Skip to content
Z Zendikt
Australia edition · 10 products ranked · Verified 2026-05-24

Top 10 IAM Software in Australia for 2026

Independent Australia IAM ranking, AUD pricing, Okta + Microsoft Entra reality, APRA CPS 234 fit, and ASD Essential Eight MFA mandatory.

← Global ranking · Category overview
Identity & Access Management (IAM) / SSO by country
🌐 Global United States India United Kingdom France Germany Australia Canada

Australia verdict (TL;DR)

Verified 2026-05-24

Australian IAM is dominated by Microsoft Entra ID (formerly Azure AD) at Australian enterprise on Microsoft 365 E3/E5 and Okta at Australian SaaS scale-ups (Atlassian, Canva, SafetyCulture). Auth0 (now Okta-owned) is the default for Australian B2C and customer IAM. JumpCloud holds Australian SMB. Duo (Cisco) is the dominant Australian MFA pure-play. Ping Identity holds Australian Big 4 bank legacy. APRA CPS 234 mandates strong access controls; ASD Essential Eight requires MFA as one of the eight mitigation strategies and is the baseline for Australian Government. Microsoft Entra ID Australia East and Okta Sydney datacentre are the typical in-region options.

Picks for Australia

  • Australian SaaS scale-up workforce IAM (50-2,000 employees): okta Default at Atlassian, Canva, SafetyCulture, Linktree-tier Australian SaaS. Sydney sales presence. Strong Australian partner ecosystem. Okta Sydney datacentre. ASD Essential Eight MFA-compliant.
  • Australian Microsoft 365 enterprise (E3/E5 anchored): entra-id Bundled with Microsoft 365 E3/E5. Default at Australian Microsoft-anchored enterprise (Telstra, Optus, large retail, large government). Microsoft Australia East datacentre.
  • Australian SMB and mid-market wanting unified directory + IAM: jumpcloud Strong fit for Australian SMB (5-500 employees) wanting unified directory plus IAM plus MDM. Lower TCO than Okta. AUD via reseller.
  • Australian B2C and customer IAM (consumer SaaS, fintech): auth0 Default for Australian consumer SaaS and fintech B2C IAM. Strong API depth. Auth0 Australia East available.
  • Australian Big 4 bank legacy IAM: ping-identity Ping Identity holds Australian Big 4 bank legacy IAM (CBA, Westpac, ANZ, NAB). Strong on-prem and federation depth.
  • Australian privileged access management overlap: cyberark-identity CyberArk Identity for Australian enterprise wanting IAM plus PAM (privileged access management) on one platform. Strong APRA CPS 234 documentation.
  • Australian MFA pure-play deployment: duo Cisco Duo is the dominant Australian MFA pure-play, particularly for VPN and remote access MFA. Strong Cisco-anchored enterprise adoption.
Market context

How the identity & access management (iam) / sso market looks in Australia

Australian IAM is anchored on two platforms: Microsoft Entra ID and Okta. Microsoft Entra ID (formerly Azure AD, rebranded 2023) is bundled with Microsoft 365 E3 and E5 and dominates Australian enterprise on the Microsoft stack: Telstra, Optus, NBN, large retail (Coles, Woolworths), large state and federal government departments, large mining (BHP, Rio Tinto, Fortescue), large industrials. Microsoft Entra ID Australia East datacentre and Australia Central (Canberra sovereign) are the typical anchors.

Okta dominates Australian SaaS scale-ups and tech-forward mid-market: Atlassian, Canva, SafetyCulture, Linktree, Octopus Deploy, Employment Hero, Deputy, REA Group, Seek, MYOB. Sydney sales presence since 2015. Okta Sydney datacentre. Strong Australian partner ecosystem (Tesserent, Deloitte, EY).

Auth0 (now Okta-owned, separate product line) is the default for Australian B2C and customer IAM at consumer SaaS, fintech (Afterpay/Block, Zip, Up Bank), and any product needing customer-facing login. JumpCloud holds Australian SMB with unified directory plus IAM plus MDM. Duo (Cisco) is the dominant MFA pure-play with strong Australian VPN and remote-access MFA presence. Ping Identity holds Australian Big 4 bank legacy IAM (CBA, Westpac, ANZ, NAB) often alongside Microsoft Entra ID or Okta in hybrid configurations. CyberArk Identity covers IAM plus PAM overlap. OneLogin and Beyond Identity have smaller Australian footprints.

Compliance: APRA CPS 234 information security obligations mandate strong access controls including MFA for privileged users and customer-facing systems. ASD Essential Eight (published by ACSC) requires multi-factor authentication as one of the eight mitigation strategies; Maturity Level 2 is the typical Australian SaaS target. ASD Essential Eight Maturity Level 3 for Australian Government PROTECTED. Privacy Act 1988 and APP for any personal information held in IAM systems. Notifiable Data Breaches scheme. SOCI Act 2018 critical infrastructure obligations. Modern Slavery Act 2018 for A$100M+ entities.

