News, news analysis, and commentary on the latest trends in cybersecurity technology.

Thoma Bravo Makes 'Practical' Decision to Merge ForgeRock Into Ping Identity

The private equity from has invested billions of dollars in identity and access management (IAM), but now it's on Ping founder and CEO Andre Durand and his team to rationalize overlapping product lines.

3 Min Read
Person in a dark business suit holding a briefcase and looking up at two skyscrapers.
Source: bee32 via iStock

In a move that surprised many industry watchers, Thoma Bravo has revealed plans to combine two identity and access management (IAM) providers – ForgeRock and Ping Identity – to create a company better positioned to compete with larger companies, such as Microsoft and Okta.

While Thoma Bravo has acquired a broad portfolio of cybersecurity companies in recent years, including Barracuda, Entrust, McAfee, Proofpoint, SonicWall, and Sophos, the investment firm is not known for combining the companies it buys. In this case, combining ForgeRock and Ping Identity is practical because the two companies offer similar products, analysts say.

"It would make sense for there to be some rationalization given that there is a strong overlap between the two vendors’ portfolios," says Forrester analyst Merritt Maxim.

"There is tremendous overlap between ForgeRock and Ping," said Gary Rowe, CEO of TechVision Research, a consulting firm specializing in enterprise IAM and identity governance architectures, in a report published earlier this year.

The announcement settles a mystery that has worried both ForgeRock and Ping Identity customers for nearly a year about the future of these two product lines. Thoma Bravo agreed to acquire ForgeRock for $2.3 billion in October 2022, just months after completing its acquisition of Ping Identity for $2.8 billion. Also in 2022, Thoma Bravo acquired identity and governance administration (IGA) provider SailPoint for $6.9 billion. The fact that the ForgeRock deal triggered a US Department of Justice inquiry kept customers of both IAM providers in the dark because Thoma Bravo was not permitted to discuss its plans for ForgeRock during that time.

Significant Decisions to Be Made

Ping Identity founder and CEO Andre Durand will lead the newly combined company. ForgeRock CEO Fran Rosch acknowledged on LinkedIn that he would depart.

"I intend to support Andre and the team in any way that I can during a short transition period," Rosch said.

The two companies may have overlapping product offerings, but they also have different strengths.

"ForgeRock’s IAM solutions are highly scalable, and they do a good job integrating IoT devices," TechVision’s Rowe says. "Ping is an IAM gateway of choice with its identity federation capabilities. Andre and his team have done a good job of building a decentralized identity program."

Henrique Teixeira, a senior research director and analyst who covers IAM and fraud detection at Gartner, notes that the two companies are among only a few access management vendors that offer journey time orchestration tools. Teixeira emphasizes that PingOne DaVinci and ForgeRock Trees, respectively, are workflow visualization tools for complex identity and authentication scenarios.

"It’s a very useful feature, especially in CIAM [customer identity and access management], because they can solve very complex customer IAM use cases just by handling those types of integrations and designs instead of having to write code," Teixeira says. "They will need to decide what happens with each product. The success of this merger will depend on many decisions like this."

Protracted Period of Uncertainty

But Forrester’s Maxim says not to expect a definitive answer immediately.

"I would suspect in the coming months we'll have a clearer description from the entities as to the future plans," he says. "A lot of customers have been in limbo for the last year, waiting to see what will happen."

Gartner's Teixeira agrees that it will likely take some time before it's clear what products Ping will keep and which will be deprecated. Meanwhile, Teixeira warns that there could be a protracted period of uncertainty, noting the unexpected challenges Okta experienced after it acquired CIAM provider Auth0 in 2021 for $6.5 billion.

"It took Okta 18 months to get its house in order," Teixeira says. "I think they really underestimated the efforts of this type of merger."

Moreover, Teixeria emphasizes less overlap between Okta's and Auth0's product lines.

"So imagine how ForgeRock and Ping, who really compete against each other, are going to go through this," Teixeira warns. "How long is Thoma Bravo going to give them? How long will they have to make the deal work moving forward, not only in a productive but also a profitable way? That's the challenge." 

About the Author(s)

Jeffrey Schwartz, Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights