Vendors
1Kosmos
1Kosmos BlockID steps enterprises into the digital future while solving current identity verification and passwordless multi-factor authentication (MFA) challenges. The BlockID platform provides an architectural advantage through an innovative combination of capabilities including live, identity-backed biometrics; a portable, reusable identity wallet; private, permissioned blockchain; and digital verifiable credentials.
This decentralized identity approach produces verified, tamper-evident digital identity and credentials on which businesses can rely with unmatched trust.
Why worth watching
1Kosmos is very innovative and provides a modern solution that fits well to the requirements of a Passwordless Authentication solution. 1Kosmos appears in both the product and innovation leadership categories which should be of interest to organizations in North America and the APAC regions.
cidaas
Widas was founded in Germany in 1997, and in 2018 they launched cidaas, their CIAM product and brand. cidaas is hosted primarily as SaaS, but customers can run it in most IaaS platforms. Their SaaS is hosted in multiple public IaaS providers and their own facilities. Their hosted service is globally distributed for high availability and scalability. Licensing/subscription options include pricing by either monthly active or registered users.
cidaas allows bulk import of users via LDAP and REST API. All OIDC-based social logins are supported. Account recovery options run the gamut of common techniques. Registration workflows can easily be customized using the graphical process editor. cidaas' Autoident is a mobile identity proofing app that performs selfie/video matching against eIDAS-compliant government issued ID documents. cidaas authenticator leverages Android and iOS biometrics. cidaas' biometrics can be used for Physical Access Controls for consumer scenarios. Other authenticators supported include FIDO UAF/U2F/2.0, OTPs, mobile push, and popular apps such as Authy, Google, LastPass, Microsoft, OneSpan, SaaSPASS, and SafeNet. All federation protocols are supported. cidaas' SDK collects device intelligence and has some behavioral biometrics functions. The solution considers in-network credential intelligence. Authentication and authorization policies are easily configured in the flow-chart style admin GUI.
cidaas supports gRPC, REST, WebAuthn, Webhooks, and Websockets APIs. Connectors for some SaaS apps are available on their marketplace. For CRM and business analytics, integrations are available for Emarsys, Hubspot, Microsoft Dynamics 365, Salesforce, and Tableau. cidaas ships with many useful identity and marketing analytics reports. Customers can integrate 3rd-party FRIP sources, but connectors are not pre-built due to lack of demand. CEF and syslog enable communications with customer SIEMs.
cidaas provides consumer self-service portals where consent can be granted, managed, and revoked in accordance with GDPR. Data Subject Access Request templates are provided. cidaas' portal also has built-for-purpose family management, as well as the more common approach of adapting a delegated administration model. Kantara Consent Receipt is supported. IoT device identity association and management are handled in the consumer UI, and encompasses home automation, wearables, and consumer electronics device types. cidaas consumers can authorize their devices to “act on behalf of” the user for certain use cases. Advanced use cases include storing and present event tickets, geo-fencing and Bluetooth beacon integration.
Why worth watching
Organizations that need an innovative CIAM platform will want to consider cidaas.
Cloudentity
Cloudentity was founded in 2018 and is headquartered in Seattle. Cloudentity has a full-featured CIAM and IDaaS solution. Their approach is cloud-first and one of their primary objectives is scalability; thus, they were an early adopter of micro-services architecture. Cloudentity focuses on Dynamic Authorization as the core element for CIAM. Cloudentity utilizes many of the latest container and orchestration technologies, such as Docker, Kubernetes, and Istio, to deliver their services. Their solution can run on-premises on CentOS, RHEL, or SUSE; and it is cloud-agnostic so it can be deployed public IaaS environments such as Alibaba, AWS, Azure, or GCP. They also offer their solution as SaaS delivered from public IaaS across multiple regions including US, UK, Europe, Australia. Cloudentity’s subscription pricing is based on the number of authorization grants performed per month regardless of how many active or eligible users the customer serves.
Cloudentity customers can import users via LDAP, REST, and SCIM. Social network registration and authentication can be used except Apple. Registration workflows are customizable in the GUI and allow fine-grained consent and sophisticated authorization evaluations. All typical account recovery mechanisms are present. Identity proofing is not built-in but can be configured via the policy framework. OTP, mobile push, and the most common authenticator apps are accepted.
