“Gartner IAM is a strange kind of conference, at least compared to the other events I generally attend in a year. It’s an event hosted by one of the world’s largest analyst firms.”

Attending as an individual means either shelling out a LOT of money or being invited as a speaker. The conference is geared towards Gartner subscribers, who receive passes as part of their company’s Gartner subscription.

Gartner IAM is not where you go to learn the latest implementation tricks or debate protocol edge cases. It’s a buyer-seller-enterprise architect event that’s been optimized for evaluations, shortlists, and early-stage decisions. For someone like me, an independent industry consultant, the most useful information was not in the sessions as much as it was in the booth conversations, the side comments, and the quiet conversations before I even arrived at the event.

Walking the floor, talking to vendors, and listening to how buyers describe their constraints offers a view into how identity decisions are actually being made right now, rather than how people (hello, my fellow standards geeks!) working at a different layer in the stack hope they’re made, and not how they’re described in marketing material.

You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.

And be sure to leave me a Rating and Review!

tl;dr: three patterns

This year, three patterns stood out to me. None of them was entirely new, but seeing them in this different format gave me quite a bit to think about.

First, many organizations don’t really need a better product; they need a process they can sustain. Second, standards work is happening, but it’s largely invisible in the conversations where buying decisions take shape. And third, even as Gartner itself warned that the current AI hype is spiraling, the market continues to reward vendors for leaning into it anyway.

Taken together, these observations say less about individual products and more about the pressures shaping the identity market right now. And those pressures, more than any single feature announcement, are what will determine how well today’s IAM decisions hold up over the next few years.

Lesson 1: Customers need process more than they need product

This lesson didn’t come from a session or a slide deck. It came from a quiet, matter-of-fact conversation with a potential buyer whom I met on the ferry as I was heading to the airport.

They had budget. Plenty of it, at least when it came to capital spend. What they didn’t have was much in the way of operations and maintenance budget. I remember this tension from when I worked in research and education, but it’s not something I’ve had to think about in over 15 years.

What stood out wasn’t their indecision about vendors or features. In fact, they were almost indifferent to the product itself. That wasn’t because the tools were bad, or interchangeable, or “good enough.” It was because the product wasn’t the problem they were trying to solve.

Their real challenge was designing a process that actually worked in their environment.

They needed to understand who owned which decisions, how access changes would be handled over time, what could reasonably be automated, and what still required human judgment. They needed workflows that matched their staffing model, risk tolerance, regulatory requirements, and existing operational constraints. Without that, any product they chose would eventually become shelfware or, worse, another brittle system propped up by manual workarounds.

Capital vs O&M

This is where the capital-versus-operations gap becomes painfully visible. Buying software is often easier than committing to the ongoing work of running it well. Capital budgets can be approved as a one-time event. Operational maturity takes sustained investment, clear accountability, and a willingness to change how teams actually work.

Most IAM products assume a certain level of process maturity. They assume you know who owns approvals, how exceptions are handled, how failures are detected, and how changes ripple across systems. When those assumptions don’t hold, the tool can’t compensate, no matter how modern or feature-rich it is.

What this buyer needed wasn’t a better product demo. They needed help designing a process that fit their reality, one they could actually sustain once the implementation team packed up and moved on.

Walking away from that conversation, it was hard not to notice how many booths were still selling features, dashboards, and AI-assisted capabilities, when what many buyers are quietly struggling with is something far more fundamental: turning identity into an operational practice, not just a purchased solution. I’m still thinking about what that means for identity standards and the problems we’re trying to solve, but I think there’s something there for us to take to heart.

Lesson 2: Standards are rarely part of buyer–seller conversations

To be clear up front: standards were present at Gartner IAM, just not where most buyers would encounter them.

There were some genuinely strong signals during the conference itself. Atul Tulshibagwale at SGNL ran a full session focused on authorization standards, grounding the discussion in real-world needs rather than abstract theory. Members of the OpenID Foundation’s AuthZEN working group organized an interoperability event during the conference, doing the hard, unglamorous work of making things actually line up across implementations. That work matters, and it deserves recognition.

But then there was the show floor.

