Skip to content
Insights
Request Services
Awesome
Curated · 2026.05

Awesome IAM — 56 things worth knowing in IAM.

Hand-curated directory of identity & access management resources. Workforce IdPs, privileged access platforms, customer identity, identity governance, open-source projects, standards documents, training, conferences, and reference blogs. Every entry is actively maintained and publicly accessible.

Cite or share
Share

Total entries

56

9 categories · CC BY 4.0

WorkforcePAMCIAMIGAOSSStandardsTrainingCommunityReading

Workforce · Workforce IAM platforms

7

SSO + MFA + lifecycle for the people who work at your company.

  • Okta Workforce Identity Cloud

    Cloud-native workforce IdP — SSO, MFA, lifecycle, with deep app catalog.

  • Microsoft Entra ID

    Workforce IdP for Microsoft 365 + Azure. Conditional Access is the differentiator.

  • Google Cloud Identity

    Workspace-anchored workforce IdP. Strongest for Workspace-first organizations.

  • JumpCloud

    Workforce IdP + device + RADIUS for SMB / mid-market.

  • Ping Identity

    Workforce + customer identity. Strong on federation + open standards.

  • IBM Security Verify

    Enterprise IdP with strong governance integration.

  • Oracle Identity Cloud

    Cloud + on-prem identity for Oracle-anchored enterprises.

PAM · Privileged access management

5

Vaults, session brokers, JIT elevation for the accounts that own production.

  • CyberArk

    Privileged-access platform with vault, session monitoring, JIT, secrets management.

  • BeyondTrust

    PAM + endpoint privilege management. Strong on Unix / Linux + remote support.

  • Delinea (Thycotic + Centrify)

    PAM platform — vault, session, DevOps secrets.

  • HashiCorp Vault

    Open-source secrets management + dynamic credential issuance. The de facto DevOps PAM.

  • Saviynt

    Cloud-first identity platform with combined IGA + PAM.

CIAM · Customer identity (CIAM)

5

Authentication for the people who buy from you, not work for you.

  • Auth0 (Okta CIC)

    Developer-friendly CIAM. Tenant model + Universal Login + extensible Actions.

  • Microsoft External ID

    Microsoft's consolidated B2B + B2C customer identity product, replacing Azure AD B2C.

  • Akamai Identity Cloud

    CIAM with strong bot-mitigation + ATO defense integration.

  • Curity

    Identity server focused on OAuth / OIDC standards-conformance.

  • WorkOS

    B2B SSO for SaaS — single API across SAML / OIDC providers.

IGA · Identity governance & administration

4

Certification campaigns, SoD, role mining, audit evidence.

  • SailPoint

    The leader of the IGA category. Strong for regulated enterprises.

  • Saviynt

    Cloud-native IGA with SoD analytics + AAG (Access Analytics).

  • Omada

    European IGA platform with strong governance UX.

  • One Identity

    Identity governance + PAM under one vendor; strong AD lineage.

OSS · Open-source identity projects

8

Production-ready open-source identity components.

  • Keycloak

    Self-hostable OAuth / OIDC / SAML server. The Red Hat / open-source IdP option.

  • Ory Hydra / Kratos / Keto

    Modular Go-based identity stack — OAuth server (Hydra), user management (Kratos), permissions (Keto).

  • Authelia

    Single sign-on + 2FA for self-hosters. Pairs well with Traefik / nginx.

  • Authentik

    Self-hosted IdP — OIDC, SAML, social login, LDAP outpost.

  • Pomerium

    Identity-aware proxy for zero-trust access to internal services.

  • OpenFGA

    Open-source fine-grained authorization (CNCF). Google Zanzibar-inspired.

  • Cerbos

    Open-source policy engine for authorization (RBAC + ABAC).

  • SCIM SDKs (WSO2 Charon, Java)

    Reference SCIM 2.0 server implementations.

Standards · Standards & specs

7

The RFCs and specs that govern interoperability.

  • OAuth 2.1 (IETF draft)

    Consolidated OAuth spec — Authorization Code with PKCE as the universal default.

  • OpenID Connect Core

    Identity layer on top of OAuth 2.0. The de facto SSO standard for the modern web.

  • SAML 2.0 (OASIS)

    Older but ubiquitous enterprise SSO standard.

  • SCIM 2.0 (RFC 7643 + 7644)

    Cross-domain user provisioning protocol.

  • FIDO2 (W3C WebAuthn + CTAP2)

    Phishing-resistant authentication. The basis for passkeys.

  • FAPI 2.0 (OpenID Foundation)

    Financial-grade OAuth profile — used by Open Banking.

  • OAuth 2.0 Security BCP (RFC 9700)

    Current security best practices for OAuth 2.0.

Training · Training & certifications

6

Vendor certs and vendor-neutral courses worth the time.

  • IDPro Body of Knowledge

    Open, vendor-neutral reference body of knowledge for identity professionals.

  • CIDPRO certification (IDPro)

    Certified Identity Professional — the vendor-neutral identity cert.

  • SailPoint University

    IdentityIQ + IdentityNow product training + certifications.

  • CyberArk University

    Defender / Sentry / Guardian certification path.

  • Okta Learning

    Workforce + customer identity product training, including the Okta Certified Administrator path.

  • Microsoft Learn (Identity)

    SC-300 (Identity Administrator) + SC-100 paths. Free.

Community · Conferences & communities

6

Where identity practitioners meet, in person and online.

  • IDPro

    The professional association for identity practitioners. Members-only Slack + annual IDAC conference.

  • Gartner IAM Summit

    The annual analyst-driven IAM conference. Vendor-heavy but high signal.

  • Identiverse

    Industry conference focused on identity practitioners + vendors.

  • FIDO Authenticate

    FIDO Alliance's annual conference, focused on passwordless adoption.

  • OAuth Security Workshop (OSW)

    Annual academic workshop on OAuth + OIDC security.

  • KuppingerCole EIC

    European Identity & Cloud Conference — the European counterpart to Identiverse.

Reading · Reference blogs & podcasts

8

The people consistently writing the load-bearing identity content.

  • Identity at the Center podcast

    The IAM-practitioner podcast. Weekly episodes, often with vendor or program leaders.

  • IAM Pulse

    Practitioner-led identity podcast + newsletter.

  • OAuth.net

    Aaron Parecki's OAuth reference site. Where you go when the RFC is too dense.

  • Pomerium blog

    Zero-trust + identity-aware proxy patterns.

  • Curity Resources

    Standards-conformant OAuth / OIDC architectural deep-dives.

  • Auth0 blog

    CIAM-focused practitioner content. Some of the best OAuth explainers on the web.

  • Okta Developer blog

    Application-side identity integration patterns.

  • Microsoft Identity blog

    Entra ID + External ID + Verified ID product updates.

Inclusion bar

How entries make the list.

Three filters: (1) actively maintained — commits / releases / publications in the last 12 months; (2) publicly accessible — no paywall for the headline content; (3) identity-specific — workforce IAM, PAM, CIAM, IGA, identity governance, authentication standards. General-security tools live on different lists.

Missing something obvious? Send a note to [email protected] and we’ll review for the next monthly refresh.

Hire help

You picked the platform. Now ship the program.

We staff senior engineers across all the platforms above — direct placement, contract-to-hire, and managed pods.

Talk to a practice leadVendor practices

Identity, cybersecurity, and custom software for regulated enterprises. Audit-ready operations from advisory through audit.

Americas HQ

Wilmington, DE

America/New York

India HQ

Hyderabad, TG

Asia/Kolkata

Services
  • IAM Consulting
  • IAM Technologies
  • Custom Software & AI
  • IAM Staffing
  • Request Services
  • Case Studies
Resources
  • All Resources
  • Complete Guide to IAM
  • IAM Frameworks Compared
  • IAM Certification Roadmap
  • IAM API Hub
  • IAM Explainers
  • IAM Vendor Status
  • Release Notes
  • State of Identity
  • State of PAM
  • State of IGA
  • State of CIAM
  • State of AI Agent Identity
  • IAM Salary Benchmark
  • Vendor Pricing Index
  • Year in Review 2026
  • Acquisition Tracker
  • Outage Tracker
  • Identity Incidents
  • Vulnerability Tracker
  • Cheat Sheets
  • Standards Explainers
  • Migration Playbooks
  • Audit Checklists
  • Reference Architectures
  • RFP Templates
  • IAM Anti-Patterns
  • Compliance Crosswalk
  • Market Landscape
  • Awesome IAM
  • IAM Glossary
  • Compliance Frameworks
  • Integration Guides
  • Vendor Alternatives
  • IAM by Industry
  • Salary Lookup
  • Directory
Research & media
  • IAM Compensation 2026
  • Vendor Moves Q3 2026
  • Identity Incidents Q3 2026
  • Vendor Security Posture 2026
  • Vendor Pricing 2026
  • AI Citation Tracker
  • Top 50 IAM Tools 2026
  • Podcast
  • Videos
  • Newsletter
  • Newsletter Archive
  • Embed Widgets
Free tools
  • JWT Decoder
  • JWT Signer
  • SAML Decoder
  • SAML Metadata Diff
  • OAuth Flow Visualizer
  • OIDC Debugger
  • OIDC Discovery Validator
  • PKCE Generator
  • WebAuthn Tester
  • Bearer Token Inspector
  • SCIM Validator
  • Password Entropy
  • IAM RFP Template
  • PAM Vendor Selector
  • Maturity Assessment
  • ROI Calculator
  • TCO Calculator
  • MFA Bypass Risk
  • Audit-Prep Burden
  • Quizzes
Company
  • About
  • Leadership
  • Approach
  • Why Choose Us
  • Partners
  • Press Kit
  • Press Topics
  • Global Presence
  • Locations
  • Insights
  • Now
  • Community
  • Open Roles
  • Submit Resume
  • Training
  • Contact

© 2026 askmeidentity, Inc.. Safeguard your digital frontier.

  • Privacy Policy
  • Terms of Service
  • Accessibility