Identity Relationship Management

Identity and Access Management (IAM) services were traditionally built for a company’s internal use, to assist with manual on and off boarding, and establishing access privileges to company data and systems behind the firewall. Today a company must implement a dynamic IAM solution that serves employees, customers, partners and devices, regardless of location. This is the evolution of IAM to IRM: Identity Relationship Management.

The evolution of Identity Access Management has been on my mind lately, and I’ve been chatting about it with Kantara Initiative Members and friends. It’s the next big innovation coming from Kantara Initiative members, and is a shift in focus and the beginning of a movement led by industry leaders including Philippe de Raet (Experian), Allan Foster (ForgeRock), Pat Patterson (, and humbly, myself, Joni Brennan (Kantara Initiative). We call this movement Identity Relationship Management (IRM) and what follows is the story of digital identity today and the way these leaders see Identity Access Management moving to Identity Relationship Management in the near future.

Pillars of IRM


  1. CONSUMERS AND THINGS over employees
  2. ADAPTABLE over predictable
  3. TOP LINE REVENUE over operating expense
  4. VELOCITY over process


  1. INTERNET SCALE over enterprise scale
  2. DYNAMIC INTELLIGENCE over static intelligence
  3. BORDERLESS over perimeter
  4. MODULAR over monolithic

The next generation of IAM: Identity Relationship Management (IRM)

As more and more people, devices, and “things” are assigned identities across networks, IRM services that are  simple, flexible, scalable and  designed to quickly verify identities and access privileges, become imperative for any business to safely and efficiently engage with their customers. Today’s solutions must link devices–laptops, phones, touchpads, cars–and new mobile and social apps to a single security platform that works all the time, everywhere, on premises or off in the cloud. This is the standard that customers, citizens, and students expect, and CIOs and their businesses, (as well as governments and universities), must identify vendors that can provide it because these methods of consumer engagement directly drive revenue. Customers might deposit checks from their phone, order a service through a cloud app, or make a purchase from a laptop that recognizes their identity, and shares the right information with the vendor.

As consumers look for and expect more ways to engage with businesses, companies are making the shift from the closed, protective world of IAM to the open, evolving, and confidently secure IRM universe. This is because identity and access management tools are a necessity for managing trust relationships with parties inside and outside of a company – relationships that are now tied directly to the business’ top line.

This shift in business emphasis has a direct technical impact on how we think about identity and access management. As a result, CIOs need to take into account the following business-focused pillars when choosing an IRM solution:


Traditional IAM platforms were designed for on-premises employee use and are unable to provide the quick, secure, and device-flexible IAM experience customers are looking for. Modern identity management must manage access privileges for all stakeholders across a variety of devices.

ADAPTABLE over predictable

Unlike traditional IAM designed for specific static events, IRM must understand contextual circumstances. For example, a user logging in from a different device or location should have access to the information they need.

TOP LINE REVENUE over operating expense

IAM has always been viewed as a necessity for employees and therefore a business cost. In today’s world, the security system is used to authenticate and authorize both consumers and employees. If an IRM solution is efficient, secure, and accurate, it can directly contribute to a business’ top line revenue, as customers will have easy access to secure applications where they can buy services.

VELOCITY over process

IAM has migrated from business cost to business driver. Companies suffer materially if their IAM solution takes too long to deploy, adapt, or respond to user events. Employees had to put up with slow IAM systems, but customers don’t and won’t. Modern IRM serving employees, customers, and devices must instantly react to variable circumstances and events, and must be massively scalable and available so that no user ever waits around–or worse, is shut out. CIOs today make IRM decisions based on speed, ease of use, and the ability to scale to handle customer volume—not based on implementation and cost of deployment.

Changing Business Values & A New Technical Approach to IAM

IRM solutions that are able to satisfy the business needs of an organization and the new values of the CIO will shape the future of IAM. The shift to cloud, social, mobile, and SaaS is revolutionizing the enterprise, and IAM needs to evolve to help businesses capture new opportunities without worrying about the associated complexities that are a result of this change.

This shift in business emphasis has a direct technical impact on how we think about identity and access management. Through this shift we have come to value:

INTERNET SCALE over enterprise scale

Today’s users access secure systems not just on premises, but in the cloud and via the Internet, any time, day or night. Today’s users are not just employees logging on at work but also partners, customers, and devices signing in from anywhere. As the number of users grows exponentially, modern IRM systems must be able to accommodate hundreds, thousands, or even millions of additional identities instantaneously, achieving a scalable volume that was neither possible nor needed for the enterprise, but is essential in an Internet-connected, consumer-facing world.

DYNAMIC INTELLIGENCE over static intelligence

Traditional IAM was designed for a specific set of events – employee on and off-boarding, for example, taking place in a predictable on premises work environment. Today’s IRM must understand the circumstances in order to determine whether or not you get access, and if so, how much and to what? If you log in from a new device or from a different country, for example, a modern, adaptable IRM system will adjust to the uncertain circumstances and ask you for additional authentication beyond a simple password.

BORDERLESS over perimeter

Once upon a time, employees arrived at the office, logged into secure systems and logged back off at the end of the day. In today’s work-from-anywhere culture, employees, as well as partners and customers need access from laptops, phones, tablets and even cars. They access secure data stored not only on company premises, but also in the cloud and hosted by SaaS providers.

MODULAR over monolithic

Today’s IRM demands are much more complex than those of traditional IAM. A good IRM solution is designed from the ground up as an integrated, cohesive stack that is purpose-built to handle complexity. Traditional IAM, typically built piecemeal through acquisitions and tacking on parts as needs arise, struggles to respond to the multitude of users, circumstances, devices, access points, and access privileges that dominate today’s IRM world.

The Founding Signatories are:

  • Philippe de Raet (Experian)
  • Pat Patterson (
  • Allan Foster (ForgeRock)
  • Joni Brennan (Kantara Initiative)
  • Show you support the IRM Pillars

A Big Thank You To Our Fore Fathers & Mothers — Influential Research

In my role leading Kantara as Executive Director, I get countless opportunities to have conversations with some of the greatest minds in the space. We at Kantara gain influence and garner innovation from these minds and have been able to draw upon the early leaders in Federation from the Liberty Alliance, including Sun, Intel, Oracle, and AoL. We’ve also been able to participate in the communities that have since developed, like the ID Gang and Internet Identity Workshop (IIW), where countless large and small players have developed early formative concepts. We’ve been influenced by Kim Cameron’s Laws of Identity. In terms of policy, we’ve been influenced by IEEE, ISOC, IAB, IETF, and W3C’s OpenStand Principles that help set guidance for industry standards and consortia organizations seeking to influence communities, governments, and markets. Finally, we’ve internalized the work of great analysts, like Ian Glazer and his “Killing IAM to save it,” Eve Maler and her “Improve Business Outcomes With Adaptive Intelligence,” , Gartner’s Nexus of Forces, and Forrester’s Zero Trust Identity.

Whew… and that’s only the tip of the iceberg when it comes to influencers. There are many and we could not possibly list them all. Though the world of identerati may seem small at times, it’s a vast and vibrant community that actively shapes the future of our industry.

Thank you all for the many projects, efforts, and conversations that have moved us boldly into the brave new world of Identity Relationship Management.