top of page
Stronger Identity,
Happier Customers.

Ready to modernize your identity infrastructure?

Let's secure your growth together.

Identity Providers are Becoming Commodities — It's Time to Shift Focus

  • Writer: Paul McKeown
    Paul McKeown
  • Jun 17
  • 7 min read

Updated: 6 hours ago

ree

Identity Providers (IDPs) are becoming commoditized — and that’s a good thing. The core functions of identity management have largely converged on common standards and features. Major cloud identity platforms (from Microsoft’s Azure AD to Okta and Auth0) all implement the same protocols (OAuth2, OIDC, SAML, SCIM, etc.), with very little differentiation among them. In other words, basic identity management is now a interchangeable commodity in many respects. This standardization frees organizations from re-inventing the wheel (or the login flow) and lets them focus on what truly adds value.


Standardization Over Customization

The foundational flows of digital identity — registration, authentication, consent, recovery — are mature, robust, and proven. Thanks to widespread adoption of best practices and standards, users expect these flows to just work smoothly. Rather than customizing every element of identity flows, enterprises should embrace out-of-the-box best-practice defaults with only minor tweaks for branding or policy. There’s no competitive advantage in how a user signs up or logs in; every IDP can handle that similarly.

The real competitive edge lies in what surrounds the identity transaction: the overall customer experience and the security intelligence you apply. For example, fraud detection and adaptive authentication are becoming crucial. A staggering 80% of breaches stem from broken identity security systems. That means your ability to detect and prevent fraud in real-time, without adding excessive friction, directly impacts customer trust and safety. In short, don’t pour resources into writing custom login code; invest in the user experience and protective measures that operate around the Identity & Access Management experience.


Commoditization Doesn’t Mean One-Size-Fits-All

Even though IDP capabilities are commoditized, implementation success still depends on choosing the right platform and architecture for your context. Key factors to consider include:

  • Internal Technical Capability: Do you have the in-house team to deploy and manage an identity platform yourself? Organizations with strong IAM teams might run open-source solutions like Keycloak to gain full control and avoid licensing costs. Others lacking that expertise may prefer a fully managed Identity-as-a-Service to offload complexity.

  • Where Identity Orchestration Lives: Will you orchestrate user journeys and integrate services within the IAM platform, or via an external layer? Modern IDPs increasingly offer built-in orchestration (e.g. PingOne DaVinci for no-code workflows), but you might choose an external orchestration tool if you have multiple IDPs or complex legacy processes to unify.

  • Microsoft-Centric Ecosystem: If your organization is deeply invested in Microsoft’s stack, it likely makes sense to leverage Microsoft’s identity platform. Azure AD (now Microsoft Entra ID) is already embedded in many enterprises and manages identities at massive scale (over 610 million monthly active users as of 2023). Tapping into Entra can simplify integration with Office 365, Dynamics, and other Microsoft services you use.

  • SaaS Readiness and Compliance: Are you able to adopt cloud-native identity services, or constrained by regulations like HIPAA, GDPR, or local data residency laws? Many enterprises are already cloud-first (over 90% use cloud services today), yet in highly regulated sectors, a SaaS IDP might not be viable for certain identity data. Your choice may come down to a SaaS IDP vs. a private-cloud or on-prem deployment of the IDP to satisfy data locality and compliance requirements.

  • Legacy Integration Needs: Do you need to support a mix of modern digital services and older legacy systems? If so, simplifying and consolidating your identity estate is often the logical path. Consolidation onto a modern platform improves security and reduces cost of maintenance by eliminating brittle custom connectors. The IDP you choose should be capable of bridging legacy directories or apps (via LDAP, agents, etc.) while providing modern standards. For many enterprises, reducing multiple IAM silos down to one or two platforms is a major win for security and manageability.

  • Platform Consolidation Strategy: Is identity consolidation aligned with your wider goals to reduce complexity and cost? Consolidation improves governance, security, and maintainability.

In short, commoditization of IDPs doesn’t imply a single uniform solution for everyone. It means you have a stable of mature options (commercial and open-source) that all cover the basics. The art is in selecting the ideal fit for your organization’s strategy and then consolidating around it. (Notably, the industry itself has been consolidating: over 60% of security leaders saw the identity market consolidating in 2022, evidenced by mergers like Ping + ForgeRock and others). Simplifying to one primary ID platform (or a well-integrated handful) can improve your security posture and reduce costs.


Why Ping Identity Works for Us

At Midships, we often recommend Ping Identity as our go-to ID platform — not because it’s the only viable choice, but because of its flexibility and balanced capabilities. Ping Identity’s platform can be deployed on-premises (in your private cloud/data center) or consumed as a SaaS service, which suits organizations that want tight control over data and environment while still getting modern IAM features. Few other leading IDPs offer this hybrid deployment flexibility; for example, Ping supports on-prem, cloud, and hybrid models, whereas some competitors are cloud-only. Ping also allows a high degree of customization and extension to meet complex enterprise requirements — useful for bridging legacy and new architectures without compromising on either.

Just as importantly, Ping’s product suite is well-suited to modernize legacy IAM environments. It provides out-of-the-box integration modules and migration tools to connect older directories or applications into a modern Zero Trust-ready identity fabric. This is ideal for large enterprises (such as banks) that might have decades-old systems alongside new digital services.

The new PingOne services elevate commoditised identity journeys by enabling organisations to seamlessly integrate behavioural risk analysis to reduce friction and fraud, and to verify customer identity both at onboarding and continuously throughout the user lifecycle.

Additionally, Ping’s track record in the financial sector and other enterprises needing both security and customization is strong, which is why it often hits the sweet spot for our clients.


Accelerators and AI Agents: The Midships Edge

Selecting an IDP is only part of the journey. Implementing it quickly and effectively is where organizations often struggle. To speed up and de-risk IAM projects, Midships has developed a set of accelerators and AI-driven tools:

  • Deployable Accelerators: We provide ready-to-use configurations, reference architectures, and CI/CD deployment pipelines for the chosen IDP (Ping or others). These “blueprints” reflect best practices and save months of trial-and-error, getting you to a working solution faster.

  • Standard User Journeys: Over dozens of projects, we’ve built reusable, well-tested identity flows (for login, registration, password reset, etc.). Instead of custom-building every user journey from scratch, we implement these standard flows and only adjust them if absolutely necessary. This ensures reliability and user familiarity. (Yes, you can customize if needed, but we advise resisting unless a journey truly provides unique business value.)

  • Ongoing Support Options: Depending on your needs, we offer managed IAM services (we run the platform for you) or comprehensive training for your internal teams to become self-sufficient. The goal is to ensure you realize value from your identity platform long after the initial go-live.

  • Agentic AI Teams: Looking ahead, we’re investing in Agentic AI capabilities – essentially intelligent agents that can automate routine development and operational tasks in the IAM domain. For example, imagine AI assistants that can monitor your identity infrastructure, auto-tune authentication policies, or even generate identity workflows based on high-level objectives. By delegating repetitive work to AI agents (under human oversight), organizations can lower the cost of IAM maintenance and improve reliability. We’re excited about this emerging frontier and are building solutions to leverage it safely.


Identity Is the Start, Not the End

Regardless of which IDP you choose — be it Ping, Microsoft Entra, Keycloak, or any other — remember that identity is just the foundation. A login box alone won’t win customer loyalty or stop fraudsters. The real gains come from how you integrate, extend, and orchestrate identity capabilities to create great experiences and protect users.

For instance, once the core ID platform is in place, we help clients layer on advanced tools like risk-based authentication and identity verification. Ping’s ecosystem offers PingOne Protect (for adaptive risk scoring and fraud mitigation) and PingOne Verify (for document and biometric verification of user identity). Using these, you can evaluate user sessions before, during, and after login to dynamically adjust the experience based on risk level. Legitimate users sail through with minimal friction, while risky logins trigger extra steps (one-time passcodes, CAPTCHA, identity proofing, etc.) to thwart account takeover attempts. Similarly, Verifiable Credentials (digital identities that users securely hold and present) are becoming a powerful tool to enhance trust in customer interactions.

Orchestration is the glue that binds these together. We frequently implement PingOne DaVinci as an orchestration layer to coordinate identity workflows across heterogeneous systems. DaVinci (a no-code orchestration engine) allows us to integrate signals from any source — Ping’s own tools, third-party APIs, your legacy apps — into a unified decision flow. The beauty is that this works no matter which underlying IDP is in place. Even if a client uses Microsoft Entra ID or an open-source Keycloak instance as the primary user directory, we can still overlay PingOne DaVinci to orchestrate processes and embed advanced capabilities like PingOne Protect or Verify into the user journey. In sum, a solid IDP gives you the “dial tone” for identity, but it’s how you compose and augment that dial tone is where differentiation is achieved.

Bottom Line: Identity providers have (thankfully) become like utilities – reliable, standardized, and not worth endless customization. The strategic focus for enterprise technology leaders should now be on simplifying their identity landscape and leveraging identity as an enabler for greater goals: seamless customer experience, stronger security, and digital innovation. Midships has seen this play out across multiple digital banking transformations: those who treat identity as a solved commodity and devote their energy to using identity data smartly (for personalization, fraud prevention, cross-channel ease) end up miles ahead.

If your organization is looking to simplify identity, improve security, and drive digital experience innovation, Midships is ready to help. We’ll ensure you have the right foundation in Ping (or the platform of your choice), and we’ll bring the accelerators, orchestration, and intelligent automation to unlock its full value.


Writer’s Overview

Paul McKeown – Chief Technology Officer, Midships

Paul is a seasoned engineering leader with 19 years in IAM, DevOps, and continuous delivery, with a specialty in ForgeRock and secure banking platforms. He’s delivered CIAM on Kubernetes for major banks in New Zealand and Australia.

Short bio: Paul blends engineering rigor with coaching excellence, driving Midships' technical strategy and delivery risk reduction practices across markets.

Comments

bottom of page