KuppingerCole Analysts logoComplete the form to gain full access to the report

The IDaaS market has evolved over the past few years and is still growing, both in size and in the number of vendors. However, under the umbrella term of IDaaS, we find a variety of offerings. IDaaS, in general, provides Identity & Access Management capabilities as a service, ranging from Single Sign-On to full Identity Provisioning for both on-premise and cloud solutions. These solutions also vary in their support for different groups of users – such as employees, business partners, and customers – their support for mobile users, and their integration capabilities back to on-premise environments.

Many vendors provide offerings that can be better described as Managed Services than as Software as a Service (SaaS) offerings. Pure-play SaaS solutions are multi-tenant by design. Customers can easily onboard, usually as simple as booking online and paying with a credit card. On the other side, Managed Service offerings are run independently per tenant.

Generally speaking, supporting hybrid IT environments is amongst the main challenges for IDaaS, across all areas. Connecting back to legacy web applications is more challenging than with most on-premise solutions, and Identity Provisioning as well. This needs to be kept in mind and carefully considered while choosing an IAM solution. The strength and weaknesses of IDaaS solutions in connecting back to on-premise environments is an important factor.

IDaaS offers a springboard for most organizations to start using foundational IAM elements delivered from the cloud and move rest of the IAM functions as they find it appropriate and at a pace that matches the organizational security maturity and cloud strategy. The IDaaS market, with its ease of adoption and cloud-native integrations, is slowly overtaking the on-premises IAM market.

Common high-level features of IDaaS solutions include:

  • Outbound Federation and Single Sign-On, providing access to Cloud services and web applications. This also includes Cloud Provisioning, i.e., the ability to provision users to Cloud services.
  • Directory Services for managing the users: These services must provide massive scalability, enabling organizations to deal efficiently not only with their employees, but potentially with millions of customers.
  • Authentication support, allowing configuration of the authentication requirements, step-up authentication based on risk and context, etc. We also expect to see significant support for upcoming standards that allow flexibly relying on existing strong authentication methods.
  • Access Management capabilities that allow configuring flexible policies for controlling access to Cloud service and web applications. Beyond just granting access, the ability for at least coarse-grained authorization management is a key capability for IDaaS SSO.
  • Inbound Federation and Self-Registration: While inbound federation support focuses on the rapid on-boarding of users from business partners that already have an Identity Federation infrastructure in place, self-registration capabilities are mandatory for other business partners and customers. Identity Federation also will gain momentum in the customer space, when relying on external Identity Providers.

Optimal IdM provides a comprehensive identity management solution that provides federation, single sign-on, and strong two-factor authentication all within a private cloud. The OptimalCloud is a multiple and single-tenant SaaS delivery offering delivering a fully managed service that provides the hosting as well as all of the needed configurations for the customer.

Access the complete report now to learn more about the OptimalCloud!



  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.