Alternatives to F5 BIG-IP Access Policy Manager
Compare F5 BIG-IP Access Policy Manager alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to F5 BIG-IP Access Policy Manager in 2026. Compare features, ratings, user reviews, pricing, and more from F5 BIG-IP Access Policy Manager competitors and alternatives in order to make an informed decision for your business.
-
1
Auth0
Okta
Auth0 takes a modern approach to Identity, providing secure access to any application, for any user. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. Auth0 is part of Okta, The World’s Identity Company™. Auth0 lets you quickly integrate authentication and authorization for web, mobile, and legacy applications, with new Fine Grained Authorization (FGA) that goes beyond role-based access control. Authenticate users across all applications with a customized, secure, and standards-based single login. Universal Login connects users to a central authorization server. Credentials aren’t transferred across sources, which boosts security and protects against phishing and credential stuffing attacks. OAuth 2.0 recommends that only external user agents (like the browser) be used by native applications for authentication flows. Auth0’s Universal Login achieves this while enabling SSO. -
2
UTunnel VPN and ZTNA
Secubytes LLC
UTunnel provides Cloud VPN, ZTNA, and Mesh Networking solutions for secure remote access and seamless network connectivity. ACCESS GATEWAY: Our Cloud VPN as a Service offers swift deployment of Cloud or On-Premise VPN servers. It utilizes OpenVPN and IPSec protocols, enables policy-based access control, and lets you deploy a Business VPN network effortlessly. ONE-CLICK ACCESS: A Zero Trust Application Access (ZTAA) solution that simplifies secure access to internal business applications. It allows users to securely access them via web browsers without the need for a client application. MESHCONNECT: This Zero Trust Network Access (ZTNA) and mesh networking solution based on WireGuard enables granular access controls to business network resources and easy creation of secure mesh networks. SITE-TO-SITE VPN: The Access Gateway solution lets you easily set up secure Site-to-Site tunnels (IPSec) between UTunnel's VPN servers and hardware network gateways, firewalls & UTM systems. -
3
Beyond Identity
Beyond Identity
Beyond Identity is fundamentally changing the way the world logs in–eliminating passwords and all phishable factors to provide users with the most secure and frictionless authentication on the planet. Our invisible, passwordless MFA platform enables companies to secure access to applications and critical data, stop ransomware and account takeover attacks, meet compliance requirements, and dramatically improve the user experience and conversion rates. Our revolutionary zero-trust approach to authentication cryptographically binds the user’s identity to their device, and continuously analyzes hundreds of risk signals for risk-based authentication.Starting Price: $0/ User/ Month -
4
Give employees the applications and services they need without exposing data and processes to unauthorized use. Streamline the process of managing and validating user access with governance software that automates user provisioning and helps you certify access to on-premise applications and data. You can also enforce governance by embedding preventative policy checks and monitoring emergency access. Identify and remediate access risk violations automatically across SAP and third-party systems. Embed compliance checks and mandatory risk mitigation into business processes. Enable users to submit self-service, workflow-driven access requests and approvals. Identify and remediate violations of segregation of duties and critical access accurately with embedded risk analysis. Automate user access assignments across SAP and third-party systems. Define and maintain compliance roles in business-friendly terms and language.
-
5
Zscaler
Zscaler
Zscaler, creator of the Zero Trust Exchange platform, uses the largest security cloud on the planet to make doing business and navigating change a simpler, faster, and more productive experience. The Zscaler Zero Trust Exchange enables fast, secure connections and allows your employees to work from anywhere using the internet as the corporate network. Based on the zero trust principle of least-privileged access, it provides comprehensive security using context-based identity and policy enforcement. The Zero Trust Exchange operates across 150 data centers worldwide, ensuring that the service is close to your users, co-located with the cloud providers and applications they are accessing, such as Microsoft 365 and AWS. It guarantees the shortest path between your users and their destinations, providing comprehensive security and an amazing user experience. Use our free service, Internet Threat Exposure Analysis. It’s fast, safe, and confidential. -
6
Ivanti NAC
Ivanti
Achieve complete visibility and Network Access Control (NAC) for all local or remote endpoints. Automatically detect, classify, profile and monitor rogue network devices and their security state. Automated, sponsored and time-based guest access. UEBA to detect IoT rogue devices, DGA attacks and MAC spoofing. -
7
Aruba ClearPass
Aruba Networks
HPE Aruba Networking ClearPass Policy Manager protects your network with policies based on Zero Trust security principles to support hybrid workplace initiatives, IoT devices, and the connected edge. It simplifies access for authorized users and devices with least‑privilege controls, protecting visitors, partners, customers, and employees across Wi‑Fi, wired, and WAN networks with integrated guest portals, device configuration monitoring, and SASE‑aligned Zero Trust security. Integrated Zero Trust security prepares IT teams to implement reliable, role‑based policies for enterprise‑wide Zero Trust enforcement. Its broad partner ecosystem enables seamless integration with existing security technologies, while dynamic, identity‑based traffic segmentation ensures consistent protection across all network environments. HPE Aruba Networking ClearPass Policy Manager helps security teams authenticate, authorize, and enforce secure network access with role‑based and Zero Trust policies. -
8
A critical component of any zero-trust strategy is securing the workplace that everyone and everything connects to. Cisco Identity Services Engine (ISE) enables a dynamic and automated approach to policy enforcement that simplifies the delivery of highly secure network access control. ISE empowers software-defined access and automates network segmentation within IT and OT environments.
