1 Introduction

IAM (Identity and Access Management) requirements of organizations not only vastly differ, but are also undergoing massive change. The history of IAM started with homegrown solutions and evolved to COTS (commercial off the shelf) software for various areas of IAM. Now, we observe both a growing number of organizations moving to SaaS models and, on the other hand, more organizations which need to integrate their IAM solutions tightly with their business processes and applications. This latter trend drives the demand for “Identity Platforms”, which allow for flexible customization of the IAM solution and integration into business solutions.

This demand is largely driven by two evolutions, both being part of the so-called “Digital Transformation”. One is the need for a close interaction with consumers and customers, the other is the demand for managing consumer IoT devices. Due to the integration need with existing and new consumer-facing processes and the consumer IoT devices, these challenges frequently can’t be solved well by just relying on a standard COTS IAM tool. IAM capabilities tend to become an integral part of new consumer-facing solutions created in the Digital Transformation.

Thus, there is a growing need for Identity Platforms, be it as an on premises platform or an API platform run as a cloud-based service. Traditional Enterprise IAM is focused on efficient and complex processes in a structured environment, with little integration into other applications. This is fundamentally different when it comes to Consumer IAM and managing consumer IoT devices, where such integration is essential to provide one consistent interface to the customer, not only and not even primarily for the management of his identity and access, but for the business functions that rely upon well-managed identities, flexible authentication, and the coordinated management of things.

From the KuppingerCole perspective, there are some key requirements for such platforms. One is scalability. While traditional Enterprise IAM must deal with tens or maybe a few hundreds of thousands of identities, Consumer IAM must scale to millions and tens of millions. When managing the connected things of the consumers in consumer IoT, that number might even grow well beyond these numbers.

The second key requirement is flexibility. Identity Platforms must provide a good baseline level of user interfaces and standardized capabilities, but, in particular, they must deliver the flexibility for integration into consumer-facing business applications and services. Supporting that integration, starting with a comprehensive and well-thought-out set of APIs, and flexible customization are essential for such platforms.

Finally, there is the need for strong standards support. When interacting with consumer devices for authentication, when being integrated into existing customer business application and services, and when being built for growth and a flexible and rapid extension and adaptation to new requirements, standards take a central role. Identity Platforms deliver the backend and the services for building new customer-facing solutions, by delivering both APIs and broad standard support.