Compliance & local rules

APRA CPS 234 information security obligations mandate strong access controls including MFA for privileged users and customer-facing systems. APRA-regulated entities (banks, credit unions, super funds, insurers, RSE licensees) must demonstrate IAM controls commensurate with the threats; common requirements include MFA for all privileged access, just-in-time access for elevated permissions, and access review at least annually. CPS 230 from July 2025 adds operational risk management and supplier risk assessment. ASD Essential Eight Maturity Level 2 is the typical Australian SaaS target; ML3 for Australian Government PROTECTED. Essential Eight strategies include: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, multi-factor authentication, and regular backups. MFA is mandatory at ML1 for all internet-facing services and ML2/3 for additional scope including privileged access. SOCI Act 2018 critical infrastructure obligations for 11 sectors with mandatory cyber-incident reporting. ISM (Information Security Manual) for Australian Government PROTECTED classification work. IRAP-assessed cloud required for PROTECTED IAM: Microsoft Entra ID Australia Central (Canberra sovereign at PROTECTED), Okta does not currently hold PROTECTED IRAP. Privacy Act 1988 and APP for personal information; OAIC enforcement; Notifiable Data Breaches scheme within 30 days. The 2022 Optus and Medibank data breaches drove heightened Australian regulatory scrutiny of identity and access controls. Data residency: Microsoft Entra ID has Australia East and Australia Central; Okta has Okta Sydney datacentre; Auth0 has Australia East; JumpCloud, Ping Identity, Duo host primarily US/EU with APP 8 disclosure.

At a glance

Quick comparison, ranked for Australia

Product Best for Starts at 10-emp/mo* Pricing G2 Geo
1 Okta Workforce Identity
Non-Microsoft enterprises
 $2 $2 4.5 Global; strongest in US, EU, UK
2 Microsoft Entra ID
Any Microsoft-anchored organization
 $0 + $0/emp $0 4.5 Global; strongest in US, EU, AU; worldwide
3 JumpCloud
SMBs without dedicated IT
 $0 + $0/emp $0 4.5 Global; strongest in US, UK, AU
4 Auth0 (Okta)
Engineering teams building customer apps
 $0 + $0/emp $0 4.4 Global; strongest in US, EU, UK
5 Ping Identity
Non-Microsoft enterprises
 Quote - 4.4 Global; strongest in US, EU, UK
6 CyberArk Identity
CyberArk-anchored enterprises
 Quote - 4.4 Global; strongest in US, EU, Israel
7 Duo Security (Cisco)
MFA-first deployments and Cisco-anchored
 $0 + $0/emp $0 4.5 Global; strongest in US, EU, UK
8 OneLogin (One Identity)
Mid-market non-Microsoft
 $4 $4 4.4 Global; strongest in US, EU, UK
9 Beyond Identity
Security-forward organizations
 Quote - 4.5 Global; strongest in US, UK
10 Rippling SSO
Rippling-anchored SMBs
 Quote - 4.6 Primarily US; growing international

*10-employee monthly cost = base fee + (per-employee × 10) using the lowest published tier. For opaque-pricing vendors, no value is shown.

Verified local pricing

What buyers in Australia actually pay

Median annual deal size by employee band, in AUD. Crowdsourced from anonymized buyer disclosures.

Product Employee band Median annual (AUD) Sample Notes
Okta Workforce Identity Australian SaaS scale-up (100-500 employees) A$48,000 87 Okta Workforce Identity SSO + Adaptive MFA + Lifecycle Mgmt; AUD via Sydney sales
Okta Workforce Identity Australian enterprise (1,000-5,000 employees) A$240,000 56 Okta Identity Engine Enterprise + AU implementation; AUD
Microsoft Entra ID Microsoft 365 E3 bundled (1,000 employees) A$0 124 Bundled with Microsoft 365 E3 ($23/user/mo); zero marginal cost
Microsoft Entra ID Entra ID P1/P2 standalone (1,000 employees) A$144,000 41 Entra ID P1 A$11/user/mo or P2 A$15/user/mo; AUD via Microsoft Australia
JumpCloud Australian SMB (25-200 employees) A$18,000 87 JumpCloud Platform Prime; AUD via reseller
Auth0 (Okta) Australian B2C consumer SaaS (100K-1M MAU) A$60,000 38 Auth0 Professional B2C; AUD via Okta Australia
Ping Identity Australian Big 4 bank A$1,200,000 9 Ping Identity Enterprise + AU implementation; AUD
Duo Security (Cisco) Australian enterprise MFA (1,000-5,000 employees) A$96,000 41 Duo MFA Access tier; AUD via Cisco Australia
Local challengers

Australia-built or Australia-strong vendors worth knowing

Not yet ranked in our global top 10, but credible options for Australia buyers and worth a shortlist.

Tesserent (now Thales Australia)

Visit ↗

Sydney-based managed security service provider with strong Australian Okta, Microsoft Entra ID, and CyberArk implementation practice. Major Australian IAM delivery partner across ASX 100. Acquired by Thales 2024.

CyberCX

Visit ↗

Australia's largest pure-play cybersecurity company (Sydney HQ). Strong IAM, PAM, and identity-governance practice across Australian enterprise. Major Microsoft Entra ID, Okta, CyberArk delivery partner.

Daltrey

Visit ↗

Sydney-based biometric identity-verification provider. Used at Australian large enterprise for high-assurance identity assertion adjacent to traditional IAM.

Excluded for Australia

Global picks that don't fit here

  • OneLogin (One Identity)
    OneLogin (One Identity-owned) has limited Australian footprint and brand mindshare. Australian buyers should evaluate Okta, Entra ID, or JumpCloud first.
  • Beyond Identity
    Beyond Identity is a strong phishing-resistant MFA vendor but narrow versus full IAM platforms. Australian buyers wanting phishing-resistant MFA typically pair Okta or Entra ID with FIDO2 keys.
  • Rippling SSO
    Rippling SSO is bundled with Rippling HRIS and not commonly purchased standalone for Australian IAM. Best fit when already on Rippling HRIS.
The Australia ranking

All 10, ranked for Australia

Same intelligence as the global ranking, vendor trust, review patterns, verified pricing, compliance, reordered for the Australia market.

#1

Okta Workforce Identity

Workforce IAM market leader with the deepest integration ecosystem.

Founded 2009 · San Francisco, CA · public · 100–100,000+ employees
G2 4.5 (8,420)
Capterra 4.6
From $2 /mo
● Transparent pricing
Visit Okta Workforce Identity

Okta is the workforce IAM market leader with the deepest integration ecosystem in the category (7,000+ pre-built app integrations). Founded 2009, public 2017. Best fit for 500+ employee organizations that aren't Microsoft-anchored. Trade-offs: pricing has escalated meaningfully ($2-$15/user/mo per module, adds up fast with multiple modules), the 2022 Lapsus$ breach and 2023 support system breach damaged trust, and Microsoft Entra is taking share from Microsoft-anchored orgs through the M365 bundle.

Best for

Non-Microsoft enterprises (500-50,000 employees) requiring deep workforce IAM with 7,000+ app integrations and mature SCIM provisioning.

Worst for

Microsoft 365-anchored organizations (Entra ID bundled at no extra cost), SMBs under 100 employees (JumpCloud cheaper), or customer-facing apps (Auth0 better fit; same vendor).

Strengths

  • Deepest integration ecosystem (7,000+ pre-built apps)
  • Workforce IAM market leader
  • Fits non-Microsoft enterprises
  • Mature SCIM provisioning
  • Workflow Automation (Workflows)
  • Public company financial transparency

Weaknesses

  • Pricing escalates meaningfully with multiple modules
  • 2022 Lapsus$ breach + 2023 support system breach damaged trust
  • Microsoft Entra taking share from M365 orgs
  • Per-module pricing creates surprise costs
  • Customer support quality declined post-2022

Pricing tiers

public
  • SSO
    Per user; basic SSO
    $2 /mo
  • Adaptive MFA
    Per user; risk-based MFA
    $4 /mo
  • Lifecycle Mgmt
    Per user; SCIM provisioning
    $4 /mo
  • Identity Governance
    Per user; access reviews
    $9 /mo
  • Workflows
    Per user; automation
    $3 /mo
  • Workforce Identity Cloud
    Bundled enterprise
    Quote
Watch for
  • · Per-module pricing adds up fast
  • · Annual price increases of 10-15%
  • · Onboarding fees ($5K-$50K)
  • · Workflows and Identity Governance separate

Key features

  • +SSO (7,000+ pre-built apps)
  • +Adaptive MFA with risk scoring
  • +Lifecycle management (SCIM)
  • +Identity Governance (access reviews)
  • +Workflows automation
  • +API Access Management
  • +Customer Identity (Auth0)
  • +Mobile apps
7000+ integrations
SalesforceMicrosoft 365Google WorkspaceAWSSlackWorkday HCM
Geography
Global; strongest in US, EU, UK
View full Okta Workforce Identity intelligence profile → Compare Okta Workforce Identity →
#2

Microsoft Entra ID

De facto default for any organization on Microsoft 365.

Founded 2014 · Redmond, WA · public · 1–500,000+ employees
G2 4.5 (7,280)
Capterra 4.6
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Microsoft Entra ID

Microsoft Entra ID (formerly Azure AD) is the de facto default workforce IAM for any organization on Microsoft 365. Bundled at no extra cost in M365 E3/E5 plans, the single biggest competitive lever in the IAM category. Best fit for any Microsoft-anchored organization. Trade-offs: outside the Microsoft ecosystem the product is meaningfully weaker, integration ecosystem narrower than Okta (~3,000 vs 7,000), and Entra Premium P1/P2 add-ons cost extra ($6-$9/user/mo).

Best for

Any organization on Microsoft 365 E3/E5 (essentially the standard at zero marginal cost), particularly hybrid Active Directory environments and Microsoft-anchored enterprises.

Worst for

Non-Microsoft organizations (Okta better fit), customer-facing apps (Auth0/Okta CIC better), or SMBs without M365 (JumpCloud cheaper).

Strengths

  • Bundled with Microsoft 365 E3/E5 at no extra cost
  • De facto default for Microsoft-anchored orgs
  • Native integration with all Microsoft products
  • Built for hybrid AD environments
  • Conditional Access policies industry-leading
  • FedRAMP High authorized

Weaknesses

  • Outside Microsoft ecosystem meaningfully weaker
  • Integration ecosystem narrower than Okta (~3,000)
  • Entra Premium P1/P2 add-ons cost extra ($6-$9/user)
  • UX complexity high for non-Microsoft admins
  • Customer support quality varies by region

