In an almost identical repeat of their 2017 IDaaS B2E report, KuppingerCole have honored EmpowerID as being an Overall leader in their October 2019 Leadership Compass.
Delighted as we are to receive such recognition, we know we must strive to do better. The industry and landscape is changing and all companies—EmpowerID included—must work their hardest to continue to serve and support our customers.
In addition, EmpowerID are more than delighted to be a Product Leader, an Innovation Leader, a challenger for market leadership, and a Technology Leader.
When your organization itself has spent countless time, effort, and energy designing and maintaining your end-to-end business process and workflows, when faced with selecting between a product that doesn’t integrate seamlessly and one that does, the choice is hardly a complex one. With EmpowerID, the result is a much simpler, and faster integration than other IAM suites can offer.

Comparison Chart

We know that comparing products in general, let alone in IAM, can be awkward. As such, we’ve tried to make this easy to read and reference.
The rest of this report is in 4 parts:

  • The product comparison grid
  • Additional features (and feedback that our customers gave us on exactly why they chose EmpowerID
  • And links to the other companies’ sites (so that you can check out anything you’re unsure or unhappy about) and additional detail on KuppingerCole’s report and ratings.
  • We hope you find it useful and, if you have any questions for us, we are more than happy to help.

Solution EmpowerID Okta SailPoint Idaptive Saviynt IBM Cloud OneLogin CyberArk
SSO-Federation IdP X X X X X X
SSO-WAM X Announced X
API Gateway X (Kong Add-On X X
Basic MFA X X X X X X
Adaptive MFA X X X X X
LDAP Virtual Directory X LDAP not virtua X
SCIM Server (Inbound) X X X X
SCIM Virtual Directory X
PAM-Password Vault X X X
PAM-Privileged Sessions X X-Scale FT X X
Identity Warehouse X X X X-limited X X X
Sync Engine / Attribute Flow X X X X-limited X
Cross-System Role-Based Access Control (RBAC) X X-limited X X
Attribute-Based Access Control (ABAC) X X
Policy-Based Access Control (PBAC) X
External Authorization Policy Decision Point (PDP) X
Role Mining Analytics X X X
User Behavior Analytics X-limited X X
Dynamic Group Generation (Create, Automate, Retire) X
Delegated User & Group Administration (AD, SAP, Cloud, etc.) X
Shopping Cart Access Requests*** X X X X-limited
ServiceNow Catalog Integration X X X X X X
Recertification X X X
SoD (Coarse Grained) X X X
SoD (Fine Grained / SAP) X-in progress X
Self-Service Password Reset & Sync X X X X-limited X
SharePoint Access Management (Inventory/Permissions) X X
File Share Access Management (Inventory/Permissions) X X
Mailbox Access Management (Inventory/Permissions) X X
Chat Bot X
Workflow Orchestration* X X-Azuqua X-limited

Other Reasons Our Customers Chose EmpowerID

There are several reasons why our customers chose EmpowerID. A summary of their requirements and, where applicable, comments is below (in alphabetical order):

  • Complex Data Model Capability—one global manufacturing company told us they had concerns around their huge and complex AD/Exchange data model. They not only needed to update their directory but had to 1) maintain its hygiene and 2) its security. Another said their existing Active Role server was too inflexible and they needed to move to a different system.

  • Compliance Automation and Reporting—a major concern for every organization, EmpowerID makes compliance and meeting your legal obligations simple and straightforward (in conjunction with SoD, it strengthens your Enterprise’s security, standing, and position).

  • Docker—longevity, ease of use, and scalability are 3 terms that are always mentioned when talking about requirements. Docker permits all of these, plus ease of use (containers are simplicity in themselves), resilience, failover, and speed.

  • JML (Joiner/Mover/Leaver)/Lifecycle for a huge number of systems and users-—this is a concern for many organizations (one of our customers has over 500k users) who need to optimize their systems for access control, scalability, flexibility, and user control.

  • Kubernetes—with their legacy apps proving too costly to maintain and use, Kubernetes was high on the list of requirements. Given that EmpowerID is developed on a single code base, that all parts integrate tightly, and we use Kubernetes for deployment and scale it was a critical choice for several customers.

  • Legacy Systems Replacement—older apps are unable to cope with the changing demands and many are failing. As such, we’ve been asked if EmpowerID can replace legacy Business-to-Enterprise (B2E), Business-to-Business (B2B), and B2C (Business-to-Consumer) apps—it can.

  • Microservices—the demand for access to cloud apps via the web has seen an increase in the need for microservice-based solutions. As a single, integrated application, EmpowerID is focused on microservices: not least because of the deployment and technical flexibility, but also the ability to scale (with Kubernetes/Docker) and their future potential.

  • Multifactor Authentication-with EmpowerID, this works hand-in-hand with Single Sign-on. EmpowerID offers well over 20 MFA methods, including Adaptive Multi-Factor Authentication.

  • Provisioning engine/automated/policy based-EmpowerID performs provisioning as part of the JML lifecycle. We have an entire section in the documentation on how we do this. Click here to learn more about this process and how we do it in EmpowerID.

  • RBAC/ABAC-this was a main concern for all customers. Specifics included matching their existing use cases and structure, providing delegated admin, replacing a single database that connects with many companies/organizations, the ability to replace custom AuthZ models in ClickCommerce and AzMan, etc. EmpowerID is extremely flexible and can work with any system, however complex. With our universal connector we can also connect with all models or systems.

  • Role Mining—a natural concern when speculating the move to any new system. Let’s just say that, unlike other methods that companies use, EmpowerID does Role Mining with intelligence. (click here to discover more about how we do it1)

  • Scalability/flexibility-a requirement for many of our customers is full capability with Microsoft products: Office365 / Azure/ SharePoint / AD / Exchange functionality (some with SharePoint on-premises). We’re delighted to say that EmpowerID has deep integration and flexibility with that suite of products (and much more).

  • Self-Service Password Reset——involving IT support in resetting passwords is a major drain on resources. Most of our customers have requested this capability.

  • Single Sign-on-—another requirement of practically all customers, EmpowerID provides SSO with Adaptive MFA

  • Smartcard login-one Enterprise specified that Smartcard login was a requirement. EmpowerID offers this capability (click here to read more)

  • SoD/Compliance/Recertification/Automation and reporting-—the legal ramifications and need for compliance are to the fore. In Enterprise organizations, manual or unwieldy systems are no longer viable and prove too costly, labour and time intensive to manage. The need to ensure strict, controlled procedures and allowances around business roles and who can perform is imperative. EmpowerID affords strict separation of duties; helps you meet all your legal, compliance, and regulatory obligations; and provides full monitoring and audit capabilities. (Click here for more information on how EmpowerID’s SoD works2.)

  • Workflow—was a request of many customers. Another powerful component in the EmpowerID toolbox, our Workflow Design Studio and 1,000+ out of the box workflows means easier adoption and integration with your Enterprise. So simple and quick to use, you’ll likely wonder how you ever managed without it. As a testimony to its ease and versatility, on one demo call, one customer wanted to test the flexibility of our workflow so made us develop it live while they watched). It’s ultra-powerful and our customers love it.