Please ensure Javascript is enabled for purposes of website accessibility

This device is too small

If you're on a Galaxy Fold, consider unfolding your phone or viewing it in full screen to best optimize your experience.

Skip to main content
Advertiser Disclosure Many of the offers that appear on this site are from companies from which The Motley Fool receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear), but our reviews and ratings are not influenced by compensation. We do not include all companies or all offers available in the marketplace.
    |    Accessibility Options

The 5 Best Identity Management Software for Small Businesses

Updated
Mark Roy Long
By: Mark Roy Long

Our Small Business Expert

Many or all of the products here are from our partners that compensate us. It’s how we make money. But our editorial integrity ensures our experts’ opinions aren’t influenced by compensation. Terms may apply to offers listed on this page.

Your company's enterprise network becomes more vulnerable to hackers every time a new device is connected to it or an employee uses a weak or compromised password. Identity and access management (IAM) software gives you a suite of tools to increase network security. The Ascent is here to help with your due diligence to make the best choice for your small business based on features, customer support options, and price.

You don't leave the doors open 24/7 at your business, but many companies do exactly that with their computer networks. Employee-generated passwords such as 123456, reused passwords, and personal devices connected to your enterprise network are an open invitation to hackers to pillage your digital assets.

The best identity management software ensures only authorized personnel log into your network and applications, enforces robust password management policies, and monitors user activity. The question isn't whether you can afford this protection -- it's if you can afford not to have it.

Product Description Next Steps
Okta
Rating image, 4.00 out of 5 stars.
4.00/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Improve network security and reduce low-level IT service requests with Okta, an automated identity management solution. We detail its features, pricing, and support in this comprehensive review.
Read Review
Google Cloud Identity
Rating image, 3.90 out of 5 stars.
3.90/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Hackers are increasingly targeting companies' networks and data, so you must remain one step ahead. Learn how Google Cloud Identity's multiple security tools can protect your small business.
Read Review
OneLogin
Rating image, 3.70 out of 5 stars.
3.70/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Every device connected to your company's enterprise network is a potential entry point for bad actors. Learn about OneLogin's automated identity management features designed to protect your assets.
Read Review
Azure Active Directory
Rating image, 3.60 out of 5 stars.
3.60/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Windows Azure Active Directory is a robust identity and access management solution that helps secure your company's network. Learn about its strengths, weaknesses, and pricing in this in-depth review.
Read Review
LastPass for Business
Rating image, 3.60 out of 5 stars.
3.60/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Every digital device connected to your network is a possible entry point for bad actors. We take a close look at LastPass for business, a robust identity and access management (IAM) solution.
Read Review

Our top picks for the best Identity Management Software

Ratings Methodology
Okta
Read Review
Rating image, 4.00 out of 5 stars.
4.00/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Bottom Line: Improve network security and reduce low-level IT service requests with Okta, an automated identity management solution. We detail its features, pricing, and support in this comprehensive review.
Read Full Review

Founded in 2009, Okta is a leading digital identity and access management (IAM) provider. Its suite of six products are built around an SSO application that allows users to log into multiple applications such as Gmail, Office 365, and Salesforce via one centralized interface. While its original customer base consisted of small and medium-size businesses (SMBs), Okta has concentrated more recently on adding larger enterprises with at least $100,000/year in revenue.

Besides SSO, Okta applications include:

  • MFA
  • Life cycle management
  • Universal directory
  • Application programming interface (API) access management
  • Advanced server access

Its SSO portal provides intuitive navigation and includes a full-feature companion smartphone application.

Okta's SSO portal and mobile app are displayed side by side.

Access your connected accounts from your desktop or use the Okta app on a mobile device. Image source: Author

According to Okta, customers using its SSO have seen a 50% drop in login-related help desk requests. Okta's MFA further reduces security breaches because 80% of them involve compromised passwords. Information technology (IT) admins will like Okta because, unlike Windows Azure Active Directory and Google Identity Cloud, which steer users toward their respective operating system (OS) or other products, it's OS agnostic and focuses strictly on its six core features.

Okta has four support packages. The Basic plan has 12/5 phone support Monday through Friday from 9 a.m. to 9 p.m. ET, but the others have 24/7/365 support. Pricing is quote-based and depends on the number of users. Self-service online resources include a knowledge base, product guides and documentation, and community forums.

Okta's individual products range from $2/month per user to $15/month per user, but its minimum contract is $1,500/year. Customer support packages, whose prices are based on total users, cost extra. This pricing schedule could put it out of reach for some SMBs, and its customer base increasingly consists of larger companies such as FedEx, Hewlett-Packard, and T-Mobile.

Google Cloud Identity
Read Review
Rating image, 3.90 out of 5 stars.
3.90/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Bottom Line: Hackers are increasingly targeting companies' networks and data, so you must remain one step ahead. Learn how Google Cloud Identity's multiple security tools can protect your small business.
Read Full Review

Google Cloud Identity is a newer IAM standalone application as it was spun off from G Suite in 2018. Its functionality rivals enterprise competitors such as Okta and Windows Azure Active Directory, but its pricing makes it affordable for smaller businesses.