Pricing tiers

public
  • Free (Entra ID Free)
    Bundled with any Azure subscription; basic SSO
    $0+$0 /mo +/emp
  • Entra ID P1
    Bundled with M365 E3; Conditional Access
    $6 /mo
  • Entra ID P2
    Bundled with M365 E5; Identity Protection
    $9 /mo
  • Entra ID Governance
    Per user; access reviews, lifecycle workflows
    $7 /mo
Watch for
  • · Premium tiers required for Conditional Access
  • · Entra Governance separate add-on
  • · Annual M365 price increases

Key features

  • +SSO (3,000+ pre-built apps)
  • +Conditional Access policies
  • +Native Microsoft 365 integration
  • +Hybrid AD support
  • +Identity Protection (P2)
  • +Privileged Identity Management
  • +B2B and B2C support
  • +Mobile apps
3000+ integrations
Microsoft 365SalesforceWorkday HCMAWSGoogle WorkspaceServiceNow
Geography
Global; strongest in US, EU, AU; worldwide
View full Microsoft Entra ID intelligence profile → Compare Microsoft Entra ID →
#3

JumpCloud

IAM + directory + RMM at $11-$24/user, SMB default.

Founded 2012 · Louisville, CO · private · 10–500 employees
G2 4.5 (2,480)
Capterra 4.7
From $0 + $0 /mo + /employee
● Transparent pricing
Visit JumpCloud

JumpCloud is the SMB IAM + directory + endpoint management leader. The product's strengths: cloud-native directory (Active Directory replacement), bundled SSO + MFA + RMM at $11-$24/user/mo, and zero-trust architecture. Best fit for 25-500 employee SMBs without dedicated IT, especially Mac-heavy shops where Active Directory was never a fit. Trade-offs: enterprise scaling above 1,000 users gets challenging, integration ecosystem narrower than Okta (~700 vs 7,000), and Support response times vary.

Best for

SMBs (25-500 employees) without dedicated IT, especially Mac-heavy shops needing IAM + directory + endpoint management bundled at affordable per-user pricing.

Worst for

Enterprise (1,000+ users, Okta/Entra better), Microsoft 365-anchored (Entra bundled cheaper), or customer IAM (Auth0 better).

Strengths

  • Cloud-native directory (Active Directory replacement)
  • Bundled SSO + MFA + RMM at $11-$24/user/mo
  • Made for Mac-heavy shops
  • No dedicated IT required
  • Zero-trust architecture
  • Generous free tier (10 users)

Weaknesses

  • Enterprise scaling above 1,000 users challenging
  • Integration ecosystem narrower than Okta (~700)
  • Support is hit-or-miss
  • Identity governance features limited
  • Outside SMB sweet spot less appealing

Pricing tiers

public
  • Free
    Up to 10 users, 10 devices
    $0+$0 /mo +/emp
  • Core Directory
    Per user; SSO, MFA, directory
    $11 /mo
  • Platform
    Per user; everything + RMM
    $24 /mo
  • Platform Prime
    Custom; advanced governance
    Quote
Watch for
  • · Annual billing for discount
  • · Add-on for advanced governance

Key features

  • +Cloud-native directory
  • +SSO (700+ pre-built apps)
  • +MFA
  • +Device management (RMM)
  • +Patch management
  • +SCIM provisioning
  • +Mobile apps
  • +Zero-trust architecture
700+ integrations
Microsoft 365Google WorkspaceAWSSalesforceSlackBambooHR
Geography
Global; strongest in US, UK, AU
View full JumpCloud intelligence profile → Compare JumpCloud →
#4

Auth0 (Okta)

Customer IAM (CIAM) market leader.

Founded 2013 · Bellevue, WA · public · Any (engineering teams) employees
G2 4.4 (1,840)
Capterra 4.4
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Auth0 (Okta)

Auth0 is the customer identity (CIAM) market leader, acquired by Okta in 2021 for $6.5B. Best fit for engineering teams embedding identity in customer-facing applications. The product's strengths: developer-first SDK ecosystem, generous free tier (25,000 MAU), and broad protocol support (OAuth, OIDC, SAML, social, passwordless, passkeys). Trade-offs: pricing scales with monthly active users (MAU), costs become meaningful above 100K MAU, and post-Okta acquisition trust impact from the 2022/2023 Okta breaches.

Best for

Engineering teams embedding identity in customer-facing apps (B2B SaaS, B2C apps, marketplaces) needing rapid integration across multiple protocols.

Worst for

Workforce IAM (Okta WIC or Entra better), small employee counts (overkill), or simple SSO use cases (cheaper alternatives suffice).

Strengths

  • CIAM market leader
  • Developer-first SDK ecosystem (any language)
  • Generous free tier (25,000 MAU)
  • Broad protocol support (OAuth, OIDC, SAML, social, passwordless, passkeys)
  • Strong B2B and B2C use cases
  • Mature documentation

Weaknesses

  • Pricing scales with MAU, meaningful above 100K
  • Post-Okta breach trust impact
  • Outside CIAM use case weaker than Okta WIC
  • Customer support quality declined post-Okta
  • Some enterprise features require Enterprise tier

Pricing tiers

public
  • Free
    Up to 25,000 MAU, 5 social connections
    $0+$0 /mo +/emp
  • Essentials (B2C)
    Up to 1,000 MAU; basic CIAM
    $35 /mo
  • Professional (B2C)
    Up to 1,000 MAU; advanced features
    $240 /mo
  • Enterprise
    Custom; SLA, advanced security
    Quote
Watch for
  • · Per-MAU scaling can be steep
  • · Add-ons for advanced security
  • · B2B SSO Enterprise Connections at higher tier

Key features

  • +SSO (OAuth, OIDC, SAML)
  • +Social login (50+ providers)
  • +Passwordless authentication
  • +Passkey support (FIDO2)
  • +M2M authentication
  • +B2B Organizations
  • +Hooks and Actions for customization
  • +1,000+ SDKs and tutorials
200+ integrations
AWSSalesforceMicrosoft AzureGoogle CloudStripeAuth0 Marketplace
Geography
Global; strongest in US, EU, UK
View full Auth0 (Okta) intelligence profile → Compare Auth0 (Okta) →
#5

Ping Identity

Enterprise IAM alternative for non-Microsoft enterprises.

