The Identity 50

Two things I love: The flexibility of the product to provide modern authentication flows for legacy applications the commitment to standards and open source.

I love the approach of a “Zapier” style platform for solving identity problems. ( My words not theirs) But that’s how I look at Readibots. Empowers organizations to automate and change process on their terms, while still adding maturity… very interesting. Practitioners love it too! Got some amazing reviews from customers/practitioners who used the platform in the wild, they love the ability to solve problems quickly.

Visual based orchestration with JSON style configuration changes which can be easily moved from on instance to another. And they don’t just stop at orchestration they handle IGA as well.

Wait. Arent’ they a services company? Yes, but they also have an orchestration product that they offer. Now, I’m biased on this next point, but I’ve always believed that the best product creators are former practitioners. Because they known the pain of the problem they are trying to solve. Haven’t seen this product up close and personal

A fresh take on authorization: although I’m not entirely sold on authorization being a platform itself, I like the use cases that SGNL handles

Can’t talk about authorization without talking about PlainID. Same concerns here around authorization as a stand-alone platform. But I’ve always been impressed with the forward-thinking of the PlainID team.

The Axiomatics crew has been around a long time. ( XACML anyone?) But that was then, and this is now. Their deep knowledge of the authorization landscape gives them an advantage on being able to articulate the challenges that AuthZ brings in modern architectures.

Company

Commentary

I love their leadership and thought process around the market. Their commitment to open source around connectivity ( Check out their Baton SDK). But also their approach to a modern converged IAM platform, combining IGA and PAM. Good lifecycle management capabilities, a nice take on AI features with automated Service Desk integration, and probably most importantly, a good well-connected team. A quote from a third party -” I’ve never seen a more connected team that truly looks out for each other”. In today’s world..that’s not nothing.

A true data-first approach to identity. Veza’s features are built on understanding the relationships between users and their access. This is something that legacy platforms miss, and I feel has been the missing piece for a while. Since the last update they’ve beefed up their Lifecycle Management and have added Privileged Access Monitoring and Non-Human Identity.

What started out as an access request-centric platform has quickly matured into an Identity Security platform player. Quick setup of access reviews, self-service access requests,etc. But I also love their outlook on building an all-around platform from the ground up.

Pure access review player with quick setup and easy-to-use features. If you’re looking for a pure access review solution that you can get up and running quickly, give them a look.

Much like Zilla and ConductorOne and quickly growing modern Identity Security platform. Data driven approach on access reviews, basic lifecycle management features, and natively leaning in to the security side of Identity. Not quite as robust features as the others in the this category but up and coming.

We’ve said for years that identity is really just a data problem. Well the crew over at Andromeda thought so too. A data driven approach to solving identity by ingesting data from all sources, and using ML and AI to solve the use cases of identity.

36 Million dollars in Seed Funding has to mean something! I LOVE the approach they are taking with AI and Identity. Utilizing the standardization of protocols to discover applications, and then using AI to understand usage of those applications and apply that against known security controls, and add a central place to create policy to top it off.

Chef’s Kiss. It’s a modern way of thinking and approaching identity.

If nothing else, their founder is someone you want to follow, he’ll make change in whatever he does. For now I think that will be the identity market. The Lumos platform ties is SaaS spend management, IGA, and a lighting fast way to onboard applications and configure workflows.

The king of the mountain when it comes to IGA, and now if you ask them they would also say when it comes to Identity Security. Recent acquisitions into the PAM space, and a heavy lean into their Atlas platform, has SailPoint looking to prove to the world that their lead is safe. But it’s a brand new world for SailPoint, with lots of competition and shrinking customer budgets. They are now the hunted. And now they head back to the streets. Officially filing their S1, SailPoint will look to take the throne as the gold standard for identity security. However their direction isn’t clear as it’s hard to figure out what Atlas actually is, and their track record of integrating acquisitions isn’t a great one.

Fresh off of a recent rebrand, Saviynt has been busy the past couple of years. First, rebuilding their product, rebranding their image with customers/partners, and rebranding their logo and website. I’ll go on record and say this: No company is better setup for the new age of “as a platform” then Saviynt. They were years ahead of the market with that messaging, and now have the product to back it up. While others have to buy their way into that arena, they had already been busy building it. Now can they execute?

So far they can. Recent rollouts of intelligence across the platform, a planned rollout of an Identity Security Posture Management Tool. Saviynt is gearing up for a heavyweight fight.

