Identity & Access Management: 19 Tools compared
Managing who can access what across cloud apps, internal tools, and infrastructure. Whether you need enterprise SSO with thousands of integrations, developer-friendly CIAM for your SaaS app, or open-source IAM you can self-host, you'll…
Quick comparison
All identity & access management tools side by side, alphabetical.
| Tool | Deployment | Pricing model | Open source | Standards / certs |
|---|---|---|---|---|
| 1Password (Business) | Cloud | Per-user | — | SOC 2 Type IIISO 27001 |
| Auth0 | Cloud | Per monthly active user (MAU) | — | SOC 2 Type 2ISO 27001HIPAA |
| authentik | Self-hosted | Open Source + Enterprise | Yes | — |
| Bitwarden (Business) | Cloud + Self-hosted | Per-user | Yes | ISO 27001SOC 2 Type IISOC 3 |
| Cloudflare Access | Cloud | Per-user (free tier + paid tiers) | — | SOC 2 Type 2ISO 27001FedRAMP Moderate |
| Dashlane (Business) | Cloud | Per-user | — | — |
| Delinea | Cloud + Self-hosted | Per-user or per-server licensing | — | — |
| Duo Security | Cloud | Per-user monthly subscription with free tier | — | FedRAMPSOC 2 Type IIISO 27001 |
| ForgeRock | Cloud + Self-hosted | Per-user subscription or custom enterprise licensing | — | — |
| JumpCloud | Cloud | Per-user (billed annually) | — | SOC 2 Type 2ISO 27001HIPAA |
| Keeper (Business) | Cloud | Per-user | — | — |
| Keycloak | Self-hosted | Open Source + Enterprise Subscription | Yes | — |
| LastPass (Business) | Cloud | Per-user | — | SOC 2 Type IISOC 3ISO 27001 |
| Microsoft Entra ID | Cloud | Per-user (bundled with Microsoft licenses) | — | SOC 2 Type 2ISO 27001FedRAMP High |
| Okta Workforce Identity | Cloud | Per-user tiers (billed annually) | — | SOC 2 Type 2ISO 27001FedRAMP High |
| One Identity | Cloud + Self-hosted | Per-user subscription + modules | — | — |
| OneLogin | Cloud | Per-user tiers | — | SOC 2 Type 2ISO 27001HIPAA |
| Ping Identity | Cloud + Self-hosted | Enterprise (contact sales) | — | SOC 2 Type 2ISO 27001FedRAMP High |
| SailPoint | Cloud + Self-hosted | Per-identity subscription | — | — |
1Password (Business)
Developer PlatformTeams wanting combined password management and developer secrets automation
1Password for Business extends the popular password manager into secrets automation for development teams. It provides secure credential sharing, CI/CD secrets injection, SSH key management, and service account tokens for automated workflows.
Auth0
Identity & Access ManagementSaaS teams that need customer login with a great developer experience
Auth0 is a developer-focused customer identity platform (CIAM) now owned by Okta but sold as a separate product. It provides drop-in login, social sign-in, passwordless authentication, and multi-factor auth for applications, with SDKs for nearly every major framework. Auth0 is especially popular with SaaS startups because of its generous free tier and developer experience: you can go from zero to a working login flow in minutes.
authentik
Open Source IAMTeams wanting a modern, developer-friendly open-source identity provider with easy deployment
authentik is an open-source identity provider focused on flexibility and versatility. It supports SAML, OAuth2, OpenID Connect, LDAP, SCIM, and RADIUS protocols. It provides a modern UI for user self-service, admin management, and can act as a full identity provider or authentication proxy.
Bitwarden (Business)
Enterprise Password ManagementSecurity-conscious organizations wanting an affordable, auditable, and self-hostable password manager
Bitwarden is an open-source password management solution trusted by millions of users and thousands of organizations worldwide. The business tier provides enterprise-grade credential management with end-to-end encryption, flexible self-hosting options, and deep integration with identity providers. Its transparent, auditable codebase and affordable per-user pricing make it a compelling alternative to proprietary password managers for security-conscious organizations.
Cloudflare Access
Identity & Access ManagementTeams replacing a VPN with zero trust access to internal apps
Cloudflare Access is a zero trust network access (ZTNA) product, part of the Cloudflare Zero Trust platform. Instead of handing out VPN credentials, Access puts Cloudflare's global network in front of your internal apps and SSH/RDP hosts, enforcing identity-aware policies on every request. It brokers authentication to your existing identity provider (Okta, Entra ID, Google Workspace, etc.) rather than replacing it, which keeps deployment lightweight.
Dashlane (Business)
Enterprise Password ManagementOrganizations prioritizing user experience, phishing protection, and high employee adoption rates
Dashlane Business is an enterprise password management platform that combines credential management with built-in phishing protection, VPN for Wi-Fi security, and proactive dark web monitoring. Known for its polished user interface and focus on employee adoption, Dashlane provides SSO and SCIM integration, real-time phishing alerts, and a company-wide password health score. Its confidential SSO architecture allows organizations to deploy single sign-on without requiring a separate identity provider for the master password.
Delinea
PAM & IdentityOrganizations wanting a faster PAM deployment with lower complexity
Delinea, formed from the merger of Thycotic and Centrify, offers a PAM platform centered around its flagship Secret Server product. Delinea focuses on making privileged access management accessible and easy to deploy, with cloud-ready solutions for credential vaulting, privilege elevation, and server access management.