Cloud Identity has standard IAM features you expect: SSO, MFA, and accompanying security, account activity, and audit log reports. The free Google Authenticator app is easy to set up and creates verification codes even without a data connection.

Three types of MFA challenge login screens are displayed side by side

Up your security game with Cloud Identity's multiple MFA options. Image source: Author

Cloud Identity is integrated with other Google products such as G Suite and Google Cloud, which makes setup easy if you're already using them. IT admins will also like the endpoint management features and Titan Security Key options. Most users are familiar with the Google login portal and will appreciate the Password Alert browser extension that prompts them not to reuse passwords and checks for fake Google login pages.

The free Cloud Identity plan includes only self-service resources: a knowledge base, how-to guides, and community forums. With the Premium plan, however, you'll get 24/7 chat, email, and phone support at no extra cost. This contrasts with other IAM applications such as Microsoft's Azure Active Directory that costs $100/month to $1,000/month for telephone support.

Cloud Identity has a free option with basic SSO and MFA, but for your business, the $6/month per user Premium plan is your best bet. It includes enterprise endpoint management, context-aware access information management, a unified management console, and Google's security console.

OneLogin
Read Review
Rating image, 3.70 out of 5 stars.
3.70/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Bottom Line: Every device connected to your company's enterprise network is a potential entry point for bad actors. Learn about OneLogin's automated identity management features designed to protect your assets.
Read Full Review

OneLogin provides workplace, cloud-based identity management solutions, including SSO, MFA, SmartFactor Authentication, and identity life cycle management. While its feature set makes it suitable for larger companies -- customers include Airbus, Tesco, and Zoes Kitchen -- it's also affordable for smaller businesses.

Employees log into an SSO interface to access their company accounts for web-based and on-site third-party applications with over 6,000 more pre-integrated apps. Employ MFA features such as security questions, one-time passwords (OTPs), and biometrics for extra security layers.

SmartFactor Authentication uses an artificial intelligence (AI) risk engine to deploy MFA security and streamline the user experience. Its browser extension, which works with all major browsers, gives users access to their SSO apps and prompts them to add apps and logins to their OneLogin accounts when they go to a new webpage login. It also has two free mobile apps: Protect for MFA functionality and Portal, which mirrors the desktop interface.

Four screenshots display different Portal app features.

The Portal app provides OneLogin's desktop functionality when you're on the go. Image source: Author

All OneLogin workplace plans include 12/5 phone and online support, access to technical documentation, and discounted training. For 24/7 customer service, you must pay extra to upgrade to the OnePrime or OneVIP support package. Online resources include a knowledge base, community-based support, and live and on-demand webinars.

OneLogin offers three workplace plans that range from $2/month per user (minimum 25 users) to $8/month per user (minimum five users). You get a 5% discount with a quarterly subscription or 10% off when paying annually. A 30-day free trial is available.

Azure Active Directory
Read Review
Rating image, 3.60 out of 5 stars.
3.60/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Bottom Line: Windows Azure Active Directory is a robust identity and access management solution that helps secure your company's network. Learn about its strengths, weaknesses, and pricing in this in-depth review.
Read Full Review

Windows Azure Active Directory is a cloud-based, enterprise identity management solution with single sign-on (SSO), multifactor authentication (MFA), and password management tools. It's designed for information technology (IT) departments and developers to secure user access to multiple accounts and applications. Users include Amtrak, BP, and Walmart.

Combine SSO with the Windows My Apps portal, so your employees can access multiple Microsoft and third-party applications with a single login. MFA adds extra protection with secondary authentication factors such as security codes, one-time passwords (OTPs), and biometrics. IT admins can also generate granular reports about user login attempts, password strength, and risky logins.

The password protection menu to create a custom banned passwords list is shown.

Ban passwords based on company-specific or other information. Image source: Author

Your IT techs will appreciate how Azure Active Directory reduces routine service requests for new and reset passwords, and adaptive authentication streamlines the user login experience. The depth and breadth of available features, however, can create a steep learning curve for your IT personnel.

Basic self-service resources and help ticket support are free, but you need direct Microsoft support for production workload and business-critical environments. The $100/month Standard support package is suitable for the former, while the $1,000 Professional Direct package is required for the latter.

Basic Azure Active Directory features are included with most Office 365 Enterprise plans. For the identity management tools you'll likely need, however, get either the $6/month per user Premium P1 or the $9/month Premium P2 plan. To calculate your total price, do your due diligence: Many IT managers have commented on the complex licensing agreements that factor in multiple add-on options which are not immediately apparent.

LastPass for Business
Read Review
Rating image, 3.60 out of 5 stars.
3.60/5 Circle with letter I in it. Our ratings are based on a 5 star scale. 5 stars equals Best. 4 stars equals Excellent. 3 stars equals Good. 2 stars equals Fair. 1 star equals Poor. We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs.
 = Best
= Excellent
= Good
= Fair
= Poor
Bottom Line: Every digital device connected to your network is a possible entry point for bad actors. We take a close look at LastPass for business, a robust identity and access management (IAM) solution.
Read Full Review

LastPass is well-known for its personal IAM applications, but it also has a robust set of business products for SSO, MFA, and password management. LastPass says its business software is designed for small and medium-size businesses, but the required annual billing could be prohibitive for smaller companies.

LastPass for Business has an SSO interface with separate company and personal password vaults for each user. The LastPass Authenticator app enables easy-to-use MFA security, and different report types track user activity, password security, and suspicious login events.

Adaptive authentication features enhance the user experience by using MFA security on a case-by-case basis. The LastPass Password Manager app lets users manage and use their passwords remotely. Its browser extension, which is available for all major browsers, provides easy access to integrated apps and password tools without using the SSO portal.

The LastPass browser extension options menu is displayed.

The LastPass browser extension duplicates the desktop portal's functionality. Image source: Author

Primary customer support is via email or help tickets submitted from your account's admin interface. LastPass says it offers phone support, but its website has little information about how to access it. Support documentation steers users toward its knowledge base first and asks they only submit an online help request if they can't find answers there.

Standalone MFA security is $36/year per user, and password management is $48/year per user. SSO and password management are $72/year per user. You'll pay $96/year per user for both SSO and MFA. Quote-based site licenses are also available.

What The Ascent looks for in great identity management software

The best IAM software includes a standard set of must-have features, one-on-one customer support, and transparent pricing. You must do your research, however, as the devil is in the details in these three areas.

Features

Any IAM software you use should include these features:

  • Single sign-on (SSO): Users log in once to a single interface to access multiple third-party software applications or websites.
  • Multi-factor authentication (MFA): Users provide secondary information such as answers to security questions, OTPs, or biometric information to validate login credentials.
  • Password management: IT admins define and enforce automated policies for password strength, banned passwords, and user-generated passwords.

Other useful features include:

  • Contextual authentication: AI calculates the risk of each login to apply MFA case-by-case.
  • Mobile apps and browser extensions: Users access their SSO portals with apps and/or browser extensions to enhance the user experience.
  • Company and personal password vaults: Allows users to have personal password vaults combined with company vaults to reduce the frequency of reused passwords.

Support

Most IAM software has self-service resources such as a knowledge base, product documentation, and community forums.

The most critical feature, however, is one-on-one technical support. If you have a significant problem with your IAM software, all your employees and customers could be locked out of your network. You won't have time to comb through endless web pages looking for a solution; instead, you need direct live chat or telephone support to get back online ASAP.

Pricing

Accurate pricing is key. Even if your initial price per user looks attractive, that can change quickly based on minimum annual contract costs, necessary add-on features, and different plans with widely varying feature sets.

Customer support can be another significant cost. Windows Azure Active Directory customer support will likely be at least $1,000/month for business-critical environments, while Google Cloud Identity includes 24/7 telephone and live chat support in its price per user.

How your business can benefit from using identity management software

Beyond its baseline cost, IAM software can require significant upfront work from your IT department to implement, and users must jump through extra hoops to securely log into your network. These initial costs and inconvenience will be worth it, however, as you achieve multiple, far-reaching benefits.

Better security

After your products and services, your most valuable assets are digital: business records, financial information, and customer data. Compromised passwords result in 81% of hacking breaches, but MFA blocks 99.9% of these attacks.

Overarching benefits include streamlined incident response protocols, endpoint detection and response (EDR), and the production of a granular network diagram. If you have a dedicated network security operations center (SOC), IAM user, login, and activity reports contribute directly to your identity management processes.

Lower costs

The cost of data breaches varies by country and industry, but in 2019, the average cost globally was $3.9 million per breach, which works out to $150 per compromised record. Avoiding even a single data breach can cover your IAM costs for several years.

SSO saves money by reducing the time employees require each day to log into multiple applications. Sure, this isn't that much on any given day, but recent statistics show it works out to 12.5 hours saved per employee per year. If you have 500 employees with an average salary of $50,000, you'll save over $155,000 annually.

This amount further increases when factoring in another time-saving feature: password self-management features that don't require IT department intervention. Each password reset performed by your IT department, for example, costs $7 to $10.

Improved IT department productivity

Greater IT department efficiency is another benefit. Okta says its automated IAM tools reduce routine IT department help requests by 50%. This doesn't mean your IT techs have more time to sit around debating the relative merits of Star Wars versus Star Trek. (FYI: Star Trek is the best.) Instead, they can put more effort into higher-level activities that maintain and protect your IT infrastructure.

Our Small Business Expert

Mark Roy Long
Mark Long is a former technology textbook publisher and commercial writing instructor. As a freelance writer, he has written on topics ranging from project management strategies to software reviews to designing data centers. Most recently, he was a national news reporter for Knowhere News. When not writing or researching a forthcoming article, Mark can likely be found on a Waco, Texas, disc golf course or at a craft beer brewery.