ETR Observatory for Identity and Access Management Tools 

Mission Critical Identity Security is Progressing and Consolidating

ETR Research | Erik Bradley  

| February 08, 2024

The latest ETR Observatory report on Identity and Access Mgmt. (IAM) Tools is now available! Backed exclusively by ETR's new Market Array data, the vendors covered in this report are positioned in Leading, Advancing, Tracking, or Pursuing vectors according to Momentum and Presence in the market. The plotting of the vendors in the subsector is based exclusively on the data, not opinions or vendor influence.

Access the Full Report for Free 

Beyond product-level spending intentions, the full ETR Markey Array data for IAM tools also tracks key competitive intelligence such as usage expansion, ROI, Stickiness vs. Churn, Vendor Strengths, Net Promoter Scores (NPS), and much more. The syndicated Market Array data is a new debut product for ETR and is only available to premium subscribers; reach out to our service team at to gain access to the full, accompanying data set.


Identity and access management (IAM) is not a singular technology or tool. It is more a framework of business processes and cybersecurity practices that aims to safeguard an organization's data, assets, and resources by permitting only authorized users and identities to access them. IAM plays a critical role in an organization's security architecture by controlling who and what can access its assets. This process helps to verify user identities before granting them access to workplace systems and information, thereby preventing fraud and infiltration by unauthorized parties. IAM is not limited to internal use by employees, machines, and authorized third parties, but it also extends to external-facing customers, adding to the complexity and importance. At its core, IAM involves multiple components that ensure secure access to systems and information. This includes identifying individuals, understanding the distinction between identity management and authentication, assigning roles to individuals and devices, updating those roles and access levels, and safeguarding sensitive data as well as the systems itself.

This security field can be quite intricate, particularly regarding the various attributes and distinctions between identity and governance access vendors. The vendors that compete in this space offer an array of features such as multi-factor authentication (MFA), single sign-on (SSO), privileged access management (PAM), Identity Directory, out-of-the-box API integrations with essential applications, password management, governance and lifecycle management, and more. Despite the already broad range of functionality and use cases, IAM solutions continue to evolve to accommodate cloud-native and complex hybrid environments, as well as a growing embrace of a zero-trust-based philosophy. Even more progressive features of generative AI, blockchain ledgers, and behavioral and biometric authentication will continue to push this dynamic marketplace in the future.

All of the vendors included in this report support and play a role in these different components of the IAM framework, including many more that were not included. As technologies continue to advance, offerings expand, and vendors converge, the winner should be the enterprise end-users themselves, as more options beget a buyers’ market. In addition, the ripples from the latest Okta breach are still yet to reach many organizations, but when contract renewals come around, there will likely be more seats at the proof-of-concept table than there would have been previously. This is a dynamic marketplace that bears close monitoring over the next year.

This report will examine end-user and evaluator data and describe each vendor's different aspects amidst this backdrop of technological advancement, expanded offerings, and a potentially converging marketplace.

The Observatory Scope

The plotting of vendors across the Observatory Scope is supported wholly by ETR’s exclusive market intelligence and spending intentions data sets (see Figure 1 above). The Leading vector in this period was heavily populated and consisted of Microsoft Entra ID in dominant positioning with the highest overall Presence and Momentum in the survey set. Other vendors in the Leading vector include CyberArk, SailPoint, 1Password, Okta, and Cisco’s Duo.

The Advancing and Tracking vectors were less populated. IBM is the lone resident in the Advancing category due to elevated Momentum, with Ping Identity directly on the cusp due to higher-than-average Momentum. Occupying the Tracking vector are the well-established Oracle and RSA, where both vendors captured enough Presence in the Market Array survey to break into the vector despite holding lower-than-average Momentum.

In this ETR Observatory, numerous vendors, including Saviynt, OneLogin, Thales (Imperva), ForgeRock, and JumpCloud were plotted in the Pursuing vector based on relational plotting of the Momentum and Presence data versus the other vendors. This report will break down the four vectors and the vendors in more detail in the following sections.

In Figure 2 above, we exhibit the Market Array Net Score for select vendors within the IAM marketplace. This tracks the forward-looking spending trajectory for each vendor’s IAM-specific offerings and differs from ETR’s TSIS, which tracks overall spending projections at the company- and sector-wide levels. The data visualized in this figure will be referenced throughout this Observatory report.

Microsoft Entra ID leads with an extremely elevated 69% Net Score, driven by the highest level of Increase spend intent (65% of the vendor’s unique respondents) and the lowest indications of negative spend (3% Decrease and zero Replacement intent). CyberArk’s Net Score comes in second with an equally lofty 63%, driven by high levels of Increase spend intent and minimal negativity among its end-user respondents.

The pack of vendors resting in the upper half has spending scores tightly ranging from 53% to 50% and consists of (in order) OneLogin, 1Password, SailPoint, and Okta. From that group, SailPoint garnered the highest level of Adoption indications across the survey, with 13% of respondents identifying themselves as net new customers. On the other end of the spectrum, Okta captured one of the highest levels of Replacement indications among its representative customer base, 7% of 123 respondents. When isolated to Mid & Small customers in this spending metric, 1Password jumped to the third-highest Net Score due to zero negativity. 1Password also gathered the largest representation of customers among the Mid & Small respondents. Okta also captured a sizeable number of customer respondents in this demographic, where Replacement indications nearly doubled from its total respondent base from 7% to 13%.

ETR Data: Despite the higher relative levels of Replacement indications seen for Okta in this Market Array data set, the vendor was strongly positioned in our proprietary Churn metric, where Okta had the third-lowest Churn expectation with 58% of the end-user representation anticipating using Okta’s products for at least three years or more. See the full Market Array survey for this Churn data across all included vendors.

The next tranche in spending intent comes from the mature and deeply entrenched pairing of IBM and Cisco (Duo), which captured Net Scores of 40% and 39%, respectively. Comparing the two, Cisco captured more Presence (total customer representation of the survey sample) than IBM, but IBM garnered more Adoption indications, whereas Cisco saw more Increased spend intent and zero Replacement indications among its customers. Cisco was one of only three vendors in this metric to see no Replacement intent, along with Microsoft Entra ID and CyberArk.

Rounding out the Net Score spending metric, Ping Identity held a positive 30% score with a 10% Adoption rate versus only a 3% Replacement rate. Thales, Oracle, and Imperva were the lower three on a relative basis, however all held positive Net Scores, which is in and of itself a telling data point for how healthy and critical identity access is for enterprise security end users. In order, Thales, Oracle, and RSA held 27%, 23%, and 20% Net Scores. Each vendor saw the highest relative level of Flat spend indications among this survey sample base, with 60% of their end-user representation citing flat spending levels over the next 12 months.

The above article is only a brief synopsis. The full report is a more comprehensive analysis of Identity and Access Management tools and includes the following vendors:

1Password | Cisco (Duo) | CyberArk | ForgeRock | IBM | JumpCloud | Microsoft Entra ID | Okta | OneLogin | Oracle | Ping Identity | RSA | SailPoint | Saviynt | Thales (Imperva)

Access the Full Report 

Start an ETR Free Trial  

Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at