EN|DeutschField NotesContactLoginBook a demo

Iden vs Lumos

A detailed guide to Iden vs Lumos: coverage, control, cost, and when each solution fits your stack.

10 min read · Last updated April 2026

Lumos started as a SaaS management platform and added IGA on top. That history shapes what it’s strong at: self-service access requests, license optimization, and coverage for your top-50 SaaS apps. Where it runs into trouble is the long tail - niche apps, internal tools, on-prem systems, and anything that requires a connector your team has to build and maintain.

That’s the gap Iden fills. This guide covers what each does well, where each falls short, and how to pick.

On this page

When to choose Lumos

Lumos is a serious platform. If your situation fits the profile below, it deserves a real look.

  • Your stack is primarily modern SaaS - Okta or Google Workspace as IdP, popular apps like Salesforce, Slack, GitHub. Lumos covers these well.

  • AppStore UX is a genuine priority. Users requesting access via Slack or web is consistently the most praised thing about Lumos.

  • SaaS spend management matters as much as governance. Lumos unifies license optimization, shadow IT discovery and IGA in one.

  • Your access review stays under 1,000 users per campaign. Lumos's Albus AI agent meaningfully reduces reviewer burden.

  • You have internal dev capacity to build and maintain custom connectors using Lumos's SDK when you hit the wall.

When to choose Iden

Lumos is built for cloud-native SaaS stack. Once you step outside that - on-prem or custom apps, NHI at scale, contractors - the gaps compound.

  • Your stack has apps that lock SCIM behind enterprise tiers. Lumos relies on SCIM and force upgrades as any enterprise IGA. Iden doesn't.

  • Your stack has on-prem, legacy apps or internal tools. Lumos's on-prem coverage is explicitly limited - Iden governs them natively.

  • You need custom connectors but don't have dev resources to build them with Lumos SDK. Iden builds and ships connectors in under 48 hrs.

  • You need to govern non-human identities - service accounts, API keys, OAuth grants, AI agents - now, not later this year. NHI is on their roadmap.

  • Access review campaigns run across more than 1,000 users. Lumos has reported timeout issues at this scale. Iden has no ceiling.

  • You need transparent pricing without buying full suite upfront. Lumos requires all modules live for a stable UX. Iden starts at $7.50/user/mo, flat.

  • You run multiple IdPs or a non-standard IdP setup. Iden works with any combination - no migration required.

  • Contractor and partner lifecycle needs to be governed the same way FTEs are. Iden has native non-FTE lifecycle management.

Already using Lumos AppStore? Iden can run alongside or replace it. Most teams run parallel for 30-60 days and cut over when ready. Your existing IdP setup stays untouched.

Shared capabilities

Before the differences, here’s what’s equivalent. Both handle the core of identity governance.

CapabilityLumosIden

JML workflows

New hire, role change, last day - triggered from HR events.

Access certifications

Multi-stage reviews, escalation and reports. Scale differs; read below.

SCIM provisioning

Both support SCIM where apps expose it. Read about the gap below.

Access requests

Self-service access requests via Slack, web, or ITSM.

Audit logs and compliance reporting

Tamper-evident logs. SOC 2, ISO 27001, standard compliance.

Slack and email notifications

Approvals, reminders and access requests - Slack and email.

Where they differ

The shared ground ends there. Coverage, control, and cost are the three areas where Lumos’s limits start to show.

1. Iden covers your entire stack. SCIM or not.

Lumos claims 300+ integrations. The catalog is solid for popular SaaS - Salesforce, AWS, Slack, GitHub, Zendesk, Google Workspace. Lumos doesn’t specify which of those integrations are SCIM-based vs API-based. For most SaaS apps, there is no provisioning API to speak of. Only developer-workflow tools tend to expose one. So it’s safe to assume that these are mostly SCIM-based that need forced tier upgrades.

Coverage drops fast once you move off the top-50 list. Gartner Peer Insights reviewers are direct about it - read more below.

For apps outside the catalog, Lumos provides a Connector SDK - but your team builds and maintains those connectors.

Iden offers 180+ connectors: SCIM, API or custom when neither is available - all by Iden, not your team. Anything outside the catalog, we build a connector in 48 hours.

LumosIden
Non-SCIM appsIntegration depth varies180+ connectors native
On-prem and legacy systemsVery limited (Gartner-confirmed)All, incl. mainframes
Custom connectorsCustomer builds via SDKShips in <48 hr
NHI governanceDiscovery only (policy: 2026)Native today
Multi-IdP supportOverlays on existing IdPAny IdP, no migration
SCIM tax~70% of your stackNo
Shadow IT discoveryYesYes
Time to first 15 appsHours to days (top SaaS)<1 hr
Engineering dependencyModerate - high for custom appsNone

Coverage gets you connected. Control is where the real governance work happens - and where Lumos’s limits start to compound.