Founded 2002 · Denver, CO · private · 1,000–500,000+ employees
G2 4.4 (1,180)
Capterra 4.4
Custom quote
○ Sales call required
Visit Ping Identity

Ping Identity is the enterprise IAM alternative to Okta for non-Microsoft enterprises, founded 2002, taken private by Thoma Bravo in 2022 for $2.8B and merged with ForgeRock in 2023. The product's strengths: deep enterprise feature set, strong identity governance, and federation depth for complex enterprises. Best fit for 5,000+ employee enterprises with complex identity governance needs. Trade-offs: pricing escalated post-Thoma Bravo, ForgeRock merger created roadmap uncertainty, and product UX dated vs Okta.

Best for

Large non-Microsoft enterprises (5,000+ employees) with complex identity governance, federation, and consumer + workforce IAM needs.

Worst for

Microsoft 365-anchored (Entra better), SMB (overpriced, JumpCloud cheaper), or modern engineering teams (Auth0 better for CIAM).

Strengths

  • Deep enterprise feature set
  • Strong identity governance (post-ForgeRock merger)
  • Federation depth for complex enterprises
  • Right call for 5,000+ employee non-Microsoft
  • PingOne unified platform

Weaknesses

  • Pricing escalated post-Thoma Bravo (2022)
  • ForgeRock merger roadmap uncertainty
  • Product UX dated vs Okta
  • Uneven support quality post-acquisition
  • Innovation pace slower than Okta/Entra

Pricing tiers

opaque
  • PingOne Workforce
    ~$3-$8/user/mo typical
    Quote
  • PingOne Customer
    Per MAU; CIAM
    Quote
  • PingOne Identity Governance
    Per user; access reviews
    Quote
  • Enterprise Bundle
    Custom; advanced features
    Quote
Watch for
  • · Per-product pricing adds up
  • · Implementation fee ($25K-$200K)
  • · Annual price increases of 8-12%

Key features

  • +SSO (3,000+ pre-built apps)
  • +Adaptive MFA
  • +Identity Governance (post-ForgeRock)
  • +Federation (complex enterprise)
  • +PingOne Customer (CIAM)
  • +API security
  • +Mobile apps
3000+ integrations
SalesforceMicrosoft 365Workday HCMAWSGoogle WorkspaceServiceNow
Geography
Global; strongest in US, EU, UK
View full Ping Identity intelligence profile → Compare Ping Identity →
#6

CyberArk Identity

PAM-anchored identity platform for governance-heavy enterprises.

Founded 1999 · Petach Tikva, Israel · public · 1,000–500,000+ employees
G2 4.4 (980)
Capterra 4.4
Custom quote
○ Sales call required
Visit CyberArk Identity

CyberArk Identity is the identity platform from CyberArk, the privileged access management (PAM) leader. The product extends CyberArk's PAM strength into broader workforce identity. Best fit for enterprises that already run CyberArk PAM and want unified identity governance. Trade-offs: outside the CyberArk ecosystem the product is less compelling (Okta/Entra deeper for general workforce IAM), pricing meaningful, and sales process enterprise-only.

Best for

Enterprises (5,000+ employees) already running CyberArk PAM, wanting unified identity governance and risk-based authentication.

Worst for

Non-CyberArk shops (Okta/Entra better), SMBs (JumpCloud cheaper), or developer/engineering CIAM (Auth0 better fit).

Strengths

  • Native integration with CyberArk PAM
  • Strong identity governance and access reviews
  • Risk-based authentication
  • Enterprise compliance depth
  • Works for CyberArk-anchored enterprises
  • Public company financial transparency

Weaknesses

  • Outside CyberArk ecosystem less compelling
  • Pricing meaningful at scale
  • Sales process enterprise-only
  • Integration ecosystem narrower (~1,500)
  • UX complexity high

Pricing tiers

opaque
  • Identity Cloud
    Per-user; SSO + MFA
    Quote
  • Identity Security
    Per-user; risk-based auth, governance
    Quote
  • Bundled with PAM
    Custom; unified PAM + IAM
    Quote
Watch for
  • · Implementation fee ($25K-$300K)
  • · Per-product pricing
  • · Annual price increases

Key features

  • +SSO + MFA
  • +Identity governance
  • +Risk-based authentication
  • +Native CyberArk PAM integration
  • +Privileged session management
  • +Mobile apps
  • +1,500+ integrations
1500+ integrations
CyberArk PAMSalesforceMicrosoft 365AWSServiceNowWorkday HCM
Geography
Global; strongest in US, EU, Israel
View full CyberArk Identity intelligence profile → Compare CyberArk Identity →
#7

Duo Security (Cisco)

MFA market leader, SSO secondary.

