Identity & Access Management (IAM) Valuation Report: Q4 2025

Executive Summary: The Era of the Identity Platform

The fourth quarter of 2025 marks a massive shift for the Identity and Access Management (IAM) sector. We have finally exited the post-pandemic correction and entered a new cycle defined by aggressive consolidation, platform convergence, and the primacy of artificial intelligence. The valuation landscape in Q4 2025 is not a single story anymore. Instead, it is deeply split. On one side, you have “Identity Security” platforms, specifically those that actively defend against threats, commanding premium valuations with revenue multiples exceeding 15x. On the other side, traditional “Access Management” utilities, which are the commoditized plumbing connecting users to apps, are seeing multiples compressed down to 4x or 6x.

The real story of late 2025 is how the line between “Cloud Security” and “Identity Security” has effectively dissolved. This convergence got stamped into reality by two historic deals that completely reset industry benchmarks. First was Palo Alto Networks’ agreement to buy CyberArk for roughly $24.1 billion.1 Second was Google’s massive $32 billion play for Wiz.3 These are not just big numbers. They signal that the biggest buyers now see identity as the central nervous system of the security estate rather than just a standalone vertical.

Macroeconomic conditions in Q4 2025 are finally giving these valuations a solid floor. Central banks in North America and Europe have started cutting rates, which lowers the cost of capital and breathes life back into Discounted Cash Flow (DCF) models for long-term growth assets.5 This monetary easing has cracked the IPO window back open. We are seeing SailPoint targeting an $11.5 billion valuation for its return to public markets 6, while Cato Networks is holding steady at a $4.8 billion private valuation as it preps for a 2026 debut.7

For founders and investors, the market is sending a loud message. Efficiency is just the price of admission, but innovation is what drives value. The “Rule of 40” is still the gold standard for getting funded, but the highest multiples are reserved for companies figuring out how to handle the explosion of Non-Human Identities (NHI) and secure the Generative AI workflow. As we close out 2025, the market is paying up for integrated “Identity Fabrics” that can secure humans, machines, and AI agents all at once.

This report breaks down the Q4 2025 valuation landscape, dissecting the multiples, drivers, and deal dynamics shaping the future of IAM.

Macroeconomic Drivers Impacting IAM Valuations in Q4 2025

To get why IAM companies are trading where they are in Q4 2025, you have to look at the bigger economic picture. The “valuation math” right now is fundamentally different from the zero-interest days of 2021, but it is also a lot better than the contraction we saw in 2023 and 2024.

Interest Rate Stabilization Reshaping DCF Models

The biggest macro factor right now is the Fed and the ECB stabilizing and slowly cutting interest rates. For the last couple of years, high rates drove up the Weighted Average Cost of Capital (WACC), which hammered the present value of future cash flows. This metric is basically the lifeblood of high-growth software companies.

Now that inflation data has normalized in Q4 2025, central banks are pivoting.5 This drop in the risk-free rate mechanically pushes valuation multiples up. Even a 50-basis point cut in the risk-free rate can bump the terminal value in a DCF model by 10-15% for a high-growth SaaS company. This math gives public IAM stocks a tailwind, letting multiples expand even without massive revenue acceleration. Additionally, private equity leverage is back. The cost of debt for Leveraged Buyouts (LBOs) has come down. Credit markets are not at historic lows, but they are functioning again. This lets firms like Thoma Bravo and Vista Equity Partners finance take-private deals or add-ons without having to write massive equity checks. It effectively puts a floor under public valuations. If a good IAM company gets too cheap, it becomes an immediate target for sponsors.

The Resurgence of the IPO Window

The cybersecurity IPO market was frozen solid for nearly three years. Q4 2025 is seeing a definitive thaw, which is huge for valuation psychology. SailPoint’s impending IPO is the bellwether here. After Thoma Bravo took them private, SailPoint is coming back to the public markets targeting approximately $11.5 billion.6 This “round trip” validates the PE playbook. They took it private, fixed the operations, shifted to SaaS, boosted margins, and are now re-listing. A successful offering here gives a concrete pricing benchmark for other late-stage players like Saviynt and Semperis. Likewise, Cato Networks raising capital at a $4.8 billion valuation 8 proves late-stage growth capital is there for top-tier assets. However, the fact that Cato is keeping its IPO on ice implies issuers are still being picky and waiting for the perfect window to maximize their debut multiple.

