Platform Model
Breadth of native coverage
Single platform converging IAM + IGA + PAM + CIEM + ISPM + IVP. One contract, one data layer, one vendor. No module fragmentation across product lines.
4-in-1 Native Platform
IGA-first platform. PAM and CIEM are not listed as native pillars on their website. Customers must procure separate products and integrate them independently.
PAM / CIEM Not Native
PAM Coverage
Privileged access management
Native PAM module: credential vaulting, session recording, just-in-time access, and privileged account discovery all governed within the same platform as IGA.
Native PAM
No native PAM listed on product pages. Privileged access management requires a separate third-party tool, creating a governance gap between IGA and PAM data.
Requires Separate PAM Tool
NHI and AI Agent Security
Non-human identity governance
Service accounts, bots, and AI agents governed under the same framework as human identities. Automated discovery and deprovisioning of orphaned credentials.
Native NHI Governance
Machine Identity Security is a listed pillar but it operates as a separate module with its own interface, not unified with IGA lifecycle policies.
Separate Module
Deployment Options
Flexibility of deployment
On-premise, private cloud, public cloud, and hybrid. Agentless-first architecture. Supports legacy system integration without requiring rip-and-replace.
Maximum Flexibility
Cloud-native SaaS platform. On-premise deployments require additional configuration and professional services. No public guidance on hybrid deployment complexity.
Cloud-First, PS Required for Hybrid
Time to Value
Speed to first outcome
5-5-5 Rapid Deployment Program: 5 apps connected in 5 weeks for $5K. A low-risk, fixed-price entry point that delivers immediate value.
5-5-5 Fast Start
No deployment timeline or time-to-value commitment published on their website. Implementations are typically 6-18 months with heavy professional services involvement.
No Published Timeline
Connector Count
Pre-built integrations
250+ pre-built connectors across cloud, SaaS, on-premise, legacy systems, and custom apps. Covers IAM, IGA, PAM, and CIEM targets. Connector SLAs are defined and published.
250+ Connectors
"Hundreds of connectors" no specific count published on their website. Connector quality, maintenance SLAs, and coverage scope are not disclosed publicly.
Count Not Published
Vendor Independence
Ecosystem neutrality
Purpose-built independent identity security company. Roadmap driven entirely by identity security outcomes. No parent platform dependencies or ecosystem lock-in.
Fully Independent
Independent identity company but historically reliant on large professional services partners for complex deployments, creating indirect vendor dependency.
PS Partner Dependency
IGA Capabilities
Governance depth
Full IGA module: AI-assisted User Access Reviews, role mining, Separation of Duties, access request workflows, and audit-ready compliance reporting. Continuous monitoring.
Full IGA Module
Core IGA strength access certifications, role management, and policy enforcement. Strong for large enterprises but requires significant PS investment to operationalize.
Strong IGA, High PS Cost
Compliance Frameworks
Regulatory coverage
Pre-built reports for SOX, HIPAA, PCI-DSS, GDPR, and SOC 2. Continuous monitoring ensures audit readiness at all times, not just at review cycles.
Pre-Built Compliance Reports
Compliance reporting available but report customization and audit-ready output often require professional services engagement and additional licensing.
PS Engagement Often Required
AI Capabilities
Intelligence layer
Generative + Agentic AI Assistant: AI-powered User Access Reviews, role mining, SoD analysis, anomaly detection, and natural language policy queries. AI is embedded across all modules.
Generative + Agentic AI
AI-powered app onboarding and adaptive identity claims primarily focused on provisioning automation. Broader AI capabilities not yet published across all governance workflows.
Provisioning AI Only
Platform Model
Breadth of native coverage
Single platform converging IAM + IGA + PAM + CIEM + ISPM + IVP. One contract, one data layer, one vendor. No module fragmentation across product lines.
4-in-1 Native Platform
IGA, PAM, and Application Access Governance are listed as separate products. Each requires independent licensing, configuration, and integration work.
Per-Product Licensing
PAM Integration
Privileged + governance correlation
PAM and IGA share a single unified data model. Privileged sessions are automatically surfaced in access reviews and correlated with entitlement risk scores in real time.
Native PAM-IGA Correlation
PAM is a listed pillar, but users consistently report that the PAM and IGA modules operate on separate backends, requiring manual correlation for governance workflows.