In conversation after conversation, standards barely came up. When they did, it was usually as a vague assurance—“we support standards,” which is a ridiculously vague statement that makes my eyes twitch—rather than a concrete explanation of which standards were used, where, or why that choice mattered. Many people staffing booths couldn’t answer even basic questions about how their products interacted with standards at all.

Some of that is likely structural. Booths are often staffed by marketing teams rather than engineers or architects. Messaging is optimized for clarity and differentiation, not nuance. Still, the absence bothered me. Even if the people on the floor aren’t expected to whiteboard protocol flows, it’s not unreasonable to expect some visible signal that interoperability is a design goal rather than an afterthought.

Interoperability matters, even in marketing

What I kept coming back to was a simple question: where is the interoperability?

Nothing worked full-stack. Products might integrate into something else, or expose an API, or “support” a standard in isolation, but very little of it connected cleanly end-to-end across vendors. Interop existed in pockets and side events, disconnected from the narratives shaping purchasing decisions just a few aisles away.

That gap matters. Buyers don’t necessarily need a deep understanding of authorization models or protocol tradeoffs to make good decisions. But when standards are invisible in sales conversations, you’re actually missing something incredibly powerful about how any given product interacts with the world.

What made this especially frustrating was knowing that the work is happening. Standards groups are active. Interop events are running. Technical alignment is improving. Yet none of that showed up where buyers were forming first impressions and shortlists.

If standards are the foundation that makes long-term flexibility and portability possible, hiding them from the buying conversation doesn’t make them irrelevant; it just makes their absence someone else’s problem later.

Lesson 3: The AI hype cycle irony

Let’s step back to the very start of the conference.

Gartner executives kicked things off by acknowledging that the current AI hype isn’t just excessive, it’s downright insane. What we’re seeing isn’t a single hype cycle, but three converging at once, crashing together like a rogue wave. Their message was explicit: expectations are inflated, capabilities are uneven, and caution is warranted. They were not subtle in their warning.

And then I walked the expo floor.

Almost every booth had something about AI in its materials. “AI-powered.” “AI-driven.” “AI-enhanced.” Sometimes the connection to the actual product was clear. Often, it wasn’t. AI had become less a description of capability and more a signaling mechanism. It’s a way to reassure buyers that a vendor wasn’t falling behind.

So. Much. Irony. The same event that warned about runaway expectations was surrounded by messaging designed to feed them.

Say it like you mean it. Please.

One private conversation made that tension especially clear. A vendor admitted, off the record, that their product doesn’t actually have anything to do with AI in any meaningful way. But their CEO had insisted it appear in the marketing anyway. Not because it was accurate, but because it was expected.

That moment captured something important about the current market dynamic. This isn’t just hype driven by ignorance or bad faith. It’s driven by fear: fear of being perceived as outdated, irrelevant, or uncompetitive in a moment when “AI” has become shorthand for innovation itself.

The risk, of course, is that this kind of signaling erodes trust. Buyers are left to sort out which AI claims reflect real capability, which reflect roadmap aspirations, and which are little more than branding exercises. Meanwhile, genuinely useful applications of AI risk being lost in the noise.

What made this especially unsettling in an IAM context is that identity systems are foundational infrastructure. They don’t benefit from magical thinking. Overpromising here doesn’t just disappoint, it complicates operations, inflates risk, and makes already-hard problems harder to unwind later.

If Gartner’s warning was meant to encourage sobriety, the show floor illustrated just how difficult that is when market incentives reward saying the expected thing rather than the accurate one.

So what do we do with all of this?

None of these observations is about any single vendor doing something wrong. In fact, what struck me most at Gartner IAM was how rational all of this looks when you step back.

Buyers are constrained by budgets that favor capital spend over operational change. Vendors are competing in a crowded market where attention is scarce and signaling matters. Marketing teams are asked to simplify complex systems into messages that can be absorbed in a five-minute booth conversation. And AI, for better or worse, has become the shorthand everyone believes they must use to be taken seriously.

Given those pressures, it’s not surprising that process design gets sidelined, standards fade into the background, and hype fills the gaps.

What’s harder to ignore is where that leaves us.

