Identity and Access Management Vendors to Watch

Ralph DeFrangesco

Over the past week, we have discussed a few topics in the identity and access management space. Now it's time to talk about some of the players and what their solutions have to offer.


Sun Microsystems continues to be a leader as an identity and access management provider. Sun offers its OpenSSO Enterprise software suite as a next-generation solution that provides centralized control and Single Sign-On (SSO) for internal, external and Web services security. The product is built around a self-contained Java application and supports the SAML and WS-Federation security standards.


Microsoft is fairly new to identity and access management, at least in my mind. Geneva Server is the next generation of Microsoft's Active Directory Federation Services. The product can be used by any identity provider, whether inside or outside the organization, using the SAML 2.0 standard. The product integrates with: CA Federation Manager, CA SiteMinder, Novell Access Manager, SAP NetWeaver and Sun's OpenOSS. The Geneva Framework allows developers to create claims-aware applications. Geneva is available today as a beta 2 download. The GA version is slated to ship in the second half of 2009.


UnboundID markets its Directory Services 2.0 as a framework that enables organizations to meet the demanding needs of Internet-driven and consumer-facing architectures. UnboundID comes with a bi-directional synchronization capability that allows Sun Directory Server users to transition to the UnboundID production seamlessly. In addition, UnboundID combines directory services with a relational database into one identity architecture, allowing it to support a high volume of applications and end users.


Lieberman Software has recently released the latest version of its Account Reset Console (ARC). The new version includes RSA SecureID authentication that ensures that only employees with physical possession of a hardware authenticator and proper credentials can access passwords through the Account Reset Console. Other features in the latest release of ARC include a high-availability Web site, multi-verification notification and user-selected verification.


I could easily list another 20 vendors; there are many solution providers that will take your money. The best place to start when choosing an identity and access management vendor, or any vendor, is to do your homework about the company. Find out how long have they been in business, who some of their key clients are, who some of their top developers are, where they are in the Magic Quadrant (Forrester or Gartner), review their financial statements, and follow general news feeds about the company. Finally, develop a vendor selection criteria. In other words, how will you choose a vendor? Will it be on price, product, support, reputation or something else? I feel that the biggest mistake people make when selecting a vendor is that they don't do their homework - don't fall into that trap.

Add Comment      Leave a comment on this blog post
Jun 10, 2009 11:16 AM M Barry M Barry  says:

Don't overlook lesser-hyped security vendors, such as Enterasys. They may not have the huge marketing and advertising budgets that Microsoft, Symantec and Cisco have but their products are well proven in bake-offs and in the field.

Enterasys NAC appliances can be installed in-band to block traffic that violates policies or out-of-band for less invasive and easier to deploy architectures.

The gear can draw intrusion prevention data from the company's own Dragon IPS or from two IPS competitors, Tipping Point and Sourcefire. This means the combination of NAC with IPS can perform continuous threat monitoring after a device has been admitted to the network.

The IPS detects suspicious behavior and according to policy, triggers an enforcement action by the NAC gear, quarantining the offending traffic based on the device MAC address at its access switch port.

The gear can distinguish between different types of traffic from a single device and block only that traffic that is deemed malicious. This enables a user whose machine may have problems to continue working without jeopardizing the network at large.

Jun 11, 2009 3:06 AM Justin Justin  says: in response to Ralph DeFrangesco


I find your article very interesting and would like to contact you directly so as not to provoke anything such as the above comments. Could you please shoot me an email so I can reach you?

Jun 11, 2009 10:40 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to M Barry


If you read the entire article, you would have seen that I didn't even mention Cisco or Symantec. However, I did mention two smaller vendors, UnboundID and Lieberman Software to bring a balance to the article. Next time if you wish to plug your company, please contact me directly.


Jul 15, 2010 7:09 AM Madhan Kumar Srinivasan Madhan Kumar Srinivasan  says: in response to Ralph DeFrangesco

Like Justin, I find your article very interesting and would like to contact you directly. If your are also interested please give your contact details to my email id

Jul 16, 2010 11:25 AM Sudhir garg Sudhir garg  says: in response to Madhan Kumar Srinivasan


I echo the same and like your article. can you please contact me at my email ID so that I can get more information and do a business for my company with you.

Jan 16, 2013 12:48 PM Thomas Edgerton Thomas Edgerton  says:
While IAM is a crowded space, I am surprised you left out so many strong players.  I would think that at a minimum you might have included companies like Avatier who are listed in the IAM Magic Quadrant. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.