue growth

Direct installed base

Indirect installed base

Verticals




10


Leaders

› Okta offers a comprehensive IDaaS platform with provisioning and API management. The meta-directory design of the solution offers comprehensive directory management, access policy administration, and easy-to-use schema mapping between its cloud directory and endpoints. It has FIDO U2F support for two-factor authentication and one of the most comprehensive SAML application catalogs of vendors evaluated in this Forrester Wave. However, the vendor lacks risk-based authentication support and easy integration with third-party threat feeds, and customizing admin dashboards is difficult.5 The vendor plans to: 1) implement adaptive, risk-based and context-based analytics for access control; 2) add custom policy and workflow extensibility; and 3) deliver a joint cloud and desktop single sign-on solution for Windows and Macintosh endpoints.

› Centrify offers threat analytics, elegant risk dashboards, and flexible access policies. Centrify’s execution of its strategy and ability to respond to RFPs and conduct solution demonstrations topped other vendors in this Forrester Wave. The virtual-directory designed solution has extensive access policy protocol support, robust risk dashboards, integrated threat and identity analytics, and intuitive policy management. However, the vendor lacks customer mindshare in Forrester’s client base and inquiries, the solution’s report customization requires SQL knowledge (and is not wizard based), and the vendor reports a comparatively weak indirect install base. The vendor plans to: 1) enhance its support for managed security services providers’ (MSSP) policy management; 2) introduce Identity Broker for endpoints solution for decentralized workforces that are off the corporate network; and 3) introduce extensible outbound and inbound provisioning capabilities for apps not currently supported in its catalog.

› Microsoft supports Office 365 and provides native identity and threat intelligence. Microsoft bundles its Azure Active Directory and Azure Active Directory Premium offerings with many of its Office 365 customers, meaning that their IDaaS solution has one of the largest IDaaS install bases of vendors evaluated in this Forrester Wave. The solution offers strong user directory support, easy and intuitive setup of connectors to SaaS apps, and a powerful mobile-device-based portal application, and provides strong scalability and availability. However, the IDaaS solution’s interface is part of the Azure general console, which makes administration less intuitive. Some provisioning functionality requires using PowerShell scripts, and the built-in reporting is weaker than other IDaaS solutions. The vendor plans to: 1) extend access policies to include conditional access, time, and geofencing, and certificate support; 2) extend integration with Microsoft App Security (its cloud security offering) and Microsoft Threat Analytics; and 3) evolve Microsoft Graph API for bidirectional data and threat feed integration with other Microsoft products.

Strong Performers

› OneLogin integrates directories and offers SSO for on-prem apps. OneLogin provides complete attribute mapping and conditional processing of endpoint directory attribute values. It has per-use and per-application SaaS and 2FA access policy options, and risk scoring of




11


login activities. The solution also supports the AWS console and easy OOTB branding policy management. However, the vendor does not expose the solution’s user risk scoring to the customer and does not currently have identity analytics or integration with third-party threat feeds. The vendor has a fairly weak North American, South American, and EMEA implementation partner ecosystem. The vendor plans to: 1) extend identity to the device using OneLogin desktop and the Sphere acquisition; 2) expand its cloud directory and offer integrated virtual directory and admin functions; and 3) introduce machine learning and analytics to interpret signals from cloud security and security analytics solutions.

› Ping Identity partners with Azure AD and provides extensive protocol support. Ping Identity was a nonparticipating vendor in this Forrester Wave. The PingOne IDaaS solution offers Azure enablement and extensive integration with Ping Access and Ping Federate. The vendor’s focus is on large, global enterprises with annual revenues of $500 million per year. However, to enable the entire PingOne IDaaS functionality, PingOne still requires installation of the Ping Federate and Ping Access products. In Forrester’s opinion, the user account provisioning lags behind other IDaaS solutions, and online documentation is insufficient for many admin tasks. Forrester expects that the vendor plans to: 1) change its revenue split from the current predominantly on-prem solution revenues to predominantly IDaaS revenues; 2) offer extended support to the Azure console; and 3) improve its risk-based authentication features.