Separate Backends Reported
CIEM Coverage
Cloud entitlement management
CIEM is a first-class pillar: cloud entitlement discovery, right-sizing, and automated remediation across AWS, Azure, and GCP. Native, not a posture-only module.
Full CIEM Pillar
Identity Security Posture Management is listed but CIEM depth beyond posture scoring is not detailed on their homepage. Free trial limited to Posture Management only.
Posture-Only Free Tier
Time to Value
Speed to first production use
5-5-5 Rapid Deployment Program: 5 apps connected in 5 weeks for $5K. A contractually committed, fixed-price entry point not a marketing claim.
5 Apps, 5 Weeks, $5K Contractual
Claims "5x faster migration" and app onboarding in "mere hours" but no independent benchmark or methodology is cited. "Mere hours" applies to AI-assisted app configuration, not full deployment.
Unverified Migration Claims
Architecture
Technical design
Cloud-native microservices architecture. Scales across hybrid and multi-cloud environments. On-premise and cloud deployments supported. Mind Maps provide intuitive visual layer for exploring identity, access paths, and entitlements.
Cloud-Native + Mind Maps
Cloud-native SaaS platform but users and analysts consistently report a complex backend architecture that increases administrative burden and slows onboarding.
Complex Backend Reported
Connector Count
Pre-built integrations
250+ pre-built, maintained connectors with defined SLAs. Covers cloud, SaaS, on-premise, legacy, and custom apps. Connector quality and maintenance commitments are published.
250+ Connectors with SLAs
374 apps listed in others Exchange but connector quality, maintenance SLAs, and governance depth per connector are not disclosed on their website.
374 Apps, No SLA Disclosure
Vendor Independence
Ecosystem neutrality
Purpose-built independent identity security company. No parent platform dependencies. Roadmap driven entirely by identity security outcomes.
Fully Independent
Independent cloud identity company but roadmap and integration priorities are heavily influenced by cloud-native SaaS ecosystem partners.
Cloud Ecosystem Influenced
IGA Capabilities
Governance depth
Full IGA module: AI-assisted User Access Reviews, role mining, Separation of Duties, access request workflows, and continuous compliance monitoring across all connected systems.
Full IGA Module
IGA is a core product with access certifications, role management, and SoD enforcement. Depth is strong but administrative complexity is frequently cited as a barrier.
Strong IGA, High Admin Complexity
Compliance Frameworks
Regulatory coverage
Pre-built reports for SOX, HIPAA, PCI-DSS, GDPR, and SOC 2. Continuous monitoring ensures audit readiness at all times, not just at scheduled review cycles.
Pre-Built Compliance Reports
Compliance reporting is available but report customization for specific regulatory frameworks often requires additional configuration and professional services.
Customization Requires PS
AI Capabilities
Intelligence across pillars
Generative + Agentic AI Assistant: AI-powered User Access Reviews, role mining, anomaly detection, and natural language queries across IAM, IGA, PAM, and CIEM.
Generative + Agentic AI
(Competitor-Name) provides contextual guidance for identity decisions and AI-assisted app onboarding. Focused on administration and configuration automation rather than cross-pillar intelligence.
Admin-Focused AI
Threat Detection
ITDR and monitoring
Continuous monitoring with ITDR: real-time threat detection, automated response, and Identity Threat Detection and Response (ITDR). AI-powered behavioral analysis.
Continuous Monitoring + ITDR
Threat detection capabilities are not prominently featured as a core pillar on their product pages. ITDR is not listed as a distinct offering.
ITDR Not Listed as Core Pillar
All-in-one flat pricing. Single subscription covers IAM, IGA, PAM, CIEM, and all modules. No per-module add-on costs. No capability gates by license tier.
No Module Upsells
No pricing published on website. "Compare available packages" is the only CTA. Pricing is negotiated per engagement, with separate costs for each product suite.
No Pricing Transparency
Support and Services
Customer support model
24/7 dedicated support included. Identity and security teams have direct access to expert assistance at any time. No additional PS fees for standard operations.
24/7 Always-On Support
Support available but complex deployments and ongoing operations typically require engagement with certified implementation partners, adding cost and dependency.
PS Costs Apply
