Winners and Losers of Gartner’s 2023 Access Management Report
— Gartner, Access Management, Magic Quadrant, Identity Security — 4 min read
A lot of software vendors hitch their wagon to the Gartner Magic Quadrant, it’s a well-known publication which has established itself as an authority on what’s good and not-so-good in various sub-industries.
Whether you like the Quadrant concept or not, it is a little exciting to see where the different players lie and whether the vendor you’ve invested in is punching above its weight. We’re going to cherry pick a few of the interesting results and add a bit more context.
The biggest winners of the Quadrant must be the new ForgeRock and Ping Identity alliance. These companies are undergoing a merger under Thoma Bravo, and have both been listed as Leaders. You can be sure that the marketing engines behind both companies will be working in overdrive to make sure we’re all aware. It’s a compelling reason to stay with either company, or consider moving to them.
Although customers have been cautioned about the future of the two products’ portfolios, Ping CEO Andre Durand has been traveling the globe for Ping Identity’s showpiece YOUniverse conference using the lion’s share of his keynote to enforce that no products are being shut down, but alluding to an upgrade path that may end up converging products in the future.
Microsoft is another winner, being listed as a Leader. We’re probably all aware of the EntraID rebranding of AzureAD by now, albeit perhaps a bit confused by why it was necessary. Microsoft’s platform is gaining monumental traction due to companies allowing themselves to become absorbed into the Microsoft ecosystem of services and platforms all available at their fingertips under one supplier.
Working with the Microsoft platform for Access Management can be a headache for your engineers though. With the EntraID platform, configuration and implementation is rigid, applications needing onboarding are often the ones who need to bend to the will of Microsoft. The customisation and flexibility capabilities are nowhere near the level of many of the other quadrant participants. This can make it almost impossible to migrate legacy applications across to EntraID without significant uplift. It was heartening to see that Gartner picked up on this too.
Okta have done a great job of establishing themselves as a Leader in Access Management. Many initially questioned the decision to acquire the developer’s darling, Auth0. However, it’s clear now that Auth0 (now with the unflattering name of CIC, Customer Identity Cloud) plays a key role in covering the Customer Identity use cases that form a wholistic Access Management offering.
As long-time innovators and leaders in Cloud-Based Identity, it will be interesting to see how Okta takes the battle to Microsoft over the next few years. Both offer advanced cloud capability in Access Management, however with Okta being forged in Identity since inception, whilst Microsoft adopting Identity over the years, the battle is set to fight for customers in this space.
OpenText is a new brand name to see on the Magic Quadrant, however this refers to NetIQ Access Manager of the Novell era. Having experience with this product, as well as many of the leaders, it’s always interesting to see the Gartner ‘take’ on it and whether it’s justified. OpenText is categorized as ‘Niche’. OpenText have truly dragged their heels into the SaaS arena. I can remember conversations about Cloud/SaaS and the future of On-Prem about 10 years ago at the Brainshare conference, this indicates how long they’ve had to adapt.
But, the NetIQ Access Manager product is good. Over its long history it has had to cater for many unique use cases, so it’s a great option for businesses with many legacy applications that need modernisation. Gartner indicates that the product is difficult to extend or customise, which may show Gartner’s hand that they haven’t tried to extend or customise the product. The product is quite extensible, but may not be as intuitive for today’s developer as the product is quite Java focused.
It's worth noting that there are great products which don’t make the quadrant. Gartner add footnotes for some of these products which may not meet the technical criteria, or, may not meet other criteria, such as making $60M in revenue or servicing at least 1100 unique customers. Imprivata, RSA, SecureAuth and Fortinet are ones to watch in this space.
Overall, the assessment appears fair. However, at the end of the day, picking a leader may not be what your business requires.
If you’re already invested in IBM, OneIdentity or OpenText products, then it may make more commercial sense to adopt their quality Access Management products and benefit from consolidated, multi-year licensing.
However, if your Identity roadmap involves a cloud strategy, then it may be worth the investment to consider a stronger player in this area.
Finally, there’s the beating heart of the operation, the administrators and engineers. Finding the right expertise to run your Access Management systems can be the hardest part of Identity Security. Test the market to see what resources are readily available, what skills you already have in-house, or whether skills can be portable between products.
The Gartner Magic Quadrant for Access Management also provides industry trends and insights beyond just Software Vendor comparison. Learn more by accessing the report directly: https://www.gartner.com/en/documents/4936631