Loading...
Identity and Access Management is the discipline of deciding who, or what, gets to access which systems, under what conditions, and proving it after the fact. As the perimeter dissolved into SaaS, cloud, and remote work, identity became the control plane, and it is now the most attacked one: most breaches start with stolen or misused credentials, not malware. The category spans the full lifecycle, from authenticating humans (Access Management, MFA & Passwordless, CIAM) to governing what they can touch (Identity Governance, Privileged Access Management) to the fast-growing problems of machine and cloud identity (Non-Human Identity, Secrets Management, CIEM) and catching identity attacks in progress (ITDR). It is broad enough that most buyers assemble a stack across several subcategories rather than betting on one platform that claims to do everything.
We cover 832 IAM tools, 60 free and 772 commercial.
Accuracy and depth improve over time. Last reviewed Jul 2026. Is something off? Reach out.
Identity governance platform for access control and policy enforcement
Identity governance and administration solution for access management
Identity threat detection and response solution by Identity Automation
Passwordless MFA solution using FIDO passkeys for workforce and customers
Continuous authentication platform with real-time risk assessment & adaptive MFA
Passwordless authentication platform using FIDO2 passkeys and biometrics
Protects accounts from takeover via credential stuffing & activity monitoring
Identity-based secrets mgmt platform for credentials, certs, keys & encryption
Cloud-based IDaaS platform for identity and access management
Digital security solutions for IoT connectivity, identity tech, and infrastructure
Password manager with data breach monitoring and identity theft prevention
Password manager with encrypted vault, autofill, and breach monitoring
Cloud-based IAM solution combining access management and governance features
Enterprise IAM suite with identity governance, directory services, and SSO
Self-service password reset for Windows passwords online and offline
IGA solution for managing user identities, access rights, and compliance
Enterprise SSO solution for password management and single authentication access
Telecom network authentication and policy control for 4G/5G networks
MFA integration for Microsoft services including Entra ID, Windows, and RDP
ITDR solution for detecting and responding to identity-based threats
Identity Security Posture Management tool for visibility and risk assessment
SSO solution for centralized authentication and access management
Adaptive access control with MFA, SSO, and risk-based authentication policies
Access management solution with MFA, SSO, passwordless auth & adaptive policies
832 tools across 12 specializations · 60 free, 772 commercial
Access Management
Workforce access management tools providing SSO, federation, and the access gateway for employees and internal users.
MFA & Passwordless
The authentication factor itself: multi-factor authentication, passwordless, FIDO, passkeys, and biometric authentication.
CIAM
Customer Identity and Access Management (CIAM) delivered as auth-as-API embedded in the customer's own application.
Common questions about IAM tools, selection guides, pricing, and comparisons.
IAM is the set of tools and processes that control who can reach an organization's systems and data, what they can do once inside, and how that access is proven and revoked. It spans authenticating users with passwords, MFA, SSO, and passkeys, governing permissions over time, securing privileged and machine accounts, and detecting identity-based attacks. With identity now the primary target in most breaches, IAM is foundational to modern security.
Start by identifying which specific identity problem you have, because IAM covers many distinct ones. Workforce login, customer identity, access governance, privileged access, machine and cloud identity, and identity threat detection are separate disciplines. Match your biggest risk and compliance gap to the corresponding subcategory, then judge tools on how deeply they integrate with your existing identity provider, cloud, and HR systems.
IAM is the broad discipline covering all identities and their access. Privileged Access Management is a subcategory focused on high-risk accounts: administrators, root, service accounts, and anyone with elevated permissions. PAM adds credential vaulting, session recording, and just-in-time elevation that general IAM does not. Most organizations need both: IAM for everyone, PAM for the accounts that can do the most damage.
Open-source identity providers handle authentication and SSO well and make a strong foundation, especially for engineering-heavy teams comfortable operating them. Governance, privileged access, identity threat detection, and audit-ready reporting are where commercial platforms pull ahead, in both features and support. Many organizations run open-source for core authentication and buy commercial tools for governance, PAM, and ITDR, where the operational burden and stakes climb.
Identity Governance and Administration
Identity Governance and Administration (IGA) platforms for joiner-mover-leaver lifecycle, access certification, and separation-of-duties.