
7 Identity And Access Management Experts Share Their Predictions For 2025
What IAM trends can we expect to see in 2025?

With cybercriminals increasingly targeting user credentials with social engineering, robust Identity and Access Management (IAM) strategies are crucial for protecting digital assets.
As we look forward in 2025, what innovations and trends in IAM will redefine security practices and bolster defenses against these threats?
We asked 7 experts for their perspective and predictions:
Alex Simons, Corporate Vice President, Identity & Network Access Program Management at Microsoft: We expect two major trends in 2025. The first being the mainstream adoption of phishing-resistant authentication based on open standards-based passkeys, a shift that will dramatically improve the security of billions of user accounts. The second will be the continued use of AI by both attackers to craft increasingly sophisticated attacks, for example phishing emails that are nearly impossible for users to differentiate from normal email and by defenders who will use AI to be able to quickly differentiate between real attacks and false alarms, to automate and shorten their response times and to quickly design, test, and deploy updated security policies designed to protect against the latest threats. Read the full Q&A
Arnab Bose, Chief Product Officer at Okta: In the year ahead, we expect to see the adoption of multi-factor authentication (MFA) continue to surge. A passwordless future has been a hot topic in the identity space for years, but for a growing number of organizations, it’s becoming a reality. Additionally, next year will bring a further rise in AI-powered identity-based attacks, such as social engineering and deepfakes, across industries. Bad actors are exploiting weak identity verification processes—like temporary passwords or help desk admins who can be socially engineered—that allow them to impersonate legitimate users. Fortunately, AI isn’t just for the bad guys. As AI technologies grow more sophisticated, security teams will also have new tools at their disposal to leverage AI for improved threat detection, response, and remediation. Read the full Q&A
Wes Gyure, Executive Director of Security Product Management at IBM: In 2025, how enterprises think about identity will continue to transform in the wake of hybrid cloud and app modernization initiatives. Recognizing that identity has become the new security perimeter, enterprises will continue their shift to an Identity-First strategy, managing and securing access to applications and critical data including generative AI models. Read the full Q&A
François Amigorena, Founder and CEO, IS Decisions: In 2025, we expect to see Increased adoption of zero-trust architectures: Organizations continue to move towards zero-trust security frameworks, emphasizing continuous verification of user identities at and beyond the logon. Integration of AI and machine learning: AI-driven analytics will enhance threat detection and response, providing more proactive security capabilities. Expansion of passwordless authentication: The shift towards passwordless methods, such as biometrics and hardware tokens, will reduce reliance on traditional passwords. Enhanced focus on identity governance: There will be a greater emphasis on managing and auditing user identities and access rights. It’s not sexy, but it can make a big difference to prevent unauthorized access. Read the full Q&A
Jay Reddy, Senior Technology Evangelist, ManageEngine: By 2025, identity management will advance into cognitive identity intelligence. We’ll see identity management evolve into a system of systems, forming an intelligent mesh that creates identity consciousness across the enterprise. This fabric will not only manage access but predict needs, anticipate risks, and adapt autonomously. Ambient authentication will become a norm, with validation processes running invisibly and continuously.
Identity data engineering will become increasingly sophisticated, shifting toward identity intelligence fusion, where AI systems understand the web of relationships between identities, behaviors, and outcomes. This capability will drive predictive security, neutralizing threats before they materialize. The convergence of blockchain, quantum cryptography, and biometrics will enable sovereign identity ecosystems, where individuals control their digital identities while organizations achieve high levels of security and compliance. Read the full Q&A
Duncan Godfrey, Chief Information Security Officer, Rippling: Organizations are increasingly adopting passwordless authentication methods, such as biometric or token-based systems, to enhance both security and usability. We will likely see an increase in consolidating user identity across SaaS cloud platforms and an increased adoption of zero-trust as opposed to a perimeter-based security model.
Hyper-automation in IAM will expand to include the management of machine identities, IoT devices, and role lifecycle processes, further streamlining operations and improving security. Read the full Q&A
Brook Lovatt, Chief Product Officer, SecureAuth: I believe that as we enter 2025, all successful new methods will leverage available open standards such as FIDO2 to ensure that they are easily integrated into existing access management systems.
Among the successful solutions, I expect to see a unification of workforce authentication for physical building access, as well as access to online systems which will drive MFA for physical access alongside a reduction in the overall devices, credentials, and mechanisms that employees need to deal with.
I also expect to see increased movement to a decentralized identity systems and open wallet implementations that will be powered by government agencies adopting open identity and authorization standards – consequently creating increased need for users to leverage MFA to gain access to their wallets as well as to authorize the distribution of personal data (including zero-knowledge proofs of that personal data) from those wallets to vendors, employers, etc. Read the full Q&A
Further reading: