16/09/2019 Gartner Reprint Licensed for Distribution Magic Quadrant for Access Management Published 12 August 2019 - ID G00433910 - 67 min read By Analysts Michael Kelley, Abhyuday Data, Henrique Teixeira SaaS-delivered access management has become the norm, as has advanced user authentication including MFA. AM vendors are maturing their approaches to session management, contextual and adaptive access, and API protection, which will begin to enable CARTA-aligned access management approaches. Strategic Planning Assumptions By 2022, 60% of access management (AM) implementations will leverage user and entity behavior analytics (UEBA) capabilities and other controls to provide continuous authentication, authorization and online fraud detection, up from less than 10% today. By 2022, 60% of all single sign-on (SSO) transactions will leverage modern identity protocols like SAML, OAuth2 and OIDC over proprietary approaches, up from 30% today. By 2024, the use of multifactor authentication (MFA) for application access through AM solutions will be leveraged for over 70% of all application access, up from 10% today. Market Definition/Description This document was revised on 14 August 2019. The document you are viewing is the corrected version. For more information, see the Corrections (http://www.gartner.com/technology/about/policies/current_corrections.jsp) page on gartner.com. Gartner defines the AM market as vendors providing solutions that use access control engines to provide centralized authentication, SSO, session management and authorization enforcement for target applications in multiple use cases (B2E, B2B and B2C). Adaptive and contextual authentication are core elements, as is support for modern identity protocols such as SAML, OAuth2 and OIDC. AM vendors also include API and software development kit (SDK) capabilities for integrating authentication and authorization into applications and services. Target applications may have traditional web application architectures using web browsers and web application servers, or they could be native or hybrid mobile applications, or these applications may run on things with or without human operators. Protected target systems may include web application services or APIs, and may run on customer’s premises or in the cloud. https://www.gartner.com/doc/reprints?id=1-1OE2UNB6&ct=190814&st=sb 1/40 16/09/2019 Gartner Reprint AM may also include the following functionality that are not core functions, but are maturing in AM vendors offerings: ■ Basic user self-service identity administration, such as self-service registration and profile management ■ Authentication and authorization of APIs (using OAuth/OIDC) ■ Password management ■ Basic identity synchronization to a set of target systems ■ Identity repository services ■ Social ID integration Vendors often provide SSO using some combination of proxy and agent architectures, and using standards-based identity federation. AM products and services may also support password vaulting and forwarding for target nonstandard applications that are not well supported by proxy or agent, or by federation standards. Gartner strongly recommends against using password vaulting and forwarding due to the associated risks of potential password compromise; instead, use standards-based federation when possible. AM tools support a mix of built-in or bundled user authentication capabilities and allow for third parties to integrate other authentication capabilities. AM vendors support session management and, depending on the protocols used to allow for the initiation and termination of user sessions, they also support reauthentication — step-up authentication — if policy and user, device context and risk scores require it. Built-in or bundled contextual and adaptive access capabilities have matured, as have the inclusion of analytics capabilities that use repository-held data and contextual data to trigger adaptive access policy decisions that can require trust elevation. These include requiring additional user authentication methods or requiring a process to be completed such as contacting a help center. AM vendors should also support bring your own identity (BYOI) — for example, social identity integration for purposes of registration, profile establishment, account linking (to established accounts) and user authentication,(see “Innovation Insight for Decentralized and Blockchain Identity Services”). AM Methods ESSO Enterprise SSO (ESSO),
gartner-magic-quadrant-for-access-management-august-2019
文档预览
中文文档
40 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共40页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 SC 于 2022-10-20 12:57:22上传分享