Loading...
Identity and Access Management is the discipline of deciding who, or what, gets to access which systems, under what conditions, and proving it after the fact. As the perimeter dissolved into SaaS, cloud, and remote work, identity became the control plane, and it is now the most attacked one: most breaches start with stolen or misused credentials, not malware. The category spans the full lifecycle, from authenticating humans (Access Management, MFA & Passwordless, CIAM) to governing what they can touch (Identity Governance, Privileged Access Management) to the fast-growing problems of machine and cloud identity (Non-Human Identity, Secrets Management, CIEM) and catching identity attacks in progress (ITDR). It is broad enough that most buyers assemble a stack across several subcategories rather than betting on one platform that claims to do everything.
We cover 832 IAM tools, 60 free and 772 commercial.
Accuracy and depth improve over time. Last reviewed Jul 2026. Is something off? Reach out.
A CLI tool for generating AWS IAM policy documents, SAM policy templates, and SAM Connectors using JSON definitions from the AWS Policy Generator.
A CLI utility that simplifies switching between different AWS roles by automatically managing AWS credentials file modifications.
A Lambda function that automatically disables AWS IAM User Access Keys after a specified time period to reduce security risks from aging credentials.
A NodeJS/TypeScript library that generates IAM Policy Actions Statements for AWS services with predefined constants and factory classes for AWS CDK integration.
CloudTracker analyzes CloudTrail logs against IAM policies to identify over-privileged AWS users and roles by comparing actual permission usage with granted permissions.
Policy Sentry is an automated IAM policy generator that helps developers create least privilege AWS IAM policies through a template-based workflow.
TrailScraper is a command-line tool for extracting information from AWS CloudTrail logs and generating IAM policies based on actual API usage patterns.
A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.
A CLI tool for securely generating keys, passwords, and providing credentials without files, primarily for building secure BOSH deployments using Vault and Spruce.
Teller is a command-line secret management tool that integrates with various cloud providers and vaults to securely populate environment variables during development workflows.
Chamber is a command-line tool for managing secrets by storing them in AWS SSM Parameter Store with path-based API support for improved performance.
An AWS IAM security assessment tool that identifies least privilege violations and generates risk-prioritized reports for IAM policy remediation.
A simple drop-in library for managing users, permissions, and groups in your application.
Project hosting scripts for implementing Pass the Hash mitigations with PtHTools module commands.
Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.
SOPS is an encrypted file editor that supports multiple formats and integrates with various key management services including AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.
A command-line password manager that encrypts credentials using GnuPG and stores them in YAML files with git synchronization support.
832 tools across 12 specializations · 60 free, 772 commercial
Access Management
Workforce access management tools providing SSO, federation, and the access gateway for employees and internal users.
MFA & Passwordless
The authentication factor itself: multi-factor authentication, passwordless, FIDO, passkeys, and biometric authentication.
CIAM
Customer Identity and Access Management (CIAM) delivered as auth-as-API embedded in the customer's own application.
Common questions about IAM tools, selection guides, pricing, and comparisons.
IAM is the set of tools and processes that control who can reach an organization's systems and data, what they can do once inside, and how that access is proven and revoked. It spans authenticating users with passwords, MFA, SSO, and passkeys, governing permissions over time, securing privileged and machine accounts, and detecting identity-based attacks. With identity now the primary target in most breaches, IAM is foundational to modern security.
Start by identifying which specific identity problem you have, because IAM covers many distinct ones. Workforce login, customer identity, access governance, privileged access, machine and cloud identity, and identity threat detection are separate disciplines. Match your biggest risk and compliance gap to the corresponding subcategory, then judge tools on how deeply they integrate with your existing identity provider, cloud, and HR systems.
IAM is the broad discipline covering all identities and their access. Privileged Access Management is a subcategory focused on high-risk accounts: administrators, root, service accounts, and anyone with elevated permissions. PAM adds credential vaulting, session recording, and just-in-time elevation that general IAM does not. Most organizations need both: IAM for everyone, PAM for the accounts that can do the most damage.
Open-source identity providers handle authentication and SSO well and make a strong foundation, especially for engineering-heavy teams comfortable operating them. Governance, privileged access, identity threat detection, and audit-ready reporting are where commercial platforms pull ahead, in both features and support. Many organizations run open-source for core authentication and buy commercial tools for governance, PAM, and ITDR, where the operational burden and stakes climb.
Identity Governance and Administration
Identity Governance and Administration (IGA) platforms for joiner-mover-leaver lifecycle, access certification, and separation-of-duties.