Duo Security
MFA & Zero Trust AccessOrganizations prioritizing easy-to-deploy MFA across VPNs, cloud apps, and legacy systems, especially those in Cisco networking environments
Duo Security, a Cisco company, is a multi-factor authentication and zero trust access platform. Duo is known for its ease of deployment, user-friendly push authentication, and broad integration with VPNs, cloud applications, and legacy systems. It provides device trust verification, adaptive access policies, and single sign-on, serving as a practical entry point for organizations building zero trust security architecture.
ForgeRock
Enterprise IAMLarge enterprises and service providers needing the most flexible identity orchestration, massive CIAM scale, or complex regulatory compliance requirements
ForgeRock is an enterprise-grade identity management platform designed for the most demanding workforce and customer identity deployments. Now merged with Ping Identity, ForgeRock provides identity orchestration, access management, directory services, and identity governance. Its AI-powered identity platform handles complex authentication journeys with a visual orchestration engine, and its high-performance directory scales to billions of identity records for large CIAM deployments.
JumpCloud
Identity & Access ManagementSMBs and mid-market teams wanting IAM plus MDM without buying both
JumpCloud is an open directory platform that consolidates identity, device, and access management into a single tool. It combines SSO, MFA, cloud LDAP, RADIUS, and cross-platform device management (Windows, macOS, Linux) in one dashboard. The platform is especially popular with SMBs and mid-market IT teams who want to replace Active Directory, Okta, and an MDM tool with one product.
Keeper (Business)
Enterprise Password ManagementCompliance-focused enterprises needing zero-knowledge security and dark web monitoring
Keeper Security is a zero-knowledge enterprise password management and secrets management platform designed for organizations with strict security and compliance requirements. It offers encrypted vault storage, dark web monitoring through BreachWatch, privileged access management, and robust admin controls. Keeper is SOC 2 and ISO 27001 certified and supports granular role-based policies for managing credentials across large teams.
Keycloak
Identity & Access ManagementTeams that need full control, auditability, and zero license cost
Keycloak is the open-source identity and access management platform backed by Red Hat. It provides SSO, federation, identity brokering, and social login for modern applications and services. Keycloak is the upstream project for Red Hat Build of Keycloak (the commercially supported version) and is widely deployed in both enterprise and community settings where full control over the identity stack is required.
LastPass (Business)
Enterprise Password ManagementOrganizations with large user bases needing broad SSO app integration and a familiar password management experience
LastPass Business is a widely deployed enterprise password management solution offering centralized credential storage, SSO, and multi-factor authentication for organizations. Despite high-profile security incidents in 2022, LastPass remains one of the most broadly adopted business password managers due to its extensive integration ecosystem, familiar user experience, and mature admin features. The platform provides over 1,200 pre-integrated SSO apps and an admin dashboard for managing policies across distributed teams.
Microsoft Entra ID
Identity & Access ManagementOrganizations already committed to Microsoft 365 and Azure
Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud identity platform and the backbone of authentication for Microsoft 365, Azure, and Windows. Because it ships with nearly every M365 or Microsoft 365 Business plan, it's the default identity provider for a huge share of the market. Entra ID includes Conditional Access for risk-based policies, Privileged Identity Management, and deep integration with Windows device trust.
Okta Workforce Identity
Identity & Access ManagementEnterprises with large SaaS portfolios needing a proven, broadly-integrated IAM backbone
Okta is the category-defining cloud identity platform, providing single sign-on, multi-factor authentication, lifecycle management, and API access management. The Okta Integration Network has more than 7,000 pre-built app integrations, and the platform is trusted by roughly half of the Fortune 100. Okta has invested heavily in phishing-resistant authentication (FIDO2, passkeys) and adaptive access policies driven by device and behavior signals.
One Identity
PAM & IdentityOrganizations needing unified identity governance and privileged access management
One Identity, a Quest Software company, provides a unified identity security platform spanning privileged access management, identity governance and administration, and Active Directory management. Its Safeguard product line delivers PAM capabilities while its Identity Manager provides comprehensive governance and compliance.
OneLogin
Identity & Access ManagementMid-market teams wanting full IAM features at a lower per-seat price
OneLogin is a cloud IAM platform focused on the mid-market, now part of One Identity (Quest Software). It offers SSO, MFA, user provisioning, and unified directory services, typically at a lower price point than Okta. OneLogin's SmartFactor Authentication uses machine learning to score risk at every login, and the platform has a solid integration catalog through its App Catalog.
Ping Identity
Identity & Access ManagementLarge, regulated enterprises needing hybrid deployment and deep federation
Ping Identity is an enterprise-grade identity platform focused on large, regulated organizations. It supports workforce, customer, and non-human identities, with strong federation capabilities, hybrid/self-hosted deployment options, and FedRAMP-authorized offerings. After the Thoma Bravo acquisition and merger with ForgeRock, Ping's PingOne platform is one of the most comprehensive enterprise IAM suites available.
SailPoint
Identity GovernanceEnterprises needing comprehensive identity governance and access certification
SailPoint is a identity governance and administration (IGA) platform that provides comprehensive capabilities for managing digital identities, governing access, and ensuring compliance. Its AI-driven platform automates access certifications, policy enforcement, and lifecycle management for all user types across cloud and on-premises applications.
Browse by Type
Related guides
Other categories you might be evaluating alongside identity & access management.
About this listing
Identity & Access Management tools, listed alphabetically and compared on public information. How we work →