There’s a shakeup looming in the fledgling cloud identity and access management market.
Salesforce today is making its identity and access management service, known as Identity, generally available. Microsoft began offering its Azure Active Directory service earlier this year but expects to add more substantial capabilities by the end of the year. Other big names are sure to follow, making life hard for the startups like Okta, OneLogin, and Ping Identity, that trailblazed this segment.
Andras Cser, an analyst at Forrester, called the emergence of cloud identity and access services from the likes of Microsoft and Salesforce a “huge threat” to the startups. “I would not be surprised if Workday, Google, AWS [Amazon Web Services] all either built their own cloud IAM service or went out on an acquisition spree to buy Okta, Symplified, OneLogin, etc.,” he said.
The biggest challenge those startups will face is price. Salesforce is offering its Identity service free (with caveats) to existing Salesforce users. That’s a huge built-in customer base. Given that the market for these services is thought to be in its infancy, Salesforce has a major leg up when competing against the startups for the many companies that will be interested in cloud identity management services.
Companies that aren’t already using Salesforce and don’t plan to can still use the Identity service. It’ll cost them $5 per user per month and includes single sign-on, Chatter, user and access management tools, multi-factor authentication, reporting and dashboards, a customizable login page, the ability to offer log in via social platforms like Facebook, and mobile single sign on. For non-Salesforce customers, the pricing is in line with the competition, like OneLogin.
Salesforce may also end up competing against Microsoft, which also plans to offer its new Azure Active Directory capabilities for free when they launch later this year. Microsoft will have one advantage over Salesforce: Existing Active Directory users -- and that’s pretty much every established company out there -- will have to pay an additional $1 per user per month to integrate Active Directory with Salesforce Identity. That's whether they are an existing Salesforce customer or not.
To avoid that Microsoft tax, Salesforce Identity customers can essentially create a new directory within the Identity service. Or, stick with Microsoft and use its Azure Active Directory service.
Or, if they can look past the free price tag, businesses can look to a neutral third party. “We aren't biased and don't push a certain stack or product suite,” said Okta CEO Todd McKinnon, when asked what his company can offer that the services from Microsoft and Salesforce can’t. “We connect to legacy directories, such as Active Directory, and to more than 2,500 applications, both in the cloud and behind the firewall. Identity management is all we do at Okta.”
Companies like Okta will have to prove that they offer bells and whistles that customers need and that the big guys aren’t offering.
Salesforce, however, has a few of its own unique angles. For instance, Chatter comes with its Identity service.
Salesforce has another unique twist for existing Salesforce.com users. In a demo Salesforce offered to CITEworld, it showed a sign-in page that the Sierra Club, an early customer, plans to offer for its members to log in to a special section of its web site. Members have the option of signing in through various social media platforms, including Facebook or Google. If they do, information that they might have stored in that social media platform, like an email address, gets harvested and stored in Salesforce.
Any time a site uses Facebook for sign on they typically harvest that kind of info but sending it directly to Salesforce makes it that much easier for an organization like Sierra Club to reach out to members.
Ultimately it will be unique capabilities like those that will sway businesses one way or the other. With the big names like Salesforce and Microsoft just getting into this market and with so few companies already using these kinds of cloud identity and access management services, there are sure to be some competitive battles worth watching.