SSO handles authentication: 'who are you, prove it, log them in.' IGA handles governance: 'what do they have access to, when did it change, why, and who approved.' Different problems. SSO is mature; IGA is where most companies have gaps.

Okta and Entra include lifecycle features that handle the ~20% of apps with SCIM. For the other 80% (Notion, Figma, Slack, Linear, anything on a standard plan, anything on-prem) you need a dedicated IGA layer on top. That's the gap Iden, Lumos, ConductorOne, and SailPoint compete to fill.

Most teams hit the wall between 50 and 200 employees. The signal: IT spending 10+ hours a week on access tickets, offboarding involves a checklist, access reviews are a quarterly spreadsheet exercise. If those describe you, you're past the SSO-only stage.

Apps like Notion, Slack, Figma, Linear, and Asana charge 5-10x more for enterprise plans that include SCIM support. For a 200-person company with 10 such apps, upgrading every plan just to unlock SCIM is prohibitive. Iden eliminates this by provisioning at any plan tier.

Okta and Entra are SSO with basic lifecycle features for SCIM apps. SailPoint and Saviynt are legacy enterprise IGA: $300K+ and 12-18 months to deploy. Lumos and C1 are modern IGA but still SCIM-dependent for most provisioning. Iden is modern IGA that covers SCIM, non-SCIM, on-prem, and custom systems at $7.50/user/mo, live in under an hour.

You can run multiple. Most teams already do: Okta for SSO, plus manual processes for non-SCIM apps. The real question is what's automated and what isn't. Iden runs alongside whatever you have - we're not replacing your SSO, we're closing the governance gaps it leaves.

Two-week free trial, no commitment. We typically connect 10-15 of your apps in the first hour and let you see real provisioning, offboarding, and access review flows on your own data.