-
9
1Password Extended Access Management (XAM) is a security solution designed to safeguard every login across applications and devices, making it ideal for hybrid work environments. It combines user identity verification, device trust assessments, enterprise password management, and application insights to ensure that only authorized users on secure devices can access both approved and unapproved applications. By providing IT and security teams with visibility into app usage, including shadow IT, XAM enables organizations to enforce contextual access policies based on real-time risk signals like device compliance and credential integrity. With its zero-trust approach, XAM helps businesses move beyond traditional identity management, strengthening security in today’s SaaS-driven workplace.
-
10
NdSecure
Ndende Technologies
NdSecure is a Single Sign-On (SSO) and Identity and Access Management (IAM) solution. Ndsecure offers a user-friendly, flexible, and customizable identity and access management solution capable of operating within a diverse industry-centric architecture. The role played by NdSecure is to provide a robust and secure logical access control environment, incorporating strong authentication methods. The objective is to prevent unauthorized access to the corporate management system, thereby reducing frauds arising from insider threats. NdSecure’s API management platform provides more advanced ways for the workforce to control access to various applications. By leveraging existing request content and identity stores, NdSecure can provide: • Policy-based authentication • Coarse and fine-grained authorization • Single sign-on (using SAML, OpenId Connect, social log-in or OAuth-based federation) • Support for Common Criteria • Uses FIDO 2.0 and W3C WebAuthnStarting Price: $8/month/user -
11
Multifactor
Multifactor
Multifactor is a next-generation account-sharing and access-management platform built around zero-trust, post-quantum cryptography, and fine-grained permissioning. Rather than simply sharing credentials, users store their online accounts (passwords, passkeys, 2FA codes) in a secure vault and grant access to humans or AI agents by sending controlled links. Access can be revoked instantly, and the underlying credentials remain hidden. You can define precise permissions (for example, “read transactions” but not “initiate transfers”), capture detailed non-repudiable audit trails of every action, and enjoy built-in encryption and post-quantum security architecture that ensures only authorized parties ever gain access. The platform can also operate as a full identity-and-access-management suite, supporting authentication (biometrics, hardware tokens), authorization, access auditing, device and network endpoint enforcement, and secure account/resource sharing.Starting Price: Free -
12
TozID
Tozny
An SSO and Customer Identity Management platform with privacy and end-to-end encryption built in. Centralize Access Control without centralizing your security risk. Our cryptography-at-the-edge approach delivers identity protection where you need it – secure your customer’s accounts with strong encryption and a customizable UI, or streamline protected access for your business and employees with SSO. All the features you expect – including SAML & OIDC support along with push-based MFA and more. Here are a few key features we think you’ll love! Administrators have the keys to the kingdom. Moving to zero-trust means protecting admin accounts from hacks and malicious insiders. Tozny's Privileged Access Manager (PAM) is built directly into our single sign-on solution. Get advanced protection for any endpoint and any 3rd party with Tozny PAM. -
13
Remote Safely
EPAM Systems
Remote Safely is an extra layer of Zero-Trust security for mitigating residual risks associated with nature of remote work. Remote Safely combines multiple security controls such as AI-based risks detection, VDI and SOC workforce capabilities to offer the effective protection from data breaches caused by no- or low-tech attacks, for example, visual hacking. Remote Safely surpasses the current understanding of the zero-trust approach by only allowing access to critical data with continuous identity confirmation using biometric screening of the remote work environment. The solution verifies the identity of the person located in the camera view area via facial biometrics and detects suspicious events in order to protect data from being accessed and viewed by the wrong people. Remote Safely enables businesses to offer greater flexibility to their workforce, allowing their teams to focus on what they do best and trust their data is secure. -
14
ExtremeControl
Extreme Networks
