Gartner Blog Network

Of Identities, Clouds, and Bridges

by Mark Diodati  |  October 20, 2011  |  Comments Off on Of Identities, Clouds, and Bridges

In response to the large number of client inquiries about identity management and the cloud, Gartner has recently published a research document that discusses identity management as a service (IDaaS)—turnkey identity management services that exist in the cloud.

In the document (Market Profile: Identity Management as a Service (IDaaS) [subscription required]), I discuss over 20 vendors and classify their product capabilities (that is, federation IDP, directory sync, provisioning, strong authentication as a service, federation SP, web access management, identity and access governance, XACML authorization, consumer authentication, and password vault). I also discuss recent IDaaS acquisitions, including Arcot, idOnDemand, Nordic Edge, and TriCipher.

In addition to discussing the market, the document examines three use cases that intersect identity management and cloud computing:

  • To the Cloud.Organizations that want to extend their existing identity management processes to manage users in SaaS or partner applications. This use case is the most prevalent and aligns with larger established companies that have significant on-premises IT infrastructure.
  • In the Cloud.Smaller organizations whose core IT functions are delivered via SaaS applications. These organizations are searching for off-premises, turnkey identity management solutions for users and applications in the cloud. Alternatively, larger organizations with distinct user constituencies might leverage an “in the cloud solution” for a specific user population.
  • From the Cloud.This is perhaps the most forward-looking use case. Some organizations want to leverage off-premises IDaaS for on-premises identities and applications. Many organizations aren’t comfortable yet with storing user information in an IDaaS application. Therefore, many of the “from the cloud” vendors offer a hybrid solution that stores user information on-premises.

Speaking of “hybrid”, the document discusses an important emerging IDaaS concept: the identity bridge. As organizations straddle on-premises and off-premises identity management, a single, bi-directional, on-premises component becomes essential. Preferably, this component should be delivered as a virtual appliance. Today, most on-premises IDaaS helper gateways are single-function and unidirectional; they work well for simpler use cases. They won’t be up for the task as the organizations add more identity management functions and distribute those functions more evenly between the on-premises environment and the cloud.

Identity Bridge


Mark Diodati
Research VP
6 years at Gartner
21 years IT industry

Mark Diodati is a Research Vice President with Gartner's IT Professionals research and advisory service. His focus topics include mobility, authentication, cloud idenitity, federation, directory services, provisioning, identity services, Active Directory interoperability, Web access management…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.