The cloud-based identity and access management (IAM) space is crowded with vendors—including IBM and Okta—who all make similar claims. As key features like single sign-on (SSO) and multifactor authentication (MFA) become standard, organizations need more from IAM solutions such as IBM Verify and Okta Identity Cloud. They need the ability to scale and modernize to support their zero-trust initiatives and to protect their internal and external users, assets and data in a hybrid cloud world.
IBM Verify: A robust IAM solution
Verify reaches beyond attributes by offering a centralized decision engine that provides templates for granular consent management by purposes, along with EULAs, policies and rules, in a single portal. It helps privacy and risk officers automate consent decisions to address privacy laws without touching code.
Verify directly benefits from IBM’s long history in the fraud detection market, using its AI-powered fraud engine to evaluate deeper risk context for adaptive access out of the box.
Verify delivers automated access recertification campaigns to mitigate manual spreadsheet reviews and rubber stamp approvals. These campaigns also help to limit human error as organizations prioritize their compliance initiatives.
Verify includes AI-powered identity analytics in the same SaaS environment as its access management capabilities to empower predictive and autonomous risk mitigation.
Capability
IBM
OKTA
Single sign-on
Federated single sign-on to cloud, on-prem and mobile apps with pre-built connectors for common SaaS apps
Protection of legacy on-prem apps from the cloud
Lightweight, containerized reverse proxy to protect apps traditionally junctioned behind reverse proxies without the complexity—at no additional cost
Adaptive access
Some degree of contextual risk detection across location, device and IP address parameters easily tied to access policies
Ready-to-use advanced risk-based authentication insights such as behavioral biometrics
Continuous authentication for mobile web and native apps
Identity analytics
Holistic view of identity lifecycle risk, including decision support in the form of risk scores for users, applications and entitlements; accompanied by recommended mitigation actions powered by machine learning
Consent management
Storing user consent as an attribute
No-code workflows included to define and create data access purposes for users’ sensitive data
Customizable consent determination rules based on purpose and geographic conditions
Lifecycle management
Universal cloud directory with bidirectional mastering from any number of third-party identity providers
Several strategies for user provisioning and lifecycle management to extend existing investments, including Active Directory and LDAP agents with attribute-level mastering, JIT and SCIM provisioning, and API-based provisioning
Password reset self-service, access request workflows, and delegated administration to line-of-business managers
Automated, periodic access recertification campaigns for any app with customizable scope for users, groups and account types
Passwordless authentication
Wide array of MFA methods, including SMS, email, voice and time-based one-time passwords, mobile push and biometrics
Ability to apply adaptive MFA broadly across cloud and on-prem apps, VPN, Linux SSH and remote desktop protocol (RDP)
QR code and FIDO2 passwordless authentication
General
Support for both workforce and consumer IAM use cases from one solution
Ready-to-use integrations with commonly used social authentication providers such as Google, LinkedIn and Apple
Built-in reporting to diagnose authentication events
Developer resources to support embedding identity functions into custom apps
Cloud-native service with multi-region coverage, scalability and high availability to support data residency and redundancy requirements
SAML 2.0 and OIDC support
SOC 2 Type II, PCI DSS, ISO 27001, ISO 27017, and ISO 27018 certifications
As identity programs scale in a largely distributed world with a widened attack surface, most vendors—including IBM and Okta—offer core IAM capabilities and some degree of contextual risk detection to help you get started. With over 20 years of expertise in the identity space and a long-standing fraud detection IP, IBM offers the depth to help address complex risk-based authentication, with ready-to-use data privacy and consent management use cases for both IAM and CIAM. In addition, all IBM IDaaS capabilities are delivered with flexible contracts, allowing dynamic expansion of use cases or user populations as your IAM needs evolve. How ready is your IAM stack for the future?