Control users and devices across your networks with granular visibility and in-depth control. Customizing the onboarding of guests and IoT devices is easy and secure with predefined templates for non-IT personnel. Enables consistent policy roll-out across the entire network. Enhances security with agent-based and agentless assessment options. Control users and devices across your networks with granular visibility and in-depth control. Single pane of glass for wired and wireless. Secure, simple onboarding. Detailed profiling with access and app analytics data. Context-based policies. Policies based on security posture of IoT devices. -
15
Peta
Peta
Peta is an enterprise-grade control plane for the Model Context Protocol (MCP) that centralizes, secures, governs, and monitors how AI clients and agents access external tools, data, and APIs. It combines a zero-trust MCP gateway, secure vault, managed runtime, policy engine, human-in-the-loop approvals, and full audit logging into a single platform so organizations can enforce fine-grained access control, hide raw credentials, and track every tool call made by AI systems. Peta Core acts as a secure vault and gateway that encrypts credentials, issues short-lived service tokens, validates identity and policies on each request, orchestrates MCP server lifecycle with lazy loading and auto-recovery, and injects credentials at runtime without exposing them to agents. The Peta Console lets teams define who or which agents can access specific MCP tools in specific environments, set approval requirements, manage tokens, and analyze usage and costs.Starting Price: Free -
16
FortiTrust Identity
Fortinet
FortiTrust Identity is a cloud-based subscription that simplifies identity and access management across enterprise hybrid environments. FortiTrust Identity (FTI) is cloud-based and natively integrated with the Fortinet Security Fabric to deliver a rich set of security controls and centralized management of user authentications, including multi-factor authentication. FTI enables you to begin your zero-trust journey with reliable user verification and strong authentication, plus ease of use for the end user. Adaptive, multi-factor, or passwordless authentication and identity federation for SSO across the enterprise hybrid environment are all included via user-based licensing. Ensure the right people get appropriate access to your data, resources, and applications across the enterprise. Increase certainty of user identity with the verification of another factor and adaptive authentication technique. -
17
PAN-OS
Palo Alto Networks
PAN-OS is Palo Alto Networks’ ML-powered next-generation firewall operating system that delivers core network security capabilities in a single, high-performance platform. It features App-ID, a patented traffic classification engine that automatically discovers and controls new and evasive applications, and Content-ID, which scans all network traffic in a single pass for comprehensive threat protection without sacrificing throughput. The Cloud Identity Engine aggregates and synchronizes user identities across multiple identity providers, enabling consistent, point-and-click zero-trust authentication and authorization. Device-ID maintains policy enforcement for devices regardless of IP changes or location, providing full context for security, decryption, QoS, and authentication policies. The OS employs post-quantum cryptographic algorithms and Quantum-resistant VPNs to safeguard against future decryption threats. -
18
IBM Verify
IBM
Infuse cloud IAM with deep context for risk-based authentication to enable frictionless, secure access for your consumers and workforce. As organizations modernize hybrid multi cloud environments using a zero-trust strategy, identity and access management can no longer remain siloed. In a cloud environment, you need to develop cloud IAM strategies that use deep context to automate risk protection and continuously authenticate any user to any resource. Your journey should match your business requirements. Maintain existing investments and protect on-premises applications as you design and customize the right cloud IAM architecture to either replace or complement your infrastructure. Your users want one-click access from any device to any application. Onboard new federated applications to single sign-on (SSO), embed modern multi-factor authentication (MFA) methods, simplify logistics and give developers consumable APIs. -
19
WALLIX MFA Authenticator
WALLIX Group
WALLIX Authenticator offers strong, multi-factor authentication to protect access to IT, applications, and data, with a high-security connection wherever you are. The zero-trust principle requires proof of identity to enable access wherever you are. Prevent unauthorized access, reduce data breaches, and mitigate the risk of lateral movement to protect the entire IT environment without any technical constraints for users. Confirm the identity of your employees, partners, and contractors no matter where they are and reduce the risk of stolen passwords from phishing or other attack methods. Security made easy for remote workers and all digital interactions! -