Identity systems don’t live in slides or demos. They live in operations, span vendors, and generally persist long after the initial buying decision. When process is underdesigned, interoperability is accidental, and capabilities are oversold, the cost doesn’t show up immediately. It shows up later, when teams are stuck maintaining systems they can’t easily change or explain.

Identity is about incentives

That’s why this conference stuck with me more than I expected; I’d never been to a Gartner event and didn’t have high expectations, as I am neither a buyer nor a seller. Seeing these patterns side by side, in a setting optimized for real purchasing decisions, was a reminder that the hardest identity problems aren’t technical in the narrow sense. They’re about incentives, visibility, and the gap between how systems are sold and how they’re actually lived with.

For those of us who spend our time thinking about standards, architectures, and long-term outcomes, that gap is uncomfortable, but it’s also instructive. If the work we’re doing isn’t visible or legible where decisions are made, then we shouldn’t be surprised when it gets deprioritized.

Gartner IAM didn’t change my views so much as sharpen them. The pressure shaping the identity market right now isn’t going away. The question is whether we adapt by making process, interoperability, and honesty easier to see, or whether we keep letting those concerns become someone else’s problem down the line.

And yes, I’m still thinking about that ferry conversation.

A note on perspective

The lens I bring to conferences like Gartner IAM is shaped by the work I do every day.

Through Spherical Cow Consulting, I spend most of my time tracking and interpreting changes in digital identity standards, browser behavior, and policy discussions, and helping organizations understand how those shifts affect real systems and real decisions. That often means looking past product claims to the assumptions underneath them: about process maturity, interoperability, operational ownership, and long-term sustainability. If you’d like product recommendations, you might want to check out Gartner, RedMonk, KuppingerCole, or some other analyst firm.

I work primarily as an advisor and analyst, not an implementer. My role is to help teams make sense of where standards are actually doing work, where incentives are misaligned, and where today’s “reasonable” decisions may create friction later. That vantage point is what informed the observations in this post.

So when I say that buyers need process more than product, that standards are invisible where decisions are made, or that AI hype is distorting conversations, those aren’t abstract critiques. They’re patterns I see repeatedly when technical realities, organizational constraints, and market pressure collide.

If this post raised questions for you—or felt uncomfortably familiar—that’s probably not a coincidence. Feel free to reach out if you’d like to continue the discussion directly!

📩 If you’d rather track the blog than the podcast, I have an option for you! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here] 

Transcript

Setting the Stage at Gartner IAM

---

00:00:30
Gartner IAM is a strange conference—at least compared to most industry events I attend. It’s run by one of the largest analyst firms in the world, and attending usually means either paying a significant fee or being invited as a speaker.

00:01:05
Most attendees are Gartner subscribers using passes tied to their company subscriptions. That reality shapes everything about the event.

This is not a conference for debating protocol edge cases or swapping implementation tricks.

Instead, Gartner IAM is optimized for:

• Buyer–seller conversations
• Enterprise architecture evaluations
• Shortlists and early purchasing decisions

00:01:45
As an independent consultant, the most useful insights weren’t in the sessions. They came from conversations on the show floor, side comments at booths, and even discussions before the conference began.

---

Lesson One: Customers Need Process More Than Product

---

00:02:35
The first lesson stood out clearly: customers need process more than they need a product.

This insight didn’t come from a keynote or slide deck. It came from a quiet conversation with a buyer I met on a ferry on the way to the airport.

00:02:55
This person had capital budget—plenty of it. What they lacked was operational and maintenance funding.

That tension may sound familiar.

00:03:20
What stood out wasn’t indecision about vendors or features. In fact, they were almost indifferent to the product itself.

Why?

Because the product wasn’t the problem they were trying to solve.

00:03:45
Their real challenge was designing a process that actually worked in their environment, including:

• Who owns which decisions
• How access changes over time
• What can realistically be automated
• Where human judgment is still required

00:04:20
They needed workflows aligned with staffing models, risk tolerance, regulatory requirements, and operational constraints.

Without that foundation, any product would eventually become:

• Shelfware
• Technical debt
• A brittle system held together by manual workarounds

00:05:10
This is where the capital versus operations gap becomes painfully visible. Buying software is often easier than committing to the ongoing work of running it well.