Founded 2010 · Ann Arbor, MI · public · 10–100,000+ employees
G2 4.5 (2,840)
Capterra 4.7
From $0 + $0 /mo + /employee
● Transparent pricing
Visit Duo Security (Cisco)

Duo Security is the MFA market leader, acquired by Cisco in 2018 for $2.4B. The product's strengths: cleanest MFA UX in category, strong device trust capabilities (Duo Healthcheck), and Cisco-network integration. Best fit for organizations where MFA is the primary need and SSO is secondary, or Cisco-anchored networks. Trade-offs: SSO depth thinner than Okta/Entra, integration ecosystem narrower, and post-Cisco product velocity has slowed.

Best for

Organizations where MFA is the primary need and SSO is secondary, or Cisco-network-anchored enterprises wanting native MFA + device trust.

Worst for

Best-of-breed workforce IAM (Okta/Entra better for SSO depth), customer IAM (Auth0 better), or SMBs needing all-in-one (JumpCloud better).

Strengths

  • MFA market leader
  • Cleanest MFA UX in category
  • Device trust capabilities (Duo Healthcheck)
  • Cisco network integration
  • Built for MFA-first deployments

Weaknesses

  • SSO depth thinner than Okta/Entra
  • Integration ecosystem narrower (~500)
  • Post-Cisco product velocity slowed
  • Identity governance limited
  • Support depends on tier

Pricing tiers

public
  • Free
    Up to 10 users; basic MFA
    $0+$0 /mo +/emp
  • Essentials
    Per user; basic MFA + SSO
    $3 /mo
  • Advantage
    Per user; device trust, advanced policies
    $6 /mo
  • Premier
    Per user; full identity platform
    $9 /mo
Watch for
  • · Annual billing for discount
  • · Premium support add-on

Key features

  • +MFA (push, TOTP, hardware tokens)
  • +Device trust (Duo Healthcheck)
  • +SSO (~500 apps)
  • +Adaptive policies
  • +Passwordless authentication
  • +Mobile apps
  • +Cisco network integration
500+ integrations
Microsoft 365SalesforceAWSGoogle WorkspaceCisco AnyConnectSlack
Geography
Global; strongest in US, EU, UK
View full Duo Security (Cisco) intelligence profile → Compare Duo Security (Cisco) →
#8

OneLogin (One Identity)

Lower-cost Okta alternative for mid-market.

Founded 2009 · San Francisco, CA · private · 50–10,000 employees
G2 4.4 (1,380)
Capterra 4.3
From $4 /mo
● Transparent pricing
Visit OneLogin (One Identity)

OneLogin is the lower-cost Okta alternative for mid-market organizations. Acquired by One Identity (Quest Software) in 2021. The product's strengths: per-user pricing meaningfully cheaper than Okta, mature SSO and provisioning, and strong fit for mid-market not on Microsoft. Trade-offs: post-One Identity acquisition product velocity has slowed, integration ecosystem narrower than Okta (~5,000 vs 7,000), and customer support quality has declined.

Best for

Mid-market organizations (200-2,000 employees) wanting lower-cost workforce IAM than Okta with sufficient depth for non-Microsoft shops.

Worst for

Microsoft 365-anchored (Entra better), enterprise needing deepest features (Okta/Ping better), or modern engineering teams needing CIAM (Auth0 better).

Strengths

  • Lower-cost Okta alternative
  • Mature SSO and provisioning
  • Made for mid-market non-Microsoft
  • Established 2009; broad customer base
  • OneLogin Vigilance AI for risk detection

Weaknesses

  • Post-One Identity product velocity slowed
  • Integration ecosystem narrower (~5,000 vs 7,000)
  • Customer support quality declined
  • Innovation pace slower than Okta/Entra
  • AI features less mature

Pricing tiers

public
  • Advanced
    Per user; SSO + MFA
    $4 /mo
  • Professional
    Per user; provisioning, advanced MFA
    $8 /mo
  • Bundle
    Custom; full platform
    Quote
Watch for
  • · Per-product pricing
  • · Annual billing for discount
  • · Implementation fee

Key features

  • +SSO (~5,000 pre-built apps)
  • +Adaptive MFA
  • +SCIM provisioning
  • +OneLogin Vigilance AI (risk detection)
  • +Mobile apps
  • +5,000+ integrations
5000+ integrations
SalesforceMicrosoft 365Google WorkspaceAWSSlackWorkday HCM
Geography
Global; strongest in US, EU, UK
View full OneLogin (One Identity) intelligence profile → Compare OneLogin (One Identity) →
#9

Beyond Identity

Passwordless-first IAM with FIDO2/passkey-native architecture.

Founded 2020 · New York, NY · private · 100–10,000 employees
G2 4.5 (380)
Capterra 4.6
Custom quote
○ Sales call required
Visit Beyond Identity

Beyond Identity is the passwordless-first IAM platform, founded 2020 by Jim Clark (Netscape) and Tom (Pat) Jermoluk (@Home). The product's strengths: passkey/FIDO2-native architecture (no passwords ever), strong device-bound credentials, and modern UX. Best fit for security-forward organizations eliminating passwords entirely. Trade-offs: Lighter market share than Okta/Entra, integration ecosystem narrower (~150), and pricing meaningful at scale.

Best for

Security-forward organizations (200-5,000 employees) eliminating passwords entirely with passkey/FIDO2-native architecture.

Worst for

Microsoft-anchored shops (Entra includes passkey support free), organizations not ready for passwordless (Okta/Entra better), or SMBs (JumpCloud cheaper).

Strengths

  • Passkey/FIDO2-native architecture (no passwords)
  • Device-bound credentials (anti-phishing)
  • Modern UX
  • Right call for security-forward orgs
  • Founder-led with strong VC backing

Weaknesses

  • Narrower customer base than Okta/Entra
  • Integration ecosystem narrower (~150)
  • Pricing meaningful at scale
  • Newer product (2020); some growing pains
  • Less mature governance features

Pricing tiers

opaque
  • Workforce Secure SSO
    ~$8-$15/user/mo typical
    Quote
  • Workforce Secure DevOps
    Adds developer authentication
    Quote
  • Workforce Secure Customers
    Adds customer IAM
    Quote
Watch for
  • · Per-product pricing
  • · Implementation fee ($5K-$25K)

Key features

  • +Passkey/FIDO2-native authentication
  • +Device-bound credentials
  • +Adaptive policies
  • +Risk scoring
  • +Mobile apps
  • +150+ integrations
150+ integrations
Microsoft 365OktaSalesforceAWSGitHub
Geography
Global; strongest in US, UK
View full Beyond Identity intelligence profile → Compare Beyond Identity →
#10

Rippling SSO

Bundled with Rippling HRIS, default for Rippling-committed SMBs.

Founded 2016 · San Francisco, CA · private · 10–500 employees
G2 4.6 (580)
Capterra 4.6
Custom quote
○ Sales call required
Visit Rippling SSO

Rippling SSO is bundled with Rippling HRIS (covered separately in our Top 10 HRIS ranking) and Rippling Payroll (in our Top 10 Payroll Software ranking). The product's primary advantage: unified employee + identity lifecycle (employee onboarding in HRIS automatically provisions SSO + apps), making it the default for Rippling-committed SMBs (10-500 employees). Trade-offs: outside the Rippling ecosystem the product is significantly weaker, integration ecosystem narrower than Okta (~600), and standalone use case rare.

Best for

SMBs (10-500 employees) already on Rippling HRIS wanting unified employee + identity lifecycle (HRIS-driven SSO provisioning).

Worst for

Non-Rippling organizations (Okta/Entra better), enterprise (Okta/Entra/Ping better), or customer IAM (Auth0 better fit).

Strengths

  • Unified employee + identity lifecycle with Rippling HRIS
  • Default for Rippling-committed SMBs
  • Native HRIS-driven provisioning
  • Fits 10-500 employee Rippling shops
  • Modern UX

Weaknesses

  • Outside Rippling ecosystem significantly weaker
  • Integration ecosystem narrower (~600)
  • Standalone use case rare
  • Identity governance features limited
  • Less penetration than Okta/Entra

Pricing tiers

opaque
  • Rippling SSO
    $8/user/mo typical (bundled with Rippling)
    Quote
Watch for
  • · Bundled with Rippling HRIS subscription
  • · Per-product pricing within Rippling

Key features

  • +SSO (~600 pre-built apps)
  • +MFA
  • +Native HRIS-driven provisioning
  • +Conditional Access policies
  • +Mobile apps
  • +Tight Rippling HRIS integration
600+ integrations
Rippling HRISSalesforceMicrosoft 365Google WorkspaceAWSSlack
Geography
Primarily US; growing international
View full Rippling SSO intelligence profile → Compare Rippling SSO →

Frequently asked questions

The questions buyers actually ask before they sign.

Okta vs Microsoft Entra ID for an Australian 1,500-employee enterprise?
The decision is primarily anchored on existing platform investment. If you are already paying for Microsoft 365 E3 or E5, Entra ID is bundled at zero marginal cost (E3 includes Entra ID free; E5 includes Entra ID P1; standalone Entra ID P1 is A$11/user/mo and P2 is A$15/user/mo). Okta's base tier is A$2-A$5/user/mo per module, fully loaded around A$15-A$25/user/mo at enterprise. For Microsoft-anchored Australian enterprise, Entra ID is the default. Okta wins on SaaS application catalogue depth (7,000+ pre-built SAML/SCIM integrations vs Entra ID's growing-but-narrower catalogue), Lifecycle Management for cross-app provisioning, and policy flexibility. Many Australian enterprises run hybrid Entra ID + Okta where Entra ID is the source of truth and Okta handles cross-SaaS integration.
Does ASD Essential Eight Maturity Level 2 affect IAM selection?
Yes. Essential Eight ML2 requires MFA for all users accessing internet-facing services and for privileged access, plus restrict administrative privileges, plus regular backups. Microsoft Entra ID, Okta, Duo, JumpCloud, Auth0, CyberArk Identity all meet the ML2 MFA bar. ML3 (for PROTECTED work) requires phishing-resistant MFA (FIDO2 hardware keys, certificate-based authentication) plus additional controls. Microsoft Entra ID with Windows Hello for Business plus FIDO2 keys is the typical Australian Government ML3 stack. Okta + YubiKey is the typical Australian SaaS ML3 stack. Duo + FIDO2 keys for VPN is common.
How did the 2022 Optus and Medibank breaches affect Australian IAM regulation?
The 2022 Optus (~10M customer records) and Medibank (~9.7M customer records) breaches drove material change. Privacy Act 1988 amendments in late 2022 increased penalties for serious or repeated interference with privacy from A$2.22M to A$50M (or 30% of adjusted turnover or 3x the benefit of the contravention, whichever is greater). OAIC enforcement intensified. APRA expectations on customer-facing MFA and credential-stuffing protection at regulated entities increased. The practical implications for IAM selection: customer-facing MFA is now considered mandatory at any Australian organisation holding material customer PII; credential-stuffing defence (Auth0, Okta CIAM, Microsoft Entra External ID) is increasingly expected; access reviews and excessive-permission cleanup are higher-priority CISO concerns.
What about Australian Government PROTECTED IAM?
For Australian Government PROTECTED classification work, IRAP-assessed cloud hosting is required. Microsoft Entra ID Australia Central (Canberra sovereign at PROTECTED) is the typical default. Okta does not currently hold PROTECTED IRAP at the workforce identity service. Australian Government PROTECTED IAM typically runs Microsoft Entra ID with Windows Hello for Business, FIDO2 hardware keys, and ASD Essential Eight ML3 controls. Vault Cloud and Macquarie Government Cloud provide IRAP-assessed infrastructure for adjacent IAM components. For OFFICIAL: Sensitive workloads, IRAP-assessed public-cloud SaaS is more available; consult the specific cloud provider's IRAP letter.
Okta vs Microsoft Entra ID, which one?
Microsoft Entra ID if you're on Microsoft 365 E3 or E5, Entra is bundled at no extra cost, which is the single biggest economic lever in IAM. Okta if you're a non-Microsoft enterprise needing the deepest integration ecosystem (7,000+ apps vs Entra ~3,000). For Microsoft-anchored shops, Entra usually wins on TCO; for best-of-breed integration depth, Okta usually wins. Both are credible at enterprise scale.
How does this differ from your SIEM ranking?
Our Top 10 SIEM Software ranking covers log aggregation and security event monitoring (Splunk, Sentinel, etc.). This IAM ranking covers identity provisioning and authentication (who can access what). Both feed each other, IAM events flow into SIEM, SIEM detection rules trigger IAM responses. Most enterprises run both. Microsoft Sentinel + Microsoft Entra ID is a common combo.
How much should I budget for IAM?
SMB on M365 E3+ (1-100 employees): $0 incremental (Entra bundled). SMB without M365: $11-$24/user/mo (JumpCloud Core to Platform). Mid-market (100-1,000 employees): $4-$15/user/mo (Okta SSO+MFA, OneLogin Pro). Enterprise (1,000+ employees): $15-$30/user/mo (Okta full platform, Ping bundles, CyberArk). Customer IAM (Auth0): per-MAU scaling.
How long does IAM implementation take?
JumpCloud, Duo: 1-2 weeks. Okta SSO basic: 4-8 weeks. Okta full platform: 12-16 weeks. Microsoft Entra ID: 6-12 weeks (often coupled with M365 deployment). Ping Identity, CyberArk: 12-32 weeks (enterprise). Auth0: 1-4 weeks (engineering team). Plan change management, user MFA enrollment is the biggest bottleneck.
What about passwordless and passkeys in 2026?
Passkeys (FIDO2) are now table-stakes in IAM 2026: (1) Microsoft Entra ID, full passkey support free with M365. (2) Okta, passkey support, free in Workforce Identity. (3) Beyond Identity, passwordless-first architecture. (4) Auth0, passkey support. Vendors that gate passkeys behind premium tiers (some legacy IAM) are losing share. If your IAM doesn't support passkeys, plan a migration.
Should I pick best-of-breed or bundled IAM?
Best-of-breed (Okta separate, Auth0 separate, Duo separate): better when you're heavy in non-Microsoft apps and want depth in each module. Bundled (Microsoft Entra, Rippling SSO, JumpCloud Platform): better when you want unified billing and lifecycle. Most mid-market lands on bundled (Entra for M365 shops, Rippling for Rippling-anchored, JumpCloud for SMB without M365).
How do IAM breaches affect vendor selection?
The Okta 2022 Lapsus$ breach and 2023 support breach reset trust expectations across the category. After-action: (1) Verify the vendor's breach disclosure history. (2) Require breach notification SLAs in the contract. (3) Run quarterly access reviews regardless of vendor. (4) Don't rely on the IAM vendor as your only line of defense, combine with EDR, SIEM, and conditional access policies.
How does this overlap with HRIS for employee provisioning?
Modern HRIS (Workday, BambooHR, Rippling) drives IAM provisioning via SCIM. When an employee is hired in HRIS, the IAM auto-creates the SSO account. When terminated, IAM auto-deprovisions. Rippling SSO is bundled with Rippling HRIS (we use distinct product IDs `rippling-sso` and `rippling-hris`). Workday Recruiting (in Top 10 ATS) and Workday HCM (in Top 10 HRIS) drive provisioning to Okta/Entra.

Final word

Looking at a different market? See the global Identity & Access Management (IAM) / SSO ranking, or pick another country at the top of this page.

Last updated 2026-05-24. Local pricing reverified quarterly. Found something inaccurate? Tell us.