Skip to content
Deepak Gupta markCIAM Compass

Editorial notice

Disclaimer.

What this site is

CIAM Compass is a practitioner-authored knowledge portal covering the Customer Identity and Access Management (CIAM) category. It indexes 40+ vendors and produces guides, comparisons, playbooks, and an annual report. Content is written by Deepak Gupta and a small group of contributors. See the Methodology page for how vendors are scored and how the trust contract works.

How analyses are produced

Every vendor and comparison page is the product of independent research. Specifically:

  • We read the vendor's public product documentation, developer references, and pricing pages and snapshot them with dates so claims can be audited later.
  • We review the vendor's public regulatory and compliance posture (SOC 2 reports where available, ISO 27001 certificates, GDPR sub-processor lists, FedRAMP status, HIPAA / PCI / PSD2 statements).
  • We test the developer experience hands-on where a free tier or trial exists, signing up, integrating with a reference app, and recording friction.
  • We cross-reference customer-side reports, conference talks, RFP outcomes shared by buyers, security advisories, and post-mortems.
  • We draw our own conclusions. The editorial verdict on each vendor page is signed and dated, and reflects the opinion of the CIAM Compass editorial team, not the vendor's marketing.

Review cadence

The CIAM category moves fast. We re-review every vendor profile at least once per quarter and update the page whenever we find new information that changes our assessment, a product launch, a breaking change, a pricing shift, a compliance update, a security incident, or a material change in customer-side reports. Pages carry a visible last_verified date, and any page older than its review threshold renders a stale-content banner.

The annual report is a separate, dated snapshot published once per year. It does not override the live vendor pages, which are the authoritative source.

Limitations of our analysis

  • We are reasoning about complex enterprise products from the outside. Even with hands-on testing, there are aspects of every CIAM platform, internal SLAs, enterprise support quality, deep customization behavior, that are only visible to active customers. We try to flag where our confidence is lower.
  • Pricing on this site is a modeled estimate at standard MAU bands using documented assumptions. Real enterprise quotes vary with volume, term, contracted features, and negotiation. The TCO calculator is the right tool for a more specific estimate; a vendor quote is the only authoritative source.
  • Capability matrices reflect the state of a product on the date on the page. Vendors ship continuously, a feature we marked partial last quarter may be fully shipped today. If you spot something stale, write to us.
  • We do not test against your specific architecture, regulatory environment, user base, or risk profile. A vendor that excels for one buyer can be the wrong choice for another. The vendor pages are inputs to your decision, not the decision itself.

Not legal, security, or compliance advice

Content on CIAM Compass is for educational and decision-support purposes. It is not legal advice, not a compliance opinion, and not a security assessment of your environment. References to regulations (GDPR, CCPA, HIPAA, PCI DSS, PSD2, DPDP, FedRAMP, and others) are practitioner summaries written for engineers and buyers. Before acting on regulatory implications, consult qualified counsel and your compliance program. Before deploying a vendor in a regulated environment, run your own due diligence including SOC 2 / ISO review, DPA execution, and a security architecture assessment.

Trademarks and attribution

Vendor names, product names, and logos referenced on this site are trademarks of their respective owners. Their appearance on this site is descriptive use for the purpose of comparison, review, and editorial commentary, and does not imply endorsement or affiliation in either direction. Content on this site is published under CC BY-SA 4.0.

For vendors

If you represent a vendor profiled on CIAM Compass and you believe a page contains a factual error, a capability we have miscoded, a pricing line that has changed, a missing certification, write to our team. Provide a public source we can cite (a docs page, a changelog entry, a press release, a SOC 2 report cover sheet). We will revisit the page on the next review cycle, sooner if the claim is material. We do not accept payment, sponsored placement, or guest posts. We do not run vendor-supplied copy. We will note the correction with a dated changelog entry.

For buyers and contributors

If something on a page doesn't match what you've seen in procurement, in an RFP response, or in production, that is high-signal feedback. Tell us. Specifics are more useful than summaries, dated quotes from a sales engineer, a screenshot from a docs page, a redacted contract clause. We protect your identity. See the Methodology page for how we handle sourced corrections.

Contact

The fastest way to reach the editorial team is via guptadeepak.com or by opening an issue on the public repository linked from the footer. For formal correspondence (vendor relations, legal notices), include the page URL, the specific claim under dispute, and your requested correction with a public source.

Last reviewed 2026-05-15. This page is reviewed each time the editorial policy or vendor-relations workflow changes.