Why worth watching
The administrative console is highly functional and intuitive, enabling customers to create detailed authentication and authorization policies using a flow-chart and drag/drop style interface.
CoffeeBean Technology
CoffeeBean Technology was founded in 2008 in the San Francisco Bay area and have operations in Germany and a large development center in Brazil. They are privately held. CoffeeBean focuses on helping customers realize ROI via marketing integrations, captive Wi-Fi portal integration, and improving consumer identity security. CoffeeBean can be installed on CentOS, Debian, or RedHat for on-premises deployments, or in Amazon and Azure IaaS. Most customers use their SaaS, which is hosted in multiple regions of a public IaaS provider. Subscription fees are per active or registered monthly user, or per appliance for on-site deployments.
Why worth watching
Consumers can self-register and CoffeeBean offers Registration-as-a-Service.
DruID
DruID was launched in 2020 from the Genetsis Group and is now an independent startup. They are headquartered in Madrid, Spain. CIAM is their sole focus. Identity and Pulse are deployed via Kubernetes, and therefore can run on any OS and/or IaaS instance that supports that. They do not host it as SaaS, although that is planned for 2023. Licensing is primarily by container instance.
Why worth watching
DruID offers a self-service portal for reviewing, granting, and revoking consent actions as well as editing consumer profile information.
Forgerock
ForgeRock was founded in 2010 and is headquartered in the Bay Area but with many offices around the world. The ForgeRock Identity Platform unifies the various IAM solutions provided by ForgeRock, such as Access Management, Identity Management, IoT/Edge Security, Identity Gateway, Identity Governance, Privacy & Consent Management, and other components including Directory Services. In addition, ForgeRock has a strong expanding partner ecosystem. The ForgeRock Trust Network is a technology alliance program and partner channel that consists of approximately 130 partners who build, test, and integrate various capabilities including Strong Authentication, Biometric ID, Risk and Fraud Mitigation, and Identity Proofing into the ForgeRock Identity Platform.
Why worth watching
With its many innovative features and flexible architecture, ForgeRock Identity Platform should be on the short list for organizations considering deploying passwordless authentication solutions. ForgeRock appears in the product, market, and innovation leadership categories.
FusionAuth
FusionAuth is a privately held company that was founded in 2007 and is headquartered in Denver. FusionAuth debuted in 2018, and the SaaS version launched in 2019. FusionAuth is a developer-focused customer authentication and authorization platform. They have many customers in the finance, retail, B2B, and gaming markets. The platform can be deployed in Docker containers and can run on-premises or any cloud environment controlled by the customer. FusionAuth is also hosted as SaaS on a public IaaS across multiple continents. Customers can create and isolate multiple individual instances for increased security for B2B2C scenarios. Licensing and/or subscriptions are priced by the number of monthly active users. A free version with basic features is available for both development and production depending on feature and support requirements.
Why worth watching
Customer users can be imported over LDAP or SCIM, and self-registration workflows can be customized by editing provided templates.
IBM
IBM Corporation is a multinational technology and consulting company headquartered in Armonk, New York, USA. Founded in 1911, IBM has evolved from a computing hardware manufacturer into offering a broad range of software solutions, infrastructure hosting, and consulting services in such high-value markets as business intelligence, data analytics, cloud computing, virtualization, information security, and identity and access management. With a strong global presence and customers and partners across the globe, IBM is a major player in the market.
Why worth watching
Organizations that are looking for mature, highly scalable, and secure enterprise authentication solutions built on state-of-the-art micro-services architecture should put IBM on the list of solutions to consider.
LoginRadius
Founded in 2011, LoginRadius is a VC-backed CIAM vendor based in Vancouver, BC. The company provides CIAM as SaaS via a multi-cloud model hosted in globally distributed data centers. Customers can deploy on-premises on CentOS, RHEL, or Ubuntu; or run it in any of the major IaaS providers. LoginRadius has over one billion consumer identities under management. Subscription costs are based on the number of active users per month, quarter, or year.
Why worth watching
Most standard account recovery mechanisms are supported.
Microsoft
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management service focused on facilitating business to consumer applications and providing enterprise authentication capabilities.
