Read ETR’s first 2026 Observatory summary to learn how identity security vendors earn enterprise trust—and what’s changing in the market.

Identity Security: Entra and Okta Set the Pace

Identity Security: Entra and Okta Set the Pace
|

ETR Observatory for Identity Security

This is a summary of the full report. Use the request form at the bottom of the article to contact our sales team for access to the complete findings.

Key Takeaways

  • Two vendors lead atop a crowded field. Microsoft’s Entra ID and Okta distinguish themselves above the array of solutions for positive directional spend and perceptions of product leadership, with Entra chosen by users as the top rebuild choice and Okta as the most innovative, compounded by high usage intentions.

  • Expansion moves driving the leaders. As platforms mature and enterprises better understand evolving identity needs, Leading vendors shift to a greater proportion of increase intentions over adoptions, including Entra, Okta, and Palo Alto/CyberArk seeing the highest increase-minus-decrease spreads.

  • Integration is a critical differentiator. Integration and User Experience are both top three cited buyer priorities; vendors that scored highest on ease of integration, led by Entra, Palo Alto/CyberArk, and 1Password, showed better forward demand than peers lagging on this measure.

  • SailPoint and BeyondTrust evolve into new Scope vectors. A year-over-year increase in relative presence has shifted SailPoint from the Advancing to Leading vector, pointing to broadened product usage, while BeyondTrust drifted from Advancing to Tracking, showing slightly greater presence but lower momentum.

  • Usage momentum cools for several incumbents. Net Usage scores declined versus last year’s study, affecting established products from HashiCorp, SailPoint, and Cisco’s Duo; while no vendors saw major year-over-year displacement from prior positions, a shifting order suggests identity stacks remain in motion.

This report focuses on Identity Security, with data on the following vendors:

1Password | BeyondTrust | Delinea | (Duo) Cisco | Entra ID (Microsoft) | HashiCorp | IBM | JumpCloud | Okta (inc. Auth0) | Oracle | Palo Alto Networks (inc. CyberArk) | Ping Identity (inc. ForgeRock) | RSA | SailPoint | Saviynt | Veza

 


Executive Summary

ETR Observatory Scope_26_IAM_blurETR’s 2026 Observatory for Identity Security delivers a comprehensive, survey-based view of vendor momentum and market presence, grounded in insights from 310 IT decision makers directly responsible for identity and access management security strategies. The respondent base spans large enterprises, 58% with more than 1,200 employees, 15% from the Fortune 500, and 22% from Global 2000 firms, with a strong North American majority and concentration in Services, IT/TelCo, and Financial sectors. Data from this report reinforces identity security as a highly competitive field in rapid transition. As enterprise architecture decentralizes and the attack surface expands to include more identity-centric abuse, this area of security is evolving from discrete IAM controls into a broader control plane spanning several critical functions. Leading identity platforms increasingly ingest telemetry across all environments, apply policies, and remediate with minimal human oversight. Unsurprisingly, this means that ability to integrate into enterprise systems and apply a broad feature breadth is critical in whether identity vendors can scale without creating new operational risk.
Even amid the consolidation narrative and budget scrutiny, enterprises continue to signal expansion in identity security. Entra ID and Okta separate from the field by combining strong spend momentum with the highest mindshare, with Entra leading rebuild preference and Okta leading most-innovative votes, underscoring their role as default shortlists for modernization. Palo Alto Networks (which now includes combined data with CyberArk users) may be the leading example of the shift toward deeper platforms, and our data supports its ability to strongly integrate disparate tools, which supports its high replacement resistance and expansion-led growth. At the same time, adoption-led challengers show that momentum driven by net new logos remains possible but converting that pull into durable deployments will depend on value perception and protective capabilities, as enterprise buyers seek more capable and better integrated identity solutions.

Introduction

With rapid structural changes of enterprise technology architectures, including decentralization and virtualization across hybrid environments, organizations continue to enact unprecedented changes to their Information Technology stacks. Meanwhile, with a threat environment that is not only proliferating in volume but also in leveraging of adaptive threats, identity security must continue to evolve, even if to first fully understand who or what is really accessing their organization’s technology resources. In complex enterprises, poorly managed identity requirements within Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) threaten a dangerous gap between a strong security posture and supporting access needs.

Enterprises must confront an operational reality that legacy authentication remains embedded across endpoints, servers, and applications, obscuring hard to locate dependencies and weaknesses. Today, Identity and Access Management remains mission-critical in the field, with both workforce and customer IAM segments focusing on real-time user authentication and access decisions. Identity Governance and Administration compiles and manages digital identities by defining roles and setting appropriate access levels, while Privileged Access Management protects critical accounts capable of making sweeping changes. Cloud Infrastructure Entitlements Management (CIEM) has matured alongside cloud migration to manage permissions at scale, while Identity Threat Detection and Response (ITDR) is increasingly necessary as defenders must combat identity attack paths from behavioral and session-based vectors, rather than purely from credentials. At the same time, non-human identities pose enterprise risk due to their volume and persistence. Considering this broad context, the need for an identity control plane approach necessitates interaction between systems, ingestion of telemetry across multiple environments, finding relevant identity context, locating discrepancies, and enabling automated remediation.