The Shift from “Growth at All Costs” to “Durable Growth”

The economic environment has permanently changed investor risk appetite. Back in 2021, growth was the only thing that mattered. In Q4 2025, investors want Durable Growth. This splits valuations into two buckets. First is the Premium Bucket, consisting of companies growing faster than 30% with positive Free Cash Flow (FCF) margins. Think CyberArk and CrowdStrike. These assets get 12x-16x revenue multiples. Second is the Penalty Bucket, which includes companies growing slower than 15% or burning a lot of cash. These trade at 3x-5x revenue multiples, regardless of how cool their tech is. The market has zero patience for “empty calories” revenue growth that does not turn into cash.

Current Q4 2025 Valuation Multiples

Valuations in Q4 2025 are all about a “flight to quality.” Capital is clustering around a few platform leaders, creating a stark divide between the “haves” and the “have-nots.”

Public Market Multiples Comparison

The table below lays out the current valuation multiples for key publicly traded IAM and adjacent cybersecurity companies as of Q4 2025.

To provide deeper context, it is valuable to compare these public figures against private market benchmarks. The data below illustrates that while top-tier private cybersecurity assets can command premiums, the median multiples for private SaaS companies generally trail their high-performing public counterparts.

Analyzing the Divergence

The most striking data point in Q4 2025 is the massive gap between CyberArk and Okta. Historically, these two traded much closer together. Three things are driving them apart. First, the market now distinguishes between security and utility. CyberArk’s core product, Privileged Access Management (PAM), is seen as a critical security control that stops ransomware. Okta’s core product, Single Sign-On (SSO), is viewed more as an efficiency utility. In a high-threat world, security budgets are harder to cut than IT efficiency budgets. Second, CyberArk’s multiple is obviously pumped up by the pending Palo Alto Networks acquisition.2 But even before that news dropped, CyberArk was trading at a premium because they successfully transitioned to subscription models and kept growing at 43%.11 Finally, Okta’s growth has slowed down to 14% 13, which puts it in the “mature” bucket. CyberArk might be an older company, but they re-accelerated growth to 43% by pushing into new verticals like Machine Identity and Endpoint Privilege Manager (EPM).

Companies like CrowdStrike and Zscaler command 12x-18x multiples because investors see them as “consolidators.” The belief is that these platforms will eat up more wallet share by bundling Identity Threat Detection and Response (ITDR) with Endpoint and Network security. SentinelOne, trading at 9.1x 12, is cheaper than CrowdStrike partly because they do not have the same scale or profitability yet, despite having a strong AI story.

Private Market Valuations

Private market valuations are usually a black box, but Q4 2025 gave us enough data points to see where the “smart money” is pricing deals. The $32 billion price tag for Wiz 3 is historic. With Annual Recurring Revenue (ARR) estimated around $500M growing to $1B 15, we are looking at a multiple of roughly 32x to 64x ARR. That is an outlier driven by Google’s desperation to catch up to AWS and Microsoft, but it effectively pulls up valuations for every Cloud Infrastructure Entitlement Management (CIEM) startup out there.

Strategic M&A Activity Defining Q4 2025

Q4 2025 will be remembered as the quarter of “Mega-Consolidation.” This deal activity was not just about buying technology. It was about buying market share and owning the “Operating System” for enterprise security.

Palo Alto Networks Acquires CyberArk ($24.1 Billion)

In a massive move, Palo Alto Networks (PANW) agreed to buy CyberArk for about $24.1 billion in cash and stock.1 This move fills the “missing pillar” in PANW’s platform strategy. PANW spent five years dominating Network, Cloud, and SOC security, but Identity was the glaring hole. By acquiring CyberArk, the undisputed leader in PAM, PANW completes its platform. This allows them to enforce true Zero Trust by validating identity at every packet. Defensively, this acquisition acts as a strategic block. It prevents CrowdStrike, Microsoft, or Cisco from grabbing the best independent identity asset left on the board.

Google Acquires Wiz ($32 Billion)

Google agreed to buy Wiz for $32 billion in an all-cash transaction.3 This was driven by the realization that in the cloud, “identity is the new perimeter.” Wiz is technically a Cloud Native Application Protection Platform (CNAPP), but a huge part of its value is cleaning up identity entitlements (CIEM). Google realized that to win the cloud war against AWS and Azure, they needed the best multi-cloud security layer money could buy. Wiz’s “Security Graph” tech gives visibility into toxic combinations of risks, such as a vulnerability plus an over-privileged identity. This graph-based approach is where identity analysis is heading, replacing static lists of users and permissions.

