CIAM Market Size

Heya,

I recently got a question over LinkedIn DM about what the total addressable market for customer identity and access management (CIAM) was. I’m not a financial analyst. For this kind of work, I tend to defer to folks like:

• Cole Grolmus who does a great job of analyzing the cybersecurity markets

• Jamin Ball who looks at SaaS companies from a variety of viewpoints

But as I work in the space, I have vested interest in knowing the rough size, so I thought I’d look around.

How Big Is The CIAM Market?

If you search for CIAM TAM, rather than IAM TAM, you get different numbers. As a reminder, CIAM is focused on customers, while IAM is focused on employees. More on that difference here.

I found a few TAM estimates here:

• $12.5B in 2024, growing to $21B in 2030.

• $9.3B in 2024, growing to $43.6B in 2034.

• $18B in 2024, growing to $38.9B in 2028.

In 2021, when Okta purchased Auth0, they offered an estimate of $25B for the CIAM market, though their reasoning was a bit murky:

$25B Customer Identity TAM based on 4.4 billion combined Facebook users and service employees worldwide multiplied by internal application usage and pricing assumptions.

In 2025, they use the same methodology, but have increased the TAM to $30B. In both cases, I think Okta might be a wee bit optimistic about the market size. I’d love to learn more about their pricing assumptions, though.

How Does It Compare?

Those are some big numbers, but how do they compare with other possible markets?

• Data storage is $186.8B in 2023.

• CRM software is $74.9B in 2024.

• IAM software is 22.9B in 2024.

I haven’t tried to calculate the market size using other approaches, but this feels right. CIAM is comparable to IAM, but is not going to be as big as some other sectors.

Who Gets The Revenue?

But if you have approximately $10B yearly in revenue, how many companies can that support?

That’s about 200 $50M ARR companies. But of course it won’t be evenly distributed: Auth0 had approximately $200M in revenue in 2021, and if it increased in line with Okta’s revenue growth from mid 2021 to the end of 2024, that number would now be $550M.

The hyperscaler clouds, which provide Azure AD, Amazon Cognito and Google Identity Platform, don’t break out revenue of their CIAM products, but they take a slice of that $10B CIAM market.

There’s also a number of existing large companies including private ones like Ping, or subsidiaries like OneLogin which was acquired in 2021. Ping had approximately $300M of revenue in 2021, though it is hard to know how much of that was CIAM vs IAM. These larger companies often started in IAM and expanded to CIAM after Auth0 proved out the market.

There are a number of startups and smaller companies aiming at this market as well.

Why?

I already mentioned why I think CIAM is a good business, but to repeat, it is:

• Sticky

• Critical to revenue

• Undifferentiated

• Needed by almost all companies developing software

Do the TAM estimates and existing competition discussed above also indicate CIAM is a good sector to build in? I think so.

Thanks,

Dan