Contenders

› Oracle’s Identity Cloud Service uses many product components for full functionality. Oracle was late to the IDaaS market with its Identity Cloud Service (IDCS) offering. IDCS has very strong integration with Oracle business applications and the existing Oracle on-prem IAM product suites. Oracle’s existing on-premises IAM presence will help boost the solution’s adoption within the existing Oracle IAM customer base. However, to provide the full set of IDaaS functionality, IDCS still heavily relies on other Oracle IAM components on-prem, hosted, or managed, including Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Unified Directory. The vendor plans to: 1) extend its centralized hybrid IAM to offer a single-pane-of-glass policy management and audit; 2) extend its 2FA token infrastructure; and 3) implement risk- and threat-aware access policies.

Challengers

› Gemalto has outstanding support for 2FA modalities and supports a tenant hierarchy. The solution supports structured policy management for a hierarchy of tenants and offers a broad range of reporting templates. 2FA token registration self-service and management is unique and very functional. However, the solution lacks granular access policy management, an end user single sign-on portal (this is planned), user account provisioning, a mobile portal application, identity




12


analytics, and dashboard customization. Forrester expects that the vendor plans to: 1) add real-time visibility and monitoring; 2) support risk and threat detection; and 3) add data discovery, classification, and protection.

Engage With An Analyst

Gain greater confidence in your decisions by working with Forrester thought leaders to apply our research to your specific business and technology initiatives.

Forrester’s research apps for iOS and Android.Stay ahead of your competition no matter where you are.

Analyst Inquiry

To help you put research into practice, connect with an analyst to discuss your questions in a 30-minute phone session — or opt for a response via email.

Learn more.

Analyst Advisory

Translate research into action by working with an analyst on a specific engagement in the form of custom strategy sessions, workshops, or speeches.

Learn more.

Webinar

Join our online sessions on the latest research affecting your business. Each call includes analyst Q&A and slides and is available on-demand.

Learn more.

Supplemental Material

Online Resource

The online version of Figure 3 is an Excel-based vendor comparison tool that provides detailed product evaluations and customizable rankings. Click the link at Forrester.com at the beginning of this report to download.

http://www.forrester.com/app

http://forr.com/1einFan

http://www.forrester.com/Analyst-Advisory/-/E-MPL172

https://www.forrester.com/events?N=10006+5025




13


Data Sources Used In This Forrester Wave

Forrester used a combination of five data sources to assess the strengths and weaknesses of each solution. We evaluated the vendors participating in this Forrester Wave, in part, using materials that they provided to us by June 30, 2017.

› Hands-on lab evaluations. Vendors spent one day with a team of analysts who performed a hands-on evaluation of the product using a scenario-based testing methodology. We evaluated each product using the same scenario(s), creating a level playing field by evaluating every product on the same criteria. We also evaluate vendors’ solutions not only for the presence of a feature, but also for the intuitiveness and ease of use of that feature.

› Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where necessary to gather details of vendor qualifications.

› Product demos. We asked vendors to conduct demonstrations of their products’ functionality. We used findings from these product demos to validate details of each vendor’s product capabilities.

› Customer reference calls. To validate product and vendor qualifications, Forrester also conducted customer surveys and/or calls with three of each vendor’s current customers.

› Unsupervised demonstration environment usage. We asked vendors to provide us with uninterrupted and unsupervised access to the demonstration environments in which we could test the products’ features and recreate the product demos at will.

The Forrester Wave Methodology

We conduct primary research to develop a list of vendors that meet our criteria for evaluation in this market. From that initial pool of vendors, we narrow our final list. We choose these vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate vendors that have limited customer references and products that don’t fit the scope of our evaluation.

After examining past research, user need assessments, and vendor and expert interviews, we develop the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we gather details of product qualifications through a combination of lab evaluations, questionnaires, demos, and/or discussions with client references. We send evaluations to the vendors for their review, and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies.

We set default weightings to reflect our analysis of the needs of large user companies — and/or other scenarios as outlined in the Forrester Wave evaluation — and then score the vendors based on a clearly defined scale. We intend these default weightings to serve only as a starting point and encourage readers to adapt the weightings to fit their individual needs through the Excel-based tool. The final scores generate the graphical depiction of the market based on current offering, strategy, and




14


market presence. Forrester intends to update vendor evaluations regularly as product capabilities and vendor strategies evolve. For more information on the methodology that every Forrester Wave follows, please visit The Forrester Wave™ Methodology Guide on our website.

Integrity Policy

We conduct all our research, including Forrester Wave evaluations, in accordance with the Integrity Policy posted on our website.

Survey Methodology

The Forrester Data Global Business Technographics® Security Survey, 2017 was fielded between May and June 2017. This online survey included 3,752 respondents in Australia, Brazil, Canada, China, France, Germany, India, New Zealand, the UK, and the US from companies with two or more employees.

Forrester Data Business Technographics ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of business and technology products and services. Research Now fielded this survey on behalf of Forrester. Survey respondent incentives include points redeemable for gift certificates.

Please note that the brand questions included in this survey should not be used to measure market share. The purpose of Forrester Data Business Technographics brand questions is to show usage of a brand by a specific target audience at one point in time.

Endnotes1 To see our previous Wave on IDaaS, please see the Forrester report “The Forrester Wave™: B2E Cloud IAM, Q2 2015.”

2 Security and risk executives responsible for identity and access management must manage users’ access to sensitive applications and data without inhibiting business agility, compromising the digital experience for either employees or customers, or violating compliance requirements — and they need to do so as effectively as possible. To learn how to quantify the costs and benefits for various approaches to IAM, see the Forrester report “Making The Business Case For Identity And Access Management.”

3 While infrastructure and operations pros have historically employed enterprise mobility management (EMM) solutions to address mobile device management and security, these solutions are expanding to take on new business applications. This broader remit includes unified endpoint management (UEM), internet of things (IoT), and advanced analytics. To learn more, see the Forrester report “Vendor Landscape: Enterprise Mobility Management (EMM) Solutions, 2017.”

4 To learn more about the expected growth of IAM technologies, see the Forrester report “Forrester Data Report: Identity And Access Management Software Forecast, 2016 To 2021 (Global).”

5 Okta does provide adaptive authentication policies based on IP and geolocation.

https://www.forrester.com/marketing/policies/forrester-wave-methodology.html

http://www.forrester.com/marketing/policies/integrity-policy.html

http://www.forrester.com/marketing/policies/integrity-policy.html








We work with business and technology leaders to develop customer-obsessed strategies that drive growth.

PRODUCTS AND SERVICES

› Core research and tools › Data and analytics › Peer collaboration › Analyst engagement › Consulting › Events

Forrester Research (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We work with business and technology leaders to develop customer-obsessed strategies that drive growth. Through proprietary research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations. For more information, visit forrester.com.

CLIENT SUPPORT

For information on hard-copy or electronic reprints, please contact Client Support at +1 866-367-7378, +1 617-613-5730, or [email protected]. We offer quantity discounts and special pricing for academic and nonprofit institutions.

Forrester’s research and insights are tailored to your role and critical business initiatives.

ROLES WE SERVE

Marketing & Strategy ProfessionalsCMOB2B MarketingB2C MarketingCustomer ExperienceCustomer InsightseBusiness & Channel Strategy

Technology Management ProfessionalsCIOApplication Development & DeliveryEnterprise ArchitectureInfrastructure & Operations

› Security & RiskSourcing & Vendor Management

Technology Industry ProfessionalsAnalyst Relations

136652