IAM Comparison: How to Choose the Best Solution!

But with hundreds of IAM solutions available on the market, how do you know which provider to choose? What is the best IAM solution out there and what do potential IAM buyers need to look out for while shopping for the right system? In our guide, we will introduce you to the two most common categories of IAM, the advantages and disadvantages of different products as well as the essential features & requirements you should look for in an IAM solution.

An IAM or identity and access management solution is a type of software that helps organizations centralize and automate the management of user accounts and IT privileges. For example, when a new employee joins your company, your IT staff normally has to provide them with a Windows login, an email inbox, accounts and licenses for various workplace applications, as well as access to any relevant directories in your network. Which, of course, has to be tailored to their exact job and responsibilities so you don’t expose sensitive financial data to a Sales trainee.

An IAM tool enables you to assign all these resources automatically based on previously established policies. For example, when HR adds a new person to their database, your identity management system notices this change and provides the new user with the appropriate resources for their department and role. Experts refer to this approach as role-based access control.

Of course, policy-driven user administration is only one example of the many features provided by identity and access management solutions, which typically include:

In general, identity and access software provides businesses with both productivity benefits, because it eliminates busywork for your IT staff and ensures your employees can access the data they need for their job, as well as security benefits, because IAM keeps IT privileges to a necessary minimum, thus mitigating the risk of cyberattacks, data breaches and data theft by employees.

The market for identity and access management software encompasses several hundred different vendors and products. While each of these solutions is designed to deal with the same problems, they all offer a slightly different approach, scope and set of features. A good way to get a first impression of the range of tools available to buy is to consult expert sources and review platforms such as Gartner, Capterra and Expert Insights.

Broadly speaking, access management solutions fall into two big categories: small-scale data governance tools on one end and huge enterprise IAM platforms on the other. We’ll examine both categories in more detail to discuss their target audience and the downsides of both of these approaches.

Data governance tools are intended to help organizations deal with unorganized data by sorting through files, classifying contents, tracking changes and managing access. Some solutions even include limited automation features such as processes for filtering and classifying newly created data. Products at this scale tend to come with a low upfront cost and easy setup process.

Due to their limited scope, data governance tools often act as something of a quick-fix solution, bringing temporary order to your file server and giving you increased visibility into network resources. However, this approach effectively leaves you treating the symptoms rather than the disease: Without the ability to automate complex workflows or make changes in other systems (especially your Active Directory and Azure AD), these tools effectively shift your workload to a new platform rather than helping you eliminate it.

Enterprise IAM solutions are located at the other end of the identity management spectrum. They are targeted at large corporations and since large corporations tend to have highly complex IT landscapes with custom applications and a network spanning various offices in different locations, they need software that can match that complexity. As a result, enterprise IAM is designed with the capability to model any number of complicated and even conflicting processes.

The downside of this approach is that it necessitates a lengthy implementation period. To achieve their high degree of adaptability, enterprise solutions rely on custom programming over pre-built interfaces. This allows them to incorporate any workflow or service the corporation already uses, but it takes a lot of time to develop custom solutions for each of potentially dozens or hundreds of use cases.

Products in the enterprise segment also come with the largest feature set of any identity and access management solution, offering anything from phone apps to behavioral analytics or biometric security features. While these kinds of extras certainly sound impressive on paper, it’s important to remember that they also translate to a higher price. So be careful when comparing feature lists for different solutions, or you’ll end up paying for components you never use.

	Advantages	Disadvantages
Data Governance Tools	Inexpensive, quick setup	Limited functionality, no support for automation, management or third-party systems
Enterprise IAM Solutions	Huge feature set	Long & complicated setup, require custom programming, expensive to license & operate
tenfold Access Management	Easy to set up and use, perfect feature mix, wide range of plugins for cloud & on-prem integration	Read our Capterra reviews for an honest evaluation

Organizations that are looking to buy an IAM solution tend to approach this investment by asking: “What is the best IAM product available on the market?” Unfortunately, there is no definitive answer to this question. Since businesses, public bodies and other organizations vary wildly in terms of size, industry and IT landscape, they also have vastly different identity and access management needs. As a result, it’s not a question of identifying the best software on the market so much as finding the IAM solution that is best for you.

To help you get started on this journey, we will now examine some of the key features to look for in identity and access management systems, as well as the effect that a company’s size has on its user and permission management.

When shopping around for an IAM provider, it’s tempting to go for the biggest name around or give the project to whoever can list off the most features. But remember: Just because a feature is included in a product does not mean it will actually make your life easier. In fact, focusing on the theoretical maximal capabilities of a product is a good way to to make sure you pay for components you don’t really need.

Instead, the process of choosing the right IAM solution needs to start with an honest look at your IT landscape. This will help you take stock and identify the needs and requirements of your organization, i.e. what specifically you are trying to achieve by implementing an identity management platform. The challenge with this approach is that many organizations just don’t know where to start or have been dealing with chaotic structures for so long that they’re starting to lose track of their data and users.

The good news is: An IAM tool will help you deal with these issues, once you figure out which product matches your needs. While we can’t give you all the answers, we can provide some of the key questions to ask yourself in preparation of an IAM project:

Naturally, it pays to be forward-thinking and take into account not only the current structure of your network, but also how it might change in the next few years. However, your final decision should not be based on hypotheticals: Unless adding a new service to your network is an expressly stated goal, you should not make support for it a knock-out criterion.

