Table of Contents
On 11 November 2025, Gartner published its annual Magic Quadrant for Access Management. We’re proud to share that Descope received an Honorable Mention in this report, a mere two years after launching from stealth.
In our view, being mentioned alongside products that have been in the market for decades highlights that our approach to CIAM has been validated by industry analysts. This is further testament to the fact that Descope is an enterprise-grade solution that can meet organizational requirements around scale, compliance, and flexibility.
This blog will share our reflections on recommendations made in the report and how they align with learnings from hundreds of Descope customers. Gartner clients can access the full research note through this link.
CIAM driving access management growth
Gartner says:
“This year, CIAM is the primary contributor to the growth of the AM market. Gartner is seeing a significant increase in demand from client organizations moving from existing home grown CIAM platforms to a commercial/modern solution.”
In our opinion, this aligns with several customer conversations and deployments we have observed over the past year as well. Changing user needs, digital-first spaces, and overburdened developers mean that organizations with in-house CIAM deployments face an uphill battle to keep maintaining these systems. Ultimately, organizations need to commit to being “identity companies” in addition to the space they operate in if they are to continue down the “build” path when it comes to CIAM.
Several organizations like GoFundMe, BBSI, OpenWeb, and HiBob have chosen Descope to replace their homegrown CIAM systems–improving user experience, enhancing account security, and saving developer time in the process.
Let’s take a step back, though. Once organizations do decide to go down the “buy” path, there are broadly three options available:
A dedicated CIAM solution
A workforce-oriented solution that has CIAM product lines
An open-source solution
While all three are viable options on the surface, organizations adopting workforce-oriented solutions or open-source platforms end up with their own struggles.
Square pegs, round holes
Earlier this year, Descope commissioned a survey of 416 individuals with technical and / or budgetary responsibility for CIAM and the findings revealed “user’s remorse” among those that used workforce-oriented and open-source IAM solutions for their CIAM initiatives.
While 51% of respondents used workforce-oriented solutions for CIAM, only 8% said they would go down the same path if given the opportunity to start over from scratch.
This gap between current and desired states point to users feeling trapped by decisions made years ago. With user needs constantly changing, workforce-oriented IAM solutions lack the flexibility, self-service administration, and focus on user experience to help organizations stay agile in 2025 and beyond.
The story with open-source CIAM is different but equally telling, with organizations eventually finding themselves running on a hamster wheel of maintenance and custom work to implement their desired user journeys. Consider the following two statistics:
When asked if organizations lost revenue after implementing stricter access control, 50% of open-source CIAM buyers agreed, almost double the average across respondents.
When asked if organizations had suffered security incidents after implementing low-friction access control, 51% of open-source CIAM buyers agreed compared to 39% on average across respondents.
Achieving a balance between security and customer experience is tricky at the best of times–and using open-source solutions evidently feels like doing this on hard mode.
Also Read: Why BalkanID Moved From Ory Kratos to Descope
How Descope aligns with access management trends
Gartner changes the focus of its Magic Quadrant for Access Management based on prevailing market conditions every year. Here are the major trends listed in the report mapped to how we feel Descope aligns with these trends:
Access management trend | How Descope aligns |
|---|---|
Passwordless authentication | - Broad support for passwordless methods (magic links, OTP, passkeys, social login, authenticator apps, Whatsapp) - Support for using any method as the first or second factor |
Adaptive and risk-based access controls | - Adaptive MFA based on workflow-based journey logic - Native risk factors: impossible traveler, trusted device, etc. - Third-party risk connectors: Forter, Fingerprint, reCAPTCHA etc. - Augment existing user stores with adaptive MFA |
Seamless omnichannel experience | - Native mobile flows to deliver frictionlessUX across web and mobile - Platform integrations and plugins with WordPress, Framer, Shopify, WooCommerce, Salesforce CC, and any OIDC-compatible service - Identity Federation Broker to unify auth across apps and IdPs |
Identity orchestration and automation | - Journey-Time Orchestration engine (Descope Flows) - Harmonize actions across frontend and backend - Choose from 100+ templates with best practice flows - Work in lockstep with your SDLC using CI / CD integrations - Weave in data from 50+ third-party connectors |
API-first and developer-centric approaches | - SDK support for all popular web, mobile, backend frameworks - Comprehensive REST API - Modify user journeys without touching your codebase - Visually A/B test user journeys for phased enhancements - Flexibility to support just-in-time and bulk migration - Variety of tools to enable zero-downtime migration of sessions, SSO connections, passwords, and API keys |
Machine IAM | - Secure M2M authentication via OAuth tokens or API keys - Secure MCP servers with OAuth, DCR, and scope-based access control - Enable AI agents to call APIs on users’ behalf while offloading token mgmt. and storage - Restrict AI agent access to corporate tools based on user roles and JWT claims |
FIDO2 | - Native FIDO2 / passkey support including device-bound and cross-device passkeys with autofill - Add passkeys as primary or secondary factor - Promote passkeys as optional MFA during the user journey or within in-app user profiles - Add backup auth methods when user devices are not WebAuthn-compatible |
Conclusion
The Gartner Magic Quadrant for Access Management is a comprehensive resource to guide requirement-gathering and decision-making around access management initiatives. As migrations from homegrown CIAM deployments gather pace, we anticipate more organizations engaging in “from scratch” thinking and choosing an approach that delivers quick time to value while also enabling their developers to easily make modifications and enhancements with time.
User needs and market forces will change every day in 2026, and Descope will ensure our customers’ auth stacks are ready to respond to those changes. If you’re interested in trying out Descope, sign up for a free account. Have an active IAM project for your customers, partners, or agentic AI / MCP systems? Book a demo with our auth experts to learn more.
Gartner, Magic Quadrant for Access Management, By Brian Guthrie, Nathan Harris, Yemi Davies, Steve Wessels, 11 November 2025.
GARTNER and MAGIC QUADRANT are trademarks of Gartner, Inc. and its affiliates.
Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.