Why worth watching
Microsoft Azure Active Directory has the scalability and performance to provide organizations with three options and feature-rich capabilities. The solution should be on the shortlist for any organization looking for robust enterprise authentication services.
Nevis Security
Until early 2020, Nevis was a part of AdNovum Informatik AG, but was then spun off as a separate company. Nevis Security protects many banking, insurance, healthcare, and government portals and secures a large percentage of e-banking transactions in Switzerland making it one of the leaders in identity and access management solutions in the country. Nevis recently expanded into the UK market and has a strong presence in Germany and Singapore. In addition to its headquarters in Zurich, Nevis operates offices in Germany and Hungary.
Why worth watching
Their CIAM offering provides core account recovery and device management capabilities with strengths in omni-channel experience and transaction confirmation. Nevis Security continues to improve its set of passwordless capabilities and should be of interest to organizations within the EMEA region and Southeast Asia.
NRI Secure
NRI Secure Technologies was founded in 2000 as a subsidiary of Nomura Research Institute in Japan. NRI Secure also provides security consulting. Uni-ID Libra is their CIAM product, which was first launched in 2008. Uni-ID Libra can be installed on-premises in CentOS or RHEL or in the top tier IaaS platforms. NRI also has SaaS options hosted on public IaaS in data centers in Japan. Licensing and/or subscription costs are determined by the number of monthly registered users.
Why worth watching
Customers can edit templates for consumer onboarding workflows.
Okta
Okta was established in 2009 in San Francisco as an enterprise IDaaS provider. In 2021, Okta acquired Auth0, a developer-focused IAM and CIAM vendor. Okta offers a full range of identity services, including governance, lifecycle management, and API access management. Okta solutions are SaaS, hosted in public IaaS, and they offer private cloud options as well. Pricing is by number of monthly active users.
Why worth watching
Okta supports REST, Webhooks, Websockets, and WebAuthn APIs. Okta/Auth0 have many connectors for BI, CRM, marketing analytics and automation, other IAM systems, and popular SaaS apps. Connectors are sorted by original product platform: connectors for Auth0 and connectors for Okta. Integrations for FRIP services include Arkose Labs, Forter, Kaspersky, PerimeterX, and TransUnion.
OneWelcome
OneWelcome launched as a new brand in 2021 after iWelcome and Onegini (both founded in 2011) joined together. They are headquartered in the Netherlands. OneWelcome specializes in CIAM and B2B IAM. OneWelcome acquired Scaled Access, a dynamic authorization product, in early 2022. The Thales Group began the process to acquire OneWelcome in summer 2022. The OneWelcome Identity Suite is composed of multiple discrete services: Core, User Journey Orchestration, Consent & Preferences, Delegation & Relationships, and Mobile. The solution is SaaS, hosted in public IaaS providers across multiple data centers in the EU. Multiple subscription options are available.
Why worth watching
OneWelcome User Journey Orchestration module allows customization of onboarding processes.
Optimal IdM
Privately held Optimal IdM was established in 2005. They are headquartered in the Tampa, FL area. The company is an identity specialist, offering full enterprise IAM, CIAM, and IGA products and managed and hosted services. Optimal IdM can be installed on-premises on Windows, or in any Tier 1 IaaS provider. Optimal Cloud is their SaaS, which is hosted on public IaaS providers. In Optimal Cloud, customers can choose which geographic regions in which they want their consumer data stored. Licensing and/or subscription pricing options include monthly active users, quarterly/annual registered users, or monthly flat fees for privately hosted tenants.
Why worth watching
Optimal Cloud allows onboarding process customization, self-registration, and registration from social networks except Amazon and Apple.
Ping Identity
Ping Identity was founded in 2002 and based in Denver, Colorado. Ping Identity was among the first of the enterprise IAM vendors to adapt to consumer-facing requirements. Ping Identity products can be licensed standalone, as well as through solution packages. SaaS delivered products include PingOne SSO (cloud authentication and directory), PingOne MFA (cloud MFA for customers), PingID (cloud MFA for workforce), PingOne Risk (cloud risk management), PingOne Verify (identity verification for customers), PingOne Fraud (customer fraud detection), and more.
Why worth watching
Ping Identity’s cloud-ready software and SaaS solutions are highly scalable and offer maximum flexibility to customers in terms of support for standards as well as innovation for cutting edge use cases.
