There are many ways to design IAM architecture:
- Traditional organizations usually sync Active Directory (on-prem) with a nearly “all-in-one” cloud IAM solution like Okta or Entra ID.
- In fully remote workspaces, some might opt to go all-in with a cloud provider like AWS, using AWS IAM for workforce IAM and AWS Cognito for CIAM.
- In certain industries, such as higher education, institutions often rely on a mix of 10+ solutions, (many of which are industry-specific, like those provided by InCommon) all centered around a directory service like Active Directory for centralized user management.
How IAM architecture is designed depends largely on how a company stores data, strictness of compliance requirements, and complexity of its access needs.
Note: The following list of IAM solutions is not exhaustive.
IAM solutions
Microsoft – Most large enterprise IAM architecture is centered around Microsoft’s Active Directory on a Windows server on-premises.
Products: Active Directory, Entra ID (formerly Azure AD), Entra External ID (formerly Azure AD B2C)
Documentation: Active Directory | Entra ID | Entra External ID
Certification: Microsoft Certified: Identity and Access Administrator Associate
Okta – Closest thing to an “all-in-one” cloud IAM tool with an extensive integration network.
Products: Okta Workforce Identity, Okta Customer Identity Cloud
Documentation: Okta Docs
Certification: Okta Certified
CyberArk – Most popular Privileged Access Management (PAM) solution.
Products: CyberArk PAM, CyberArk Privilege Cloud
Documentation: CyberArk Docs
Certification: CyberArk Certified
AWS – Huge cloud platform with built-in IAM/CIAM tools.
Products: AWS IAM, AWS Cognito
Documentation: AWS Docs
Certification: AWS Certified Security Specialty (not IAM specific, but covers IAM)
Keycloak – Most popular open-source IAM solution.
Products: Keycloak (free)
Documentation: Keycloak Documentation
Certification: N/A
SailPoint – Focused on customizability and complex identity governance needs.
Products: SailPoint IdentityIQ, SailPoint Identity Security Cloud (IdentityNow)
Documentation: SailPoint Product Documentation
Certification: SailPoint Certified
Ping Identity – Focused on federation capabilities and complex B2B scenarios.
Products: Ping Identity (PingFederate is the most popular solution within the suite)
Documentation: Ping Identity Documentation
Certification: Ping Certified
Saviynt – Cloud-first identity governance tool.
Products: Saviynt
Documentation: Saviynt Documentation
Certification: Saviynt Certified Professional
BeyondTrust – PAM solution known for smooth deployment in complex environments.
Products: BeyondTrust
Documentation: BeyondTrust Technical Documentation
Certification: BeyondTrust University
Oracle – Ideal for organizations requiring seamless integration with Oracle applications and databases.
Products: Oracle Identity Management
Documentation: Oracle Identity Management Documentation
Certification: N/A
Fischer Identity – Affordable “all-in-one” solution popular for higher education, non-profits, and employee-owned corporations.
Products: Fischer Identity
Documentation: N/A
Certification: Fischer University
InCommon (by Internet2) – Open source tools designed specifically for higher education.
Products: Shibboleth, Grouper, COmanage, midPoint
Documentation: InCommon Trusted Access Platform Library
Certification: N/A