Earlier I called them my wildcard, and this recent news is why. No longer just virtual directory company, they are all in on being an identity intelligence platform. Truly embracing their strength in having access to multiple data sources, and using ML to drive impactful insights to be business.

A recent acquisition and management changes over the past couple of years have SecureAuth looking to make a run in the Access Management area, but their future might be in CIAM. Time will tell as we give the new leadership time to paint the vision.

And boy did they. A heavy push into the CIAM market, and also a recent acquisition to secure the “last mile” when it comes to authentication.

For the longest time CyberArk was synonymous with PAM. But the world changed, and so did they. When you count up the acquisitions and take into account their branding, they are clearly positioning themselves as an Identity Security Platform. Their strength will be securing privileged access; their challenge will be providing that same level of depth to the other parts of identity.

Okta? In the OG list? I know, I know. They may not have the longevity as some of the others on this list, but we can’t deny their place in the industry right now. They have dominated this space for a while, and made themselves synonymous with the word Identity. Most of it has been SSO. But ( in my opinion) it was Okta who started the platform wars. Their foray in IGA, and PAM caused a disturbance in the force that has led us to where we are today. We’ve still yet to see their IGA and PAM products really take off, and now the competition is fierce.

Look….in the nicest way possible. I have no clue what the f%& Ping is doing. The strategy around the ForgeRock and Ping products seems shaky at best, and it just doesn’t seem like they’ve figured out their way forward post merger. Can they? Absolutely they can. Will they?….

Purpose built, with a singular focus on providing great customer login experiences. CIAM will be huge over the next 5 years, and think Strivacity is poised to capitalize.

Easy to use, easy to integrate, a quick way secure your applications using the latest in authentication standards. Seriously try it for yourself.

If you’ve followed the content here for long enough, you know we love bold companies. Stytch definitely fits that mold. There Self-Serve Pricing…just WOW. Here’s a snippet, but definitely check out their website for the full deets:

Generous free tier: Our free tier offers significantly more than Auth0’s, and should be enough to fully support your business’s first few years of growth. Or, take advantage of our startup program: don’t pay a cent until your series A or three years of incorporation, whichever comes first.

Beating the drum in a rapidly growing field. Astrix looks to solve the non-human identity problem. And trust me, it’s a problem. Service Accounts, API keys, OAuth apps, etc. All of these things have access, and are being used thousands of times a day, and no one is looking. Well Astrix is. I love their approach, a clean and informative user interface, and depth of information to investigate.

$45 Million dollars later. Astrix continues to push the forward in the NHI space. Updating the product constantly, and really tuning into helping customers break through the noise that is NHI.

Fresh off a 20M Series A round. Token Security looks to throw their hat in the ring tackling the non-human identity problem set.

Another entrant in the NHI fight. Don’t have a ton of information on them, but they’ve got some identity experience at the helm, and that’s always a good thing.

When you leave stealth with $40M in funding, that tells you something. The non-human identity space will be the next frontier, and Oasis is looking to jump in this fight. Very similar to Astrix from the outside looking in.

As cloud IAM providers becomes more mainstream, what happens when that service goes down? Enter Acsense. It is an interesting market play as right now if I were to ask you the question: “What do you do if your Okta tenant goes down?” I’m not sure many people would have a good answer. Enter Acsense.

A collection of rockstar talent advising them, an engaging promo video, and a beautiful-looking website. But still don’t really know what they will be yet. Interested to see it once they are ready.

Coming for the Okta throne is BeyondIdentity. Leaning heavily on its secure by design approach, BeyondIdentity looks to tackle the SSO, Phishing, and Access Management problems all in one solution.

Biggest takeaway I get from this group. Managing just-in-time access and doing it quickly. I like the approach, would like to see some more growth in lifecycle management features though.

Though they are listed here, I”ll most likely move them to a new category in the next update. Recent acquisitions have them being more than just a PAM player as they also enter the Identity Security Platform contest. But they will face the same uphill battle as their competitors. Managing integration of multiple product lines

Delinea launched themselves in to the platform spae with their acquisition of Fastpath, giving them an IGA ‘ish play to combine with their PAM play. Want to guess with their challenge will be? Yup, integration products

A cloud first modern approach to PAM, StrongDm comes in Strong with a time-to-value approach in getting your head around privileged access. Love the approach, and from what I hear so do customers. Next stop, increasing their presence

A modern approach to PAM with a focus around ephemeral access.

Probably not the best fit for them, but their acquisition of Remediant gives them a strong PAM play, so let’s see what they do with it.