00:05:45
Most IAM products assume a level of process maturity that simply doesn’t exist in many organizations.

When those assumptions fail, even the most modern tools can’t compensate.

---

Lesson Two: Where Standards Disappear

---

00:06:30
As a standards person, the second lesson was hard to ignore: standards rarely show up in buyer–seller conversations.

To be clear, standards were present at Gartner IAM—just not where most buyers encountered them.

00:06:55
There were encouraging signals:

• SGNL ran a session grounded in real-world authorization standards
• The OpenID Foundation’s AuthZEN Working Group hosted an interoperability event
• Real technical alignment work was happening

That work matters. It deserves recognition.

00:07:20
But on the show floor, standards barely came up.

When they did, it was usually reduced to a vague statement:
“Yes, we support standards.”

00:07:50
Rarely was there clarity about:

• Which standards were supported
• Where they were implemented
• Why those choices mattered

Many booth staff couldn’t answer basic interoperability questions.

00:08:30
Even acknowledging conference dynamics—marketing over engineering—the absence was still striking.

Interoperability existed in pockets and side conversations, disconnected from the narratives shaping purchasing decisions.

00:08:55
That gap matters.

Standards don’t need to dominate sales conversations, but when they’re invisible, buyers lose insight into how products interact with the broader ecosystem.

---

Lesson Three: The AI Rogue Wave

---

00:09:20
The third lesson involved an impressive amount of AI irony.

Gartner executives opened the conference by acknowledging that AI hype isn’t just excessive—it’s downright insane.

00:09:40
They described not one, but three hype cycles converging into a single rogue wave:

• Inflated expectations
• Uneven capabilities
• A strong need for caution

They were not subtle.

00:10:00
Then I walked onto the show floor.

Nearly every booth featured AI messaging:
AI-powered. AI-driven. AI-enhanced.

00:10:20
In some cases, the connection to real capability was clear. More often, it wasn’t.

AI had become less a feature and more a signal—reassurance that a vendor wasn’t falling behind.

00:10:50
One off-the-record conversation captured the moment perfectly.

A vendor admitted their product didn’t meaningfully use AI, but leadership insisted it appear in marketing materials because it was expected.

00:11:15
This isn’t hype driven solely by bad faith. It’s driven by fear:

• Fear of being seen as outdated
• Fear of appearing irrelevant
• Fear of missing the innovation narrative

00:11:40
Over time, this erodes trust.

Buyers are left sorting out which AI claims reflect real capability and which are branding exercises.

In IAM, that’s especially risky.

Identity systems are foundational infrastructure. Overpromising doesn’t just disappoint—it complicates operations and inflates long-term risk.

---

Where This Leaves Us

---

00:11:55
None of these observations point to any single vendor doing something wrong.

In fact, what stood out was how rational all of this looks when you step back.

• Buyers face budget structures favoring capital over operations
• Vendors compete in crowded markets with limited attention
• Marketing simplifies complex systems into five-minute conversations

00:12:25
Given those incentives, it’s not surprising that:

• Process gets sidelined
• Standards fade into the background
• Hype fills the gaps

What’s harder to ignore is the long-term cost.

Identity systems don’t live in demos. They live in operations. They span vendors and persist long after purchasing decisions are made.

---

Final Reflections

---

00:12:55
Gartner IAM didn’t change my views so much as sharpen them.

Seeing these patterns side by side was a reminder that the hardest identity problems aren’t narrowly technical.

They’re about:

• Incentives
• Visibility
• The gap between how systems are sold and how they’re lived with

00:13:15
That first ferry conversation is going to stick with me for a long time.

Before I wrap up, it’s worth noting where this perspective comes from.

My work sits at the intersection of standards development, policy conversations, and real-world procurement decisions.

00:13:35
That vantage point shapes everything I’ve shared here.

This isn’t critique from the sidelines—it’s grounded in helping organizations understand the trade-offs they’re making, whether they realize it or not.

---

Closing

---

00:13:35
Thanks for listening to this week’s episode of the Digital Identity Digest.

If this helped make things a little clearer—or at least more interesting—share it with a colleague and connect with me on LinkedIn.

Stay curious, stay engaged, and let’s keep these conversations going.