20
Hyperport
Hyperport
The Hyperport is a unified secure-user-access solution that merges Zero-Trust Network Access (ZTNA), Privileged Access Management (PAM), and Secure Remote Access (SRA) into one flexible architecture, allowing internal staff, remote employees, vendors and third-party partners to connect in seconds without compromising security. It enforces least-privilege access across an organisation’s entire infrastructure, from Windows and web applications to industrial control systems, via just-in-time authorization, multi-factor authentication at every security zone, real-time monitoring, session recording, and dynamic entitlement management. The platform is built for hybrid, cloud and on-premises deployments with multi-site support, enabling centralised management across IT, OT, ICS and CPS environments; it features browser-based portals (Web, RDP, SSH, VNC), encrypted file transfers, immutable audit logs, micro-segmentation and policy enforcement to reduce the attack surface. -
21
LoginRadius
LoginRadius
LoginRadius empowers businesses to deliver a delightful customer experience without compromising security. Using our customer identity platform, companies can offer a streamlined login process while protecting digital accounts and complying with data privacy regulations. LoginRadius serves over 3,000 businesses with a monthly reach of 700 million users worldwide. Key platform features include registration services, adaptive security, integration with third-party applications, and customer insights. The company has been named an industry leader in customer identity and access management (CIAM) by Gartner, KuppingerCole, and Computer Weekly. Microsoft is a major technology partner and investor. LoginRadius is headquartered in Vancouver, Canada, with additional offices in Toronto, USA, United Kingdom, Australia, and India. LoginRadius Services: API Authentication OAuth Data Management Secure Login Single Sign On SAML SSO Social Sign On Two Factor Authentication -
22
SecureKi
SecureKi
Secure access for your business, customers, or employees with our unparalleled identity security backed by a zero–trust philosophy. When it comes to protecting your data, passwords are the weakest link. That is why multifactor authentication has become the identity and access management standard for preventing unauthorized access. Verify the identity of all users with SecureKi. Compromised access and credentials most often are the leading attack vectors of a security breach. Our comprehensive privileged access management is designed to manage and monitor privileged access to accounts and applications, alert system administrators on high-risk events, reduce operations complexity, and meet regulatory compliance with ease. Privilege escalation is at the core of most cyber-attacks and system vulnerabilities. -
23
Cisco SD-Access
Cisco
A more secure and agile network for your modern enterprise. Your IT operations can be more efficient, your network more secure, and your user experience more consistent across wired, wireless, and VPN infrastructure with our advanced solution for automating user policy and network access. Cisco SD-Access, a solution within Cisco DNA, defines a uniform policy-based network fabric that meets business needs with security, automation, and assurance. SD-Access augments the Cisco DNA Center capabilities of automation and assurance. It also provides a software-defined approach for network segmentation, critical for establishing a zero-trust network. Use AI- and ML-based advanced analytics for endpoint identification and grouping. Analyze traffic flows between groups, and define effective access policies. Apply group-based access policies for effective multilevel segmentation, leading to zero-trust security. -
24
Secure remote access to your ICS and OT assets, and easily enforce cybersecurity controls at scale with our zero-trust network access solution made for industrial networks and harsh environments. Securing remote access to operational technology assets has never been easier, or more scalable. Operate with better efficiency and get peace of mind with Cisco Secure Equipment Access. Empower your operations team, contractors, and OEMs to remotely maintain and troubleshoot ICS and OT assets with an easy-to-use industrial remote access solution. Configure least-privilege access based on identity and context policies. Enforce security controls such as schedules, device posture, single sign-on, and multifactor authentication. Stop struggling with complex firewalls and DMZ setups. Secure Equipment Access embeds ZTNA into your Cisco industrial switches and routers so you can reach more assets, reduce the attack surface, and deploy at scale.