The amount of time it takes to set up an IAM system, configure all the necessary components and train your staff to use it is one of the most overlooked aspects of choosing the right product. Sure, it’s an annoying process, but it’s going to be finished eventually, so does it really matter whether it takes a couple of months or even a year to accomplish?

In fact, the time needed to get your identity and access management solution up and running actually accounts for a significant part of your overall costs. Not only are you already paying to license the software (without enjoying its benefits), you also need to pay for the external consultants who help with the installation, configuration and training. So yes, time really is money in this scenario.

Think about it this way: One of the main goals of investing in automated user and permission management (aside from improved security and compliance) is to reduce the workload of your IT staff so they have more time to deal with important issues. By spending months setting up interfaces and processes, you are effectively going into productivity debt, meaning it will be that much longer until the software has saved you more time than it cost you.

Are you familiar with the 90/10 rule of project management? It states that the first 90 percent of a project only account for 10 percent of its total length. It’s the final 10% that you will spend 90% of your time on.

The same is true in identity and access governance. It’s easy to automate standard, routine processes like adding a new user to the Active Directory or deleting an Exchange mailbox when someone leaves your company. But in every organization, there are a few convoluted processes or rarely used apps that cause so much trouble that you’re left wondering whether integrating them into your IAM platform is actually worth it. In fact, sometimes it isn’t! Or at the very least, these shouldn’t be the processes you start with, unless you want your project to immediately get bogged down and stall out.

This distinction is also known as the top-down vs. bottom-up approach. A top-down approach essentially means that you start with a list of goals and requirements and don’t move forward until you have a solution for every single scenario. Which means that these rare, troublesome cases end up blocking progress on the entire project as you waste time coming up with exceptions and exceptions from the exceptions.

Approaching IAM from the bottom-up, on the other hand, means asking “What are the most common processes in my organization?” and working your way up from there. Because these are often simple, standard operations, you might automate as much as 90 percent of your total IAM workload before you reach those few special cases. So while you figure out what to do about these fringe scenarios, you are already enjoying the advantages of having automated the vast majority of all user and permission management tasks.

The best IAM system in the world can’t help you if it’s too complicated and your employees actively avoid using it. To be effective in practice and not just on paper, your platform of choice must be clear and intuitive not only for the IT pros in your tech department, but also for normal end users in Design, Sales, Marketing, Operations, HR, etc.

A good IAM tool will empower your users by allowing them to request access to any files they need or even reset passwords on their own. But if the interface for these options is too complicated for your average employee, they will end up calling IT for help and you’re basically back where you started.

Identity and access management is designed to help organizations automate user and permission management once the number of identities and different services becomes too much for admins to handle on their own. In other words, IAM only becomes a worthwhile investment once you reach a certain number of users.

To give a rough estimate, most businesses that buy dedicated identity software have more than 100 employees. However, if your company has lots of different apps, service accounts and devices to manage, it might benefit from IAM even before reaching that threshold.

Smaller companies still face the challenges of manual access management, but full automation is a bit overkill for the typical IT setup in a small business. In most cases, organizations at this scale are better served by software products with a narrow focus, such as AD auditing or permission reporting tools that make it a little easier for IT staff to do their jobs.

While the complicated processes and custom integrations of enterprise IAM suites make them cumbersome to implement, there is a reason behind their design: their target audience, organizations with tens of thousands of users, absolutely require this level of complexity in order to capture any and all intricate business processes.

For corporations of this size, even edge cases, scenarios that only affect a fraction of their staff, still represent a significant number of users. Enough to make it worth the effort to spend months working with external consultants and develop custom interfaces.

Medium-sized or midmarket organizations that fall somewhere between the small organizations and massive corporations we’ve discussed so far face something of a unique challenge: They are large enough that managing identities by hand is no longer viable, so they need a dedicated software solution to help them ensure safe, accurate and appropriate access.

At the same time, mid-market companies are too small to use enterprise solutions effectively, since these highly complex software suites exceed their requirements, resources and administrative capacities. This can make it surprisingly tricky to find a user-friendly and cost-effective IAM software that covers all your business needs.

Luckily, there is one IAM solution that combines the best of both worlds: tenfold is the best choice for midmarket organizations because it combines a comprehensive feature set with a quick and easy deployment process and intuitive, user-friendly interface. In other words, by using tenfold, your business can automate its user and permission management in a matter of days, not months, and immediately reap the rewards of increased security, productivity and transparency.

As you can see from our guide, the search for the best IAM software is really about finding the product that is right for you. Depending on their size, data security needs and compliance obligations, organizations have very different goals and requirements when it comes to managing identities and privileges. Which is also why it’s essential to take a good, hard look at your own IT landscape before shopping for IAM products.

Some businesses fall below the threshold where a fully automated identity management system really makes sense. Here, small-scale tools for reporting and auditing can help ease the burden placed on your tech staff. Huge enterprises, on the other hand, need identity platforms that can keep up with the complexity of their internal structure and intricate processes. Despite their high costs and lengthy installation, this is where enterprise IAM solutions shine.

Many organizations, however, exist somewhere between these two ends of the spectrum, meaning that neither data governance tools nor enterprise IAM are quite right for them. Businesses who want to automate their user and permission management, but do so quickly and efficiently, would do well to consider tenfold, the leading provider of mid-market IAM.

Don’t believe us? Download the independent analyst report by KuppingerCole below to learn more about what makes the best IAM solution for medium-sized organizations! If you’d like to see tenfold in action, you can also watch our video overview or sign up for a free trial.