2. Controls that go deeper than Lumos’s.

Lumos governs at the entitlement and role level for connected apps - which is better than Okta IGA’s group-only ceiling. But the depth of what it can govern depends entirely on what each connector exposes. For apps built on the SDK by your team, that’s a moving target.

Access review campaigns above 1,000 users have reported timeouts. Large enterprise campaigns require careful scoping and batching. Lumos’s Albus AI agent meaningfully helps at smaller scales; the scale ceiling is the limitation.

NHI governance is a real gap today. Discovery and ownership mapping are live. Anomaly detection, context-aware policies, and bot-vs-human logic in access reviews are “Coming in 2026.” If you need NHI governance now, that roadmap doesn’t help.

Lumos also requires full suite implementation before the platform experience stabilizes. Practitioners are consistent: you can’t piece-meal it. That means Access Requests, UARs, Lifecycle Management, and Entitlement Audit Management all live before things work as marketed.

Iden has no hard caps. No access review ceiling. NHI governance native today. Contractor and partner lifecycle built in. Engineering dependency: none.

LumosIden
Permission granularityEntitlement/role levelFine-grained
Access review scaleTimeouts above 1,000 usersNo ceiling
NHI lifecycle managementDiscovery only (policy: 2026)Native today
NHI anomaly detectionComing 2026Native today
Contractor lifecycle managementLimited documentationNative
SoD at transaction level (e.g. SAP)Documented gapSupported
All-or-nothing implementationYes - full suite requiredModular
Custom connector ownershipCustomer team (SDK)Iden builds it
Engineering dependencyModerate to highNone

The capability gaps are one thing. Cost is where they show up on your renewal invoice.

3. Transparent pricing. No module bundling.

Lumos doesn’t publish pricing. No tiers, no per-user list price on the website. Demo required for a quote. Third-party estimates from 2023-2025 put the range at $5-10/user/mo depending on company size - but that’s before module stacking.

The module problem is where it gets real. IGA, SaaS Management, and AppStore are separate modules. Practitioners consistently report that you need to buy and implement all of them to get a stable experience. “You can’t really piece meal this platform” is a direct quote from a Gartner Peer Insights reviewer. That changes the budget conversation significantly.

Module bundling: the hidden cost of Lumos

Lumos sells IGA, SaaS Management, and AppStore as separate modules. All three need to be live before the platform experience stabilizes - that’s the consistent practitioner report.

IGA moduleAccess reviews, lifecycle, certifications
SaaS managementLicense optimization, shadow IT discovery
AppStoreSelf-service access request portal

Iden has everything rolled into one. Starts at $7.50/user/mo. All connectors included.

Then there’s the SCIM tax. Lumos doesn’t publicly say which of its 300+ connectors are SCIM-based vs API-based. It matters because most SaaS apps don’t expose a user provisioning API at all - only developer-workflow tools tend to. For the rest, SCIM is the only path. Which means the forced upgrade is real for most of your stack. Iden provisions on standard plans. No forced upgrades.

SCIM Tax: applies to Lumos too

Lumos uses SCIM where apps expose it. That means the same forced upgrades: ~70% of your stack locks SCIM behind enterprise tiers.

SalesforceStarter ($25/u)Enterprise ($175/u)
FigmaProfessional ($16/u)Enterprise ($90/u)5.6×
GitHubTeam ($4/u)Enterprise ($21/u)5.3×
SlackPro ($7.25/u)Business+ ($15/u)2.1×
NotionPlus ($10/u)Enterprise?
LinearBasic ($10/u)Enterprise?
LoomBusiness ($18/u)Enterprise?
MixpanelGrowthEnterprise?

On a 300-person team, the Figma upgrade alone is +$22,200/year. Just for automated provisioning.

Iden works on standard plans. No upgrades required.

Iden starts at $7.50/user/mo. Vol discounts at 500+ users. All connectors included. No custom connector development required. Spend reclaim built in.

For teams that need a custom connector, Iden builds it in 48 hours at no extra charge. With Lumos, that’s an internal dev project - packaging, compiling, deploying, and maintaining the connector on your team’s time.

LumosIden
Published pricingCustom quote only$7.50/user/mo
Module bundling requiredYes - full suite for stable UXNo - modular
All connectors includedSDK builds on your teamYes
SCIM tax~70% of your stackNo
Free planNoNo
Volume discountsYes (negotiated)Yes (500+ users)
Implementation timeWeeks to months (full suite)Under 24 hours
SaaS spend optimizationBuilt in (SaaS management module)Built in

What practitioners say about Lumos

The main areas of improvement are the integration challenges for niche and legacy systems. The available out of the box connectors support only the most popular SaaS applications while older/legacy/on-prem systems connectivity is very limited.

Verified reviewer·Gartner Peer Insights

The product can do a lot, and most of the platform needs to be implemented before you have a stable experience and good working product (Access Requests, UAR's, LCM, Entitlement Audit Mgmt, etc). You can't really piece meal this platform.

Verified reviewer·Gartner Peer Insights

Integration challenges including limited and complicated integrations, especially with custom applications, and inconsistent responsiveness from the Lumos Support team.

Verified reviewer·G2

Missing features particularly the lack of security information for various SaaS apps, and limited integrations with popular SaaS apps hinder overall experience.

Verified reviewer·G2

What Iden customers say

We govern Notion, Figma, Linear, and our internal tools. All in one place. Our previous platform couldn't touch half of them.

IT Manager · 300-person devtools startup

We finally have deeper access reviews. Not just 'is this person in the group' but what they can actually do inside the app.

Director of IT · 10,000+ person edtech

We ran the numbers. Between the SCIM tax and wasted licenses, Iden paid for itself in the first quarter.

VP of IT · 700-person SaaS company

First 12 apps connected in under an hour. We were live before our previous vendor's POC was even scoped.

Head of Operations · 70-person AI company

How to choose between Iden and Lumos

Depends on your stack and your team. Lumos fits cloud-native SaaS-heavy orgs that want AppStore UX and SaaS spend consolidation. Iden fits everything with a longer tail.

If you need…ChooseWhy
Governance for a pure SaaS stack (top-50 apps)LumosStrong catalog coverage for popular SaaS.
Self-service AppStore UX as a top priorityLumosAppStore is Lumos's heritage and strongest feature.
SaaS spend management + IGA in one toolLumosUnified SaaS management is a real differentiator.
Governance for on-prem, legacy, or internal appsIdenIden covers these natively. Lumos is explicitly limited here.
Custom connectors without internal dev resourcesIdenIden builds and ships connectors in <48 hr. Lumos SDK requires your team.
NHI governance today - not a 2026 roadmap itemIdenNative in Iden. Lumos anomaly detection and policies are roadmap.
Access review campaigns above 1,000 usersIdenNo ceiling in Iden. Lumos has reported timeout issues at this scale.
Contractor and partner lifecycle managementIdenNative in Iden. Lumos coverage here is limited and underdocumented.
Flat pricing without full-suite purchase requirementIden$7.50/u/mo, modular. Lumos requires all modules live for stable UX.
Non-standard or multi-IdP setupIdenAny IdP, no migration. Lumos overlays on existing IdP.

Want the full breakdown?

The complete feature-by-feature comparison - Coverage, Control, and Cost - in one reference document. Every Lumos hard limit, every Iden capability, side by side. Useful for vendor evaluations, internal presentations, and budget conversations.

Download the comparison PDF

No form. Direct download.

A few things worth saying directly

Lumos has a great AppStore UX. Does Iden match it?

Iden has AppStore-style self-service via Slack, web, and API. Lumos's AppStore is a genuine strength - it was the original product before IGA was added. Both are worth demoing with your actual apps before deciding.

Lumos claims 300+ integrations. Does Iden have that?

Iden's 180+ connectors work without SCIM. Lumos doesn't disclose which of its 300+ are SCIM vs API - and for most SaaS apps, there's no provisioning API anyway. So most of that catalog is SCIM-based: forced tier upgrades apply. Not with Iden.

Can I buy just the IGA module from Lumos?

Practitioners consistently report that you need to buy and implement the full suite - IGA, SaaS Management, and AppStore - before the experience stabilizes. 'You can't really piece meal this platform' is a direct quote from a Gartner Peer Insights reviewer. Iden is modular: start with what you need, add more when it makes sense.

We're already using Lumos. How does switching work?

Most teams run parallel for 30-60 days. Iden connects to everything Lumos isn't covering and you cut over when you're ready. Your existing IdP, SSO, and MFA stay untouched. Iden's onboarding team mirrors your existing setup.

Lumos does SaaS spend management too. Is that part of Iden?

Yes - shadow IT discovery and SaaS spend optimization are built into Iden. Lumos's SaaS management is more mature and was the original core product. If spend management is the primary driver, run a side-by-side demo. If IGA is the primary driver and spend management is a bonus, both cover it.

We have a SOC 2 audit in 3 months. Is that enough time?

Yes. Most Iden customers are audit-ready within 2 weeks of go-live. Audit evidence for access reviews, task logs, and certification campaigns available in real-time.

See how your Lumos gaps close with Iden.

No deck. No discovery call. Just the product - with your apps, your IdP, your actual environment.

Book a 25-minute demo