Which vendor IAM Solution is Best?

I do a lot of general advisory work and calls with customers, partners, colleagues and commonly am asked the direct questions:  What is the best vendor for my IAM program (insert IGA, AM, PAM, etc. here)?  My response always is…it depends. 

Yes, I know I am dodging the question, but arguably, it is impossible for me to say which is the best solution at that point and time without some context and looking at a number of factors.  I have preferred vendors I have worked with and had success with, but based on technology, resourcing, current maturity, etc., it really varies by organization.

To explain more, when looking at vendors in the IAM space for your program, it is important to look at context.  Context in terms of vendor selection is going to come down to:

1. Deployment Model:  Are you primarily cloud, on-perm, global, etc.?   Depending, this will start identifying possible vendors that can solve your problem.
2. Level of complexity:  If you have complex onboarding, provisioning, authentication integrations, etc. that do not follow established standards, you’re going to need a vendor that provides customization capability.  A lot of vendors in the IAM space are moving to cloud delivered models, which as such, are going to be limited in terms of customizations given they need to be supported and streamlined for everyone.  Or, with a cloud model, you’re going to need to look at events, subscription, 3^rd party integrations to handle the complex…or,
3. Appetite for change: If you have complex processes and integrations, you may have more of an appetite to change the complex to account for the IAM vendor of choice delivery.  But, if you do not have an appetite for change, or business processes do not allow, then are going to have to select a vendor that can fit into your requirements.
4. Integrations:  Specifically, when it comes to governance and PAM platforms, you’re going to want to look at vendors that either 1) have ample OOTB connectors / integrations or 2) provide a simplified model for building custom integrations.  A lot of platforms may work well with OOTB (e.g. Active Directory / LDAP) but have challenges with custom web services, database, etc. which can lead to challenges later.
5. Resource Availability:  This one is generally overlooked until it is too late, but from a resourcing you need to look at internal support (e.g. do you have .NET or java developers to support deployment of a platform), is there a large community of practitioners to pull from (obscure / new IAM platforms may not have many people trained / available), and demand for resources (if is high demand, might be hard to hire / find resources or costly given people move to other jobs).

So, given the challenges, what is the best answer and approach when looking for the ‘Best’ vendor?  The best approach is to define your requirements, integrations, resources, etc. and then see which vendors fit into that model.  By focusing on yourself first, you’re going to find a vendor that meets your needs rather than someone that looks good in a demo.