The cybersecurity industry’s evolution continues to reflect shifting priorities. Consolidation of tools and platforms continues to underscore vendor growth strategy, most notably illustrated in the past year by Palo Alto Networks’ ongoing acquisition of CyberArk. Enterprises are also navigating themes such as governance and compliance pressures, AI/ML system implementation and maturation, and AI-driven security applications aimed at reducing detection and remediation times. Within that, agentic systems represent a new identity frontier as autonomous workflows can act across internal tools, underscoring the need for continuously controlling privilege and monitoring delegated access. Meanwhile, threat actors are also applying AI to achieve identity-centric fraud and impersonation, increasing the burden to be contextually aware. Identity programs continue to shift more tightly into DevSecOps and application security practices, as well as integrating earlier incident response and recovery. With the digital landscape evolving so boundaries matter less, automation expands access faster, and social engineering continues to exploit people, the role of IAM and new identity control approaches remains paramount.

 

The Observatory Report

This Observatory features comprehensive and current data about the information security marketplace. The ETR Observatory for Identity Security was specifically designed to capture usage and evaluation metrics across a wide swath of professionals representing the end user and evaluator buying demographic. The study offers data and analysis around spending trends, usage, return on investment (ROI), churn, product feature rankings, Net Promoter Scores (NPS), and more for the plethora of players encompassed in this Observatory Scope. 

While structuring a grouping of disparate vendors with varying functionalities is subjective, the ETR Observatory for Identity Security categorizes the vendor group primarily by breaking down the data-driven plotting of each vendor into our four Observatory Scope vectors and by analyzing proprietary user and evaluation metrics, including Momentum, Presence, and Net Score. Since the full Observatory data study asks respondents about both spending intention and evaluation perspectives, a larger swath of vendors is covered in the Observatory data. However, only vendors with sufficient spending intentions citations are included in the Observatory Scope graphic. ETR’s Observatory reports are based solely on end-user data and feedback from our qualified IT decision-maker community, without vendor involvement. 

 

Qoute marks-blue

I like companies that are more responsive. I like companies that are willing to be more innovative, bring something interesting to the table, and keep their prices low.

 

Conclusion – High Industry Velocity May Shift Observatory Rankings Quickly

Transparent glass padlock_550x550It is no surprise that the rapid evolution of enterprise technology architecture continues to reshape identity security priorities. As organizations decentralize across hybrid environments and expand cloud usage, verifying each identity across sprawling application footprints remains essential across Customer and Workforce IAM, IGA, PAM, CIEM, and ITDR capabilities that must integrate well without constraining access. A recent industry focus has followed the continued growth of non-human identities and agentic workflows, which vastly increase the number of entities that must be governed, monitored, and remediated.

Within this Observatory, the Leading vector reflects which cybersecurity leaders most consistently align product relevancy and sales execution. In particular, Entra ID and Okta separate from the field not only through directional spending momentum but through mindshare signals. Chasing these two, Palo Alto Networks’ broad platform approach and constant development is meeting the market’s appetite for deeper identity platforms, pairing strong integration outcomes even as adoption remains limited. At the same time, the emergence of upstart challengers and wide gaps in adoption rates across vendors underscore receptivity to new entrants, but longer-term upside for these tools will depend on converting early demand into durable deployments.

A recurring theme in the 2026 data is that identity security differentiation partially rests on nonstop execution and durability, as integration and user experience both remain critical. Products that deliver smooth deployment and ecosystem fit are better positioned to maintain expansion momentum as some enterprises consolidate tools. Meanwhile, this Observatory study’s directional usage signals suggest portions of the installed base are reevaluating, even for established vendors, underscoring that strong identity protection is not a one-time deployment but an ongoing process. In a threat environment where identity-centric attack paths will remain persistent for the foreseeable future, compounded by AI-enabled tools, sustained innovation and operational execution will earn enduring trust among the enterprises, as buyers refine their identity strategies.

 
Press

Need a quote, image, or additional information for an article? Reach out to our press team at press@etr.ai

 

Reprints
If you would like permission to reprint this report or our ETR Observatory Scope graphic, please send your request to reprints@etr.ai

ETR Insights Team
Contact a member of our ETR Insights team to discuss all the details from this analysis or request custom research.

 

 

 

About ETR

ETR is an enterprise technology market research firm that delivers actionable, transparent, and unbiased insights to technology companies, institutional investors, and a trusted community of technology leaders, empowering them to make smarter, faster decisions. ETR’s proprietary approach is grounded in their vision to reinvent technology market research so that business leaders can strategically position their organizations to outperform the competition. In fact, no other firm harnesses the same scale and makeup of their vetted community to quickly deliver the unbiased data and analysis that financial and enterprise organizations need to achieve better outcomes.

We use our two quarterly surveys (Technology Spending Intentions Survey and the Macro Views Survey) to collect data and insights directly from the ETR Community. Use this data and insights to navigate the complex enterprise technology landscape and our proprietary visualizations and models to mine insights and unearth predictors of enterprise technology performance.

Beyond our core surveys, we also offer custom market research surveys. These can be commissioned with a targeted group and are guided by our expert content team to determine the best audience, topics, and questions. Additionally, the target group cannot only be based on their organization size, sector, and title, but also on our proprietary research around a firm’s spending intentions and technology stack.

 

Methodology
If you’re interested in the process behind the data, you’ll find it in the methodology section on our website.

 

Recent Past Observatories
Go Back

Straight from Technology Leaders

We eliminate bias and increase speed-to-market by cutting out the middleman and going straight to the voice of the customer

Start a Conversation
Request a Free Trial
Already have access? Log In