The Mid-Market Wave: Securing AI

Outside the mega-deals, Q4 2025 saw a rush of activity in the mid-market, specifically targeting Generative AI security. Check Point bought Lakera for $300M to lock down GenAI apps.18 Lakera focuses on stopping prompt injection and data leakage in LLMs. Fundamentally, this is an identity problem because it requires distinguishing a legitimate user prompt from a malicious injection. SentinelOne also bought Prompt Security for roughly $250M to bolster its AI defenses.19 This is about stopping “Shadow AI” by controlling access at the endpoint and browser level. Additionally, Okta acquired Axiom Security for $100M 20 to shore up its Privileged Access Management capabilities. Axiom provides “Just-in-Time” (JIT) access, a modern way to handle PAM that avoids permanent standing privileges. This lets Okta compete better with nimble startups like Teleport and Aembit.

IAM Subsegments Commanding Premium Valuations

The IAM market is not a monolith. In Q4 2025, capital is discriminating heavily between different functional areas. Understanding these sub-segments is critical for founders trying to position their companies.

Privileged Access Management (PAM)

PAM is the “valuation king” of the sector. It currently commands revenue multiples of 12x – 18x. This premium exists because PAM is the “kill switch” for ransomware. In almost every major breach, the attacker tries to escalate privileges. This makes PAM a board-level priority. It is also a high-barrier-to-entry market because building a secure vaulting mechanism that enterprises trust is difficult. Startups in this space, like Aembit and Teleport, are disrupting legacy PAM with “ephemeral privileges” and “certificate-based access,” which are highly valued by cloud-native organizations.

Identity Governance & Administration (IGA)

IGA is currently trading at 8x – 12x Revenue. It commands a premium due to the “stickiness” of the revenue. IGA is the compliance engine that handles Joiner, Mover, and Leaver workflows. Once an enterprise implements SailPoint or Saviynt, the switching costs are enormous. This leads to extremely high Gross Retention Rates, often exceeding 95%. The market is moving towards “autonomous governance,” which uses AI to auto-approve low-risk requests. This automation is a key valuation driver.

Customer IAM (CIAM)

CIAM typically trades at a discount, seeing multiples of 6x – 10x Revenue. It is essential for digital transformation, but it is viewed as more commoditized. There are many open-source alternatives and commoditized providers like Auth0, AWS Cognito, and Azure AD B2C. However, CIAM companies that include high-end Fraud Detection command higher multiples. These features directly prevent financial loss, such as account takeover, which adds measurable value.

Non-Human Identity (NHI)

This is the hyper-growth frontier. Startups here are commanding 15x – 25x Revenue multiples. The investment thesis is that for every human identity, there are 45 machine identities like containers, scripts, and bots.23 These identities are often over-privileged and unmanaged. Investors are betting that NHI will become a standalone category as large as PAM. Companies solving “Secret Management” and “Workload Identity” are seeing intense VC interest.

Key Performance Indicators (KPIs) Driving Valuation

For a cybersecurity founder or investor, understanding the “why” behind a multiple requires looking at the unit economics. In Q4 2025, these KPIs are the primary determinants of valuation.

Annual Recurring Revenue (ARR) Growth

The benchmark right now is >30% YoY. In the current market, 30% is the “Mendoza Line” for premium valuations. CyberArk grew at 43% 11, earning a 16x multiple. Okta grew at 14% 13, earning a 5.5x multiple. The market punishes deceleration severely. Founders must show a path to sustaining >30% growth at scale ($100M+ ARR) to unlock the top-tier multiples.

The Rule of 40 (and 60)

The benchmark here is a score greater than 40, calculated as Growth % plus FCF Margin %. The “Rule of 40” is no longer just a nice-to-have. It is a requirement. However, the top-performing stocks are hitting the “Rule of 60.” CyberArk (43% Growth + ~19% Margin = 62) and CrowdStrike (32% Growth + ~30% Margin = 62) are prime examples. A company with high growth but massive burn will see its valuation capped because the cost of capital to fund that burn is non-trivial.

Comparative Metrics Analysis

The table below highlights how these operational metrics directly correlate to valuation multiples among the industry leaders.

Net Revenue Retention (NRR)

The benchmark is >115%. NRR measures the ability to expand within the existing customer base. SailPoint boasts 114% NRR 26, while CyberArk consistently delivers >120%. High NRR implies a “platform” sale where customers are buying more modules over time. IAM companies that are “single product” struggle to maintain high NRR. Platform expansion is necessary for valuation expansion.

Gross Margins

Investors demand gross margins >75% (Non-GAAP). If an IAM company has gross margins below 70%, it suggests they are reliant on human services for deployment or have inefficient cloud infrastructure costs. “Tech-enabled services” posing as SaaS will be aggressively de-rated in this environment.

Artificial Intelligence Impact on IAM Valuations

Artificial Intelligence is the single most disruptive force in the Q4 2025 valuation landscape. It impacts valuation in two distinct ways. First, it is a Feature where companies use AI to improve IAM. Second, it is a Target where companies focus on securing AI itself.

AI as a Feature: Automation and Efficiency

Investors are paying premiums for companies that use AI to reduce the Total Cost of Ownership (TCO) of IAM. Traditional IGA is labor-intensive. SailPoint’s valuation is supported by its “Identity Security Cloud,” which uses AI to recommend access decisions and spot outliers, reducing the manual burden on IT teams.27 In the CIAM space, AI models that can analyze behavioral biometrics, like mouse movements and typing cadence, to detect fraud without adding friction are commanding high multiples.

AI as a Target: The Rise of “GenAI Security”

This is the newest and hottest sub-sector. As enterprises deploy Large Language Models (LLMs) and AI agents, they create new identity risks. Employees pasting sensitive customer data into ChatGPT is a massive risk. Startups like Prompt Security (acquired by SentinelOne) and Lakera (acquired by Check Point) provide the “firewall” for these interactions. Furthermore, AI Agents act autonomously, making decisions and accessing APIs. Securing the identity of an AI agent is a novel problem. Companies that can claim to “Secure Agentic AI” are seeing valuation multiples detached from current revenue, trading on future potential. The acquisition of Lakera for $300M 18, which is likely a very high multiple of revenue, sets a benchmark. It tells founders that if they can solve the “GenAI Security” problem, strategic acquirers will pay a “scarcity premium” to get that capability into their platform immediately.

Private Market Dynamics & Venture Capital Trends

While the public markets have their own logic, the private markets operate with different dynamics, particularly concerning venture capital (VC) and private equity (PE).

The “Unicorn” Backlog and Valuation Resets

A significant theme in Q4 2025 is the reckoning of the 2021 vintage unicorns. Many IAM companies raised at >50x ARR valuations in 2021. Companies that have not grown into those valuations are in a difficult spot. They cannot raise an “up round,” and a “down round” is optically damaging. We are seeing “dirty term sheets” where investors demand 2x or 3x liquidation preferences to justify maintaining a flat headline valuation. For many of these companies, the exit is not an IPO but a sale to a PE consolidator like Thoma Bravo or Vista at a multiple of 4x-6x. This wipes out the common stock held by founders and employees while protecting the preferred capital.

Late-Stage Watchlist

The following table summarizes the key private players that investors are watching closely as the IPO window reopens.

Growth Equity vs. Venture Capital

Early-stage VCs are aggressively funding “AI Identity” startups. They are looking for the next Wiz, hoping to find companies that can grow from $0 to $100M ARR in under 3 years. Later-stage investors like Insight Partners and TPG are more cautious. They are backing winners with proven unit economics like Semperis and Saviynt. The focus here is on Profitability and Rule of 40. They are investing to bridge the gap to an IPO window that is now open.

Private Equity as the “Market Maker”

Private Equity firms are the ultimate floor-setters for IAM valuations. Firms like Thoma Bravo are building massive identity platforms. They are willing to pay premiums for assets that have strategic fit. For example, merging ForgeRock and Ping to dominate the enterprise market.28 Any public IAM company that trades below a 5x multiple and has decent cash flow is a candidate for a take-private. This keeps public valuations from collapsing too far, as short-sellers must be wary of an overnight buyout premium.

Forward-Looking Factors Influencing 2026

As we look beyond Q4 2025 into 2026, several trends will dictate the direction of IAM valuations.

The Convergence of Identity and Data Security

Identity is the “who,” and Data is the “what.” The