Used as a companion to the Gartner Magic Quadrant, the Gartner Critical Capabilities for Access Management, Worldwide provides deeper insight into providers’ product and service offerings by extending the Magic Quadrant analysis. Use this research to further investigate product and service ratings based on key capabilities set to important, differentiating use cases. For example, you can simply select various common usage scenarios based on how you will be using the technology or service and see which product or service offerings are a best fit based on your needs and requirements.
Centralized authentication, single sign-on, session management, contextual and adaptive access, and authorization enforcement are among the critical capabilities for access management tools. Security and risk management leaders should prioritize these features during tool selection.
- The adoption of SaaS-delivered access management (AM) products continues to grow, providing effective, efficient and business-enabling AM functionality.
- Single sign-on (SSO) and authentication to SaaS applications are the main reasons why customers originally adopt an AM solution. However, most midsize or large enterprises have legacy applications as well. Identity and access management (IAM) leaders are looking for an AM product that can address both their internal and cloud computing needs.
- The future of AM is represented by the adoption of open standards and the application of a continuous adaptive risk and trust assessment (CARTA) approach for security best practices.
Security and risk management leaders responsible for identity and access management should:
- Prioritize a SaaS-delivered AM strategy over existing software-delivered AM for addressing workforce, B2B and B2C use cases.
- Evaluate vendors on their ability to meet the SSO and authentication needs of nonstandard applications along with the vendor’s ability to support the modern identity standards of SAML and OpenID Connect (OIDC).
- Leverage the seven imperatives of CARTA when possible, to implement a continuous adaptive risk and trust assessment for securing access to applications and API targets without adding friction to the user experience.