ReachFive
ReachFive is a small, venture-backed CIAM company that was founded in 2014 in France. Their CIAM, which is the company’s focus, was launched in 2017. Retail businesses are their primary target, and most customers are in France. The offering is SaaS and is hosted in top tier IaaS providers. Service prices are calculated by the number of active or registered users per quarter or per year.
Why worth watching
Customers can migrate users into Reach Five using SCIM. Consumers can register by email or social logins.
SAP
SAP was originally founded in Germany in 1972. Gigya was a leading CIAM solution and was acquired by SAP in 2017. SAP have integrated the former Gigya into their own suite of solutions and expanded the feature set, providing a common experience for SAP B2B, B2C, and B2B2C customers. SAP CIAM is delivered as SaaS hosted across many data centers distributed globally in multiple top tier IaaS platforms. SAP CIAM is priced by the number of contacts within each customer instance, where a contact is defined as the unique record of customers, prospects, business partners, and/or constituents within the context of the SAP CIAM cloud service.
Why worth watching
SAP allows self-registration and social network registration for onboarding.
Simeio
Simeio was founded in 2007 in Alpharetta, GA, US, providing IAM consulting and system integration services. Simeio launched their IDaaS and CIAM services in 2017. Simeio serves both B2C and B2B use cases. Identity Orchestrator is delivered as SaaS, hosted in North American and European data centers in public IaaS platforms. Pricing for the service is according to the numbers of monthly/quarterly/annual active users or by number of registered users per quarter/year.
Why worth watching
Simeio offers a mobile identity verification app which can be augmented with many 3rd-party identity proofing services.
Synacor
Synacor was founded in Buffalo, NY in 1998. Synacor was acquired by Center Lane Partners, a private equity company, in April 2021. The Media Division was divested, but they retain Zimbra Cloud Email. Their Cloud ID service’s main focus is enabling consumer identity integration with IoT devices, particularly set top boxes (STBs), smart TVs, and home alarm systems. Their target market is media. Synacor hosts Cloud ID as fully multi-tenant SaaS in their own data centers and a public IaaS platform from data centers within the US. Subscription costs are determined by monthly active or registered users.
Why worth watching
Many aspects of the consumer onboarding processes can be customized, but such orchestration is generally handled by Synacor for their clients.
Transmit Security
Transmit Security was founded in 2014 and is headquartered in Tel Aviv and Boston. The company provides innovative authentication and risk management solutions to small and large companies worldwide. Its portfolio is built to address B2C, B2B, and B2B2C IAM needs.
Why worth watching
Transmit Security’s platform processes over a billion transactions daily for their customers worldwide. The platform has one of the most feature-rich offerings in the passwordless authentication market and would likely be suitable for any type of organization looking to adopt a passwordless solution.
WSO2
WSO2 was founded in 2005 in Sri Lanka and is headquartered in Santa Clara, CA. They are an open source IAM/CIAM solution provider. Their target market is identity architects and developers, who can take advantage of their API-driven and highly customizable product. Related products include Enterprise Integrator and API Manager. Identity Server is the on-premises and self-hosted version, and it can run on Linux or Windows, or any top-tier IaaS platform. Asgardeo is their SaaS, which is hosted on a single IaaS provider in data centers in the US. Identity Server is licensed per node, and Asgardeo is priced by the number of monthly active users.
Why worth watching
WSO2 allows social networking and self-registration for consumers.
XAYONE (formerly Oxyliom Solutions)
XAYONE Solutions was founded in 2012 as Oxyliom Solutions. They are headquartered in Luxembourg and have offices in Casablanca and Dubai. In addition to CIAM services, XAYONE Platform has B2E IAM, Data Governance, and Trust Management including electronic signatures and key management features. XAYONE Platform can be installed on-premises on Linux or Windows or in most Tier 1 IaaS platforms. XAYONE Platform is offered as SaaS and operates from a single cloud provider in Luxembourg. Multiple licensing/subscription models are available.
Why worth watching
Onboarding workflows can be tailored in the no-code admin GUI. XAYONE Platform allows migration of customers via LDAP, SCIM, or REST API as well as Just-In-Time (JIT) SAML account creation.