-
25
Active Roles
One Identity
Simplify identity management and security with visibility of all Entra ID (Azure AD) tenants, Microsoft 365, and Active Directory domains from a single pane of glass. Ensure users and objects have fine-grained privileged access only when they need it with dynamic delegation across your identity landscape. Automate manual processes to increase efficiency and security while accelerating account, group, and directory management. Manage all Active Directory domains, Entra ID (Azure AD), and Microsoft 365 tenants from a single pane of glass with our Microsoft solution. Control access and permissions with dynamic rules, group families, and policies with automation. Manage users, groups, roles, contacts, Microsoft 365 licenses, and objects with configurable workflows and customizable scripts. Seamless integration of Active Roles with AWS Directory Service for a zero-trust least privilege model, access delegation, and synchronized on-prem user data. -
26
Nymi
Nymi
A connected workforce is transformed with safe, secure, and simple applications. Transform access across the enterprise with biometrics, Zero Trust, and nonrepudiation made easy on one secure workplace wearable. Sign off on critical processes with stronger data integrity and identity assurance. Our standards-based approach and vast partner network means we connect to your existing infrastructure. Nymi’s workplace wearable, the Nymi Band, provides organizations with a platform to achieve zero-trust security principles and biometric authorization with the additional ability to solve a variety of challenges that impact productivity, compliance, health/safety, and culture. As part of its diverse, global enterprise customer base, Nymi serves the world’s largest enterprises with deployments across 15 countries to deliver data integrity and security, allowing highly regulated industries to achieve compliance securely and efficiently. -
27
Ivanti Neurons for Secure Access is a unified, cloud-based platform that integrates traditional VPN (Ivanti Connect Secure) and Zero Trust access (Ivanti Neurons for Zero Trust Access) gateways under a single pane of glass, delivering real-time insights and centralized control for hybrid work environments. It automatically discovers, classifies, and catalogs private applications, gathers usage metrics for chargebacks, and enforces granular access policies with continual verification of users, devices, and apps. A comprehensive visibility dashboard spans all gateways, users, devices, and activities, while adaptive security leverages user behavior analytics to detect anomalies and dynamically respond to emerging threats. Gateway lifecycle management simplifies deployment, configuration, upgrades, and retirement, and clean REST APIs enable extensibility with third-party identity providers, SIEM, UEM, vulnerability assessment, and endpoint protection tools.
-
28
Identity Confluence
Tech Prescient
Identity Confluence is an intelligent Identity Governance and Administration (IGA) platform designed to help IT and security teams manage access, automate identity lifecycles, and maintain continuous compliance across cloud and hybrid environments. Built for modern enterprises, Identity Confluence unifies identity lifecycle management, access control, and governance into a single, scalable platform. Automate Joiner-Mover-Leaver (JML) processes, enforce policy-based access controls (RBAC, ABAC, PBAC), and conduct real-time user access reviews—all from one intuitive interface. Key Features: Lifecycle Automation: Trigger real-time provisioning and deprovisioning across HR, IT, and business systems. Access Controls: Implement dynamic, fine-grained access policies using roles, attributes, and policies. App & Directory Integrations: Out-of-the-box connectors for AD, Azure AD, Okta, Workday, SAP, and more. Access Reviews: Automate certifications, enforce Segregation of Duties -
29
deviceTRUST
deviceTRUST
deviceTRUST brings together all the context and control needed to protect your digital workspace whilst allowing the modern access your users demand. Always up-to-date contextual information describing the user, the device and their environment, brought together to where it's needed. Control real-time access to digital workspaces and their resources, independent of the platform. Secure digital workspace to protect your business, keep the users productive and support your Zero-Trust strategy. Employees must be able to work from their home office with unrestricted access to all necessary applications, identical to when they are working within the corporate network. Employees of external partners and suppliers should have access to applications and resources that are provided in the virtual workspace of the company. Requirements Employees and external partners should only have access to applications and resources provided in the company’s virtual workspace at certain times. -
30
Allthenticator
Allthenticate
Allthenticator is a passwordless authentication platform designed to unify digital and physical access through a single smartphone-based identity. It enables proximity-based login to computers, websites, and servers, while also unlocking physical doors with the same device—eliminating passwords, tokens, and keycards. The platform supports SSH key signing, passkey logins, OTP management, and native integrations with identity providers like Azure AD and Okta. Admins manage everything from a centralized dashboard with role-based access and audit logs. Allthenticator also offers a decentralized credential recovery system, allowing users to back up identities with trusted peers instead of the cloud. Organizations using Allthenticator have reported 94% fewer password resets, 76% less time spent on access management, and up to 96% employee satisfactionStarting Price: $12/month/user -
31
Barracuda CloudGen Access
Barracuda
Securely manage your remote workforce with instant provisioning of company or employee-owned devices and unmanaged contractor endpoints. Mitigate breach risks with Zero Trust secure access. Deliver continuous verification of user and device identity and trust to reduce attack surface. Empower employees with streamlined access, increased security and upgraded performance compared to traditional VPN technology. Security starts with access. The CloudGen Access Zero Trust model establishes unparalleled access control across users and devices without the performance pitfalls of a traditional VPN. It provides remote, conditional, and contextual access to resources and reduces over-privileged access and associated third-party risks. With CloudGen Access, employees and partners can access corporate apps and cloud workloads without creating additional attack surfaces. -
32
SecHard
SecHard
SecHard is a multi-module software for implementing zero-trust architecture. SecHard provides automated security hardening auditing, scoring, and remediation for servers, clients, network devices, applications, databases, and more. A powerful identity and access management software to get compliant with zero trust and to prevent attacks like privilege abuse, ransomware, and more. SecHard solves the risk awareness problem in asset management. Automated discovery, access, identification, and remediation features provide ultra-wide visibility for all regulations. With the passive scanning method, SecHard operates the vulnerability detection and management processes for all IT assets without creating any risks. SecHard auto-discovers the certificates in the company’s environment report the expiration dates of these certificates, and it can automatically renew some of these certificates through well-known certificate authorities. -
33
AuthStack
Buckhill
AuthStack is a host anywhere, Enterprise-grade, Single Sign-On (SSO) and Identity Access Management (IAM) System. It assumes responsibility for logging in users to your own, and optionally third-party websites and applications. Rather than managing multiple different logins for each website and application, AuthStack centralizes your user identity management so the user only has to login once and maintain one password and profile. Integration with AuthStack requires no custom coding if your website or application already supports SAML. If SAML is not supported we provide a Connector Framework, free of charge. We can also help you integrate the Connector if required. There is also no need to migrate your existing user database(s). AuthStack bundles with a Connector Framework which can communicate with any data source, whether that's LDAP, MySQL, SOAP, REST API, etc, to check credentials from existing user databases.Starting Price: €41.25 per month -
34
authentik
authentik
authentik is an open source identity provider that unifies your identity needs into a single platform, replacing Okta, Active Directory, and Auth0. Authentik Security is a public benefit company that is building on top of the open-source project. Using a self-hosted, open-source identity provider means prioritizing security and taking control of your most sensitive data. With authentik, you no longer need to continually place your trust in a third-party service. Adopt authentik to your environment, regardless of your requirements. Use our APIs and fully customizable policies to automate any workflow. Simplify deployment and scaling with prebuilt templates and support for Kubernetes, Terraform, and Docker Compose. No need to rely on a third-party service for critical infrastructure or expose your sensitive data to the public internet. Use our pre-built workflows, or customize every step of authentication through configurable templates, infrastructure as code, and comprehensive APIs.Starting Price: $0.02 per month -
35
FortiNAC
Fortinet
The proliferation of Internet of Things (IoT) devices, has made it necessary for organizations to improve their visibility into what is attached to their networks. They need to know every device and every user accessing their networks. IoT devices enable digital transformation initiatives and improve efficiency, flexibility, and optimization. However, they are inherently untrustworthy, with designs that prioritize low-cost over security. FortiNAC provides the network visibility to see everything connected to the network, as well as the ability to control those devices and users, including dynamic, automated responses. Network access control solutions are an important part of a Zero Trust Access model for security, in which trust is no longer implicit for users, applications, or devices attempting to access the network, and for which IT teams can easily know who and what are accessing the network, as well as how to protect corporate assets both on and off the network. -
36
AWS IAM Identity Center
Amazon
AWS IAM Identity Center simplifies centralized access management across multiple AWS accounts and business applications. It enables users to access assigned accounts and applications from a unified portal. Administrators can manage user permissions centrally, assigning them based on job functions and customizing as needed. IAM Identity Center integrates with various identity sources, including Microsoft Active Directory, Okta, Ping Identity, JumpCloud, and Microsoft Entra ID, and supports standards like SAML 2.0 and SCIM for user provisioning. It facilitates attribute-based access control by allowing selection of user attributes such as cost center, title, or locale from the identity source. It supports multi-factor authentication (MFA) using methods like FIDO-enabled security keys, biometric authenticators, and time-based one-time passwords. -
37
Using data from millions of authentications, Duo examines how organizations are enabling work from anywhere, on any device, by implementing controls to ensure secure access to applications. The journey to a complete zero trust security model starts with a secure workforce. Duo verifies user identity and device health at every login attempt, providing trusted access to your applications. Verify the identity of all users before granting access to corporate applications and resources. Get detailed insight into every type of device accessing your applications, across every platform. Check the security posture and verify trust of all devices - corporate and personally owned - accessing your applications. Give your users a secure and consistent login experience to on-premises and cloud applications.
-
38
Delinea Cloud Suite
Delinea
Simplify user authentication to servers from any directory service, including Active Directory, LDAP, and cloud directories such as Okta. Enforce the principle of least privilege with just-in-time and just enough privilege to minimize the risk of a security breach. Identify abuse of privilege, thwart attacks, and quickly prove regulatory compliance with a detailed audit trail and video recordings. Delinea’s cloud-based SaaS solution applies zero-trust principles to stop privileged access abuse and reduce security risks. Experience elastic scalability and performance, supporting multi-VPCs, multi-cloud, and multi-directory use cases. Single enterprise identity to securely log in anywhere. A flexible, just-in-time model with privilege elevation. Centrally manage security policies for users, machines, and applications. Apply MFA policies consistently across all your regulated and business-critical systems. Watch privileged sessions in real-time and instantly terminate suspicious sessions. -
39
Xage
Xage Security
Xage Security is a cybersecurity company that provides zero trust asset protection for critical infrastructure, industrial IoT, and operational technology (OT) environments. Xage's Fabric Platform underpins all of its products and use cases, defending assets against attacks across OT, IIoT, IT, and the cloud. Xage's zero trust approach to security is based on the principle of "never trust, always verify." This means that Xage authenticates all users and devices before granting access to any assets. Xage also enforces granular access policies based on user identity, context, and asset risk. Xage's products include: Zero Trust Remote Access Identity-Based Access Management Zero Trust Data Exchange Xage's products are used by a wide range of organizations, including government agencies, utilities, and industrial manufacturers. Xage's customers rely on Xage to protect their critical infrastructure, OT assets, and industrial data from cyberattacks. -
40
XFA
XFA
XFA is a device security and Zero Trust access platform that helps organizations discover, assess, and enforce security posture on every device accessing business systems, including BYOD, contractor, and unmanaged endpoints, by integrating with identity providers and checking key security settings such as OS updates, encryption and other posture signals at login without taking control of devices or requiring traditional MDM deployment; it gives real-time visibility into all connected devices, boosts security awareness with alerts and reports, enables conditional access policies so only compliant devices can access cloud tools, and helps teams meet compliance frameworks like SOC 2, ISO 27001 and NIS2 with audit-ready evidence, while offering friction-free self-onboarding, lightweight installation, agentless capabilities and integrations with platforms like Microsoft 365, Okta, TrustCloud and Drata to strengthen security across hybrid, remote and BYOD environments.Starting Price: €2,450 per year -
41
Zentry
Zentry Security
Least privileged application access with consistent security for any user, anywhere. Transient authentication provides granular, least-privileged access to mission-critical infrastructure. Zentry Trusted Access provides clientless, browser-based, streamlined zero-trust application access for small to medium-sized enterprises. Organizations see gains in security posture and compliance, a reduced attack surface, and greater visibility into users and applications. Zentry Trusted Access is a cloud-native solution that is simple to configure, and even simpler to use. Employees, contractors, and third parties just need an HTML5 browser to securely connect to applications in the cloud and data center, no clients are needed. Leveraging zero trust technologies like multi-factor authentication and single sign-on, only validated users obtain access to applications and resources. All sessions are encrypted end-to-end with TLS, and each is governed by granular policies. -
42
Ontology
Ontology
Ontology supports identity authentication and data collaboration between users, vehicles, and third parties. Data can only be accessed, used and stored with the consent of the owner. Through the Ontology Trust Framework and Self-Sovereign Data Storage, a number of cryptographic algorithms are implemented to protect user identity and data privacy security. Each data exchange operation requires authorization and selective exchange can be achieved through authorization protocols and cryptographic algorithms. Traceability, authorization and authentication of personal data is possible through blockchain. In some cases, we integrate TEE technology to support data analysis and processing without privacy disclosure. It's time to reclaim control of your digital identity. ONT ID enables autonomous control of your private data. You decide if and when your data is accessible by others. -
43
Huawei IAM
Huawei Cloud
Create IAM users and groups and grant them permissions by using policies and roles, allowing or denying access to specific services and resources. Delegate a trusted HUAWEI CLOUD account or a cloud service to access your HUAWEI CLOUD resources based on assigned permissions. Establish a trust relationship between your existing identity system and HUAWEI CLOUD by creating a SAML-based or OpenID Connect–based identity provider or a custom identity broker. In this way, users in your enterprise can log in to HUAWEI CLOUD through single sign-on (SSO). You can require IAM users to complete identity authentication each time they log in or perform a critical operation. IAM allows you to create IAM users and authorize them to securely access your resources using their own username and password. IAM allows you to authorize another HUAWEI CLOUD account or a cloud service to access your resources based on assigned permissions. -
44
OneLayer Bridge
OneLayer
OneLayer Bridge is a Zero-Trust security and asset-management platform tailored for enterprise private 5G/LTE networks, offering comprehensive visibility, segmentation, and device control for connected assets across IoT, OT, and cellular domains. It provides real-time discovery and fingerprinting of all devices on private cellular networks, extending beyond traditional IT tools to include routers, hotspots, SIM-based assets and devices behind cellular NAT. The platform allows context-based segmentation and enforcement of policies to stop lateral movement, delivers analytics for connectivity, quality of service and performance metrics, and supports full lifecycle asset management with zero-touch onboarding, geofencing, and persistent tracking. OneLayer Bridge integrates with existing security stacks and cellular core infrastructure, bridging the gap between mobile packet cores and enterprise IT/OT systems. -
45
Intel Trust Authority
Intel
Intel Trust Authority is a zero-trust attestation service that ensures the integrity and security of applications and data across various environments, including multiple clouds, sovereign clouds, edge, and on-premises infrastructures. It independently verifies the trustworthiness of compute assets such as infrastructure, data, applications, endpoints, AI/ML workloads, and identities, attesting to the validity of Intel Confidential Computing environments, including Trusted Execution Environments (TEEs), Graphical Processing Units (GPUs), and Trusted Platform Modules (TPMs). Provides assurance of the environment's authenticity, irrespective of data center management, addressing the need for separation between cloud infrastructure providers and verifiers. Enables workload expansion across on-premises, edge, multiple cloud, or hybrid deployments with a consistent attestation service rooted in silicon. -
46
ZeroTek
ZeroTek
ZeroTek is a multi-tenant IAM SaaS platform purpose-built for managed service providers to deploy, manage, and scale Okta identity services across multiple customers from a single environment. It extends Okta’s enterprise-grade identity and access management capabilities with MSP-specific tooling that simplifies multi-client operations, enabling providers to deliver secure authentication, single sign-on, and lifecycle management as a monthly service. It provides a centralized dashboard that lets teams view and manage multiple customer directories, users, and applications in one place, reducing operational complexity and improving visibility. ZeroTek also enables self-service Okta tenant creation in seconds, allowing faster customer onboarding without lengthy procurement or licensing processes. MSP-focused role-based access control enforces least-privilege permissions for technicians, while comprehensive auditing ensures full accountability across environments. -
47
Hexnode IdP
Hexnode
Hexnode IdP is an identity provider designed to help organizations manage authentication, access control, and identity governance from a centralized platform. It enables IT and security teams to verify user identities and enforce secure access to enterprise applications, devices, and resources. By combining identity verification with real-time device posture evaluation, Hexnode IdP supports a Zero Trust approach to access management. The platform includes capabilities such as single sign-on (SSO), multi-factor authentication (MFA), role-based access control (RBAC), and conditional access policies. These controls allow organizations to ensure that only authorized users on compliant devices can access sensitive systems and data. By centralizing authentication and access policies in a single console, organizations can simplify identity management while improving overall security visibility and control. -
48
Forescout
Forescout Technologies
Forescout is a comprehensive cybersecurity platform that offers real-time visibility, control, and automation for managing risks across devices and networks. Its solutions enable organizations to monitor and secure a broad range of IT, IoT, and operational technology (OT) assets, providing proactive protection against cyber threats. With Forescout's Zero Trust framework and integrated threat detection capabilities, businesses can enforce device compliance, secure network access, and continuously monitor for vulnerabilities. Designed for scalability, Forescout's platform provides insights that empower businesses to mitigate risks and enhance their security posture across various industries, from healthcare to manufacturing. -
49
Thinscale
Thinscale
ThinScale is an all-in-one endpoint security and management platform that helps organizations protect and control remote, hybrid, and on-site Windows devices by enforcing zero-trust security, preventing malware and data loss, and providing unified endpoint management at scale. It centralizes device lockdown, process security, and data loss prevention while supporting corporate, third-party, and employee-owned devices to create secure, compliant workspaces without sacrificing functionality, with granular allowlisting and session isolation to stop threats and unauthorized access. It supports virtual desktop and desktop-as-a-service environments, lets IT teams manage and update endpoints, policies, and applications from a single console, and includes device analytics and telemetry for real-time performance insights. -
50
XplicitTrust Network Access
XplicitTrust
XplicitTrust Network Access is a Zero Trust Network Access (ZTNA) solution that provides secure, seamless access to applications regardless of location for users working from anywhere. It provides identity-based access control that integrates with existing identity providers for single sign-on (SSO) and multi-factor authentication (MFA) using factors such as user identity, device security, location and time. The platform includes real-time network diagnostics and centralized asset management for better oversight. Clients require no configuration and the solution is compatible with platforms including Windows, MacOS and Linux. XplicitTrust uses strong encryption, end-to-end protection, automatic key rotation and context-aware authentication to provide robust security. It also supports scalable application access and secure connections for IoT, legacy applications and remote desktops, making it versatile for today's security needs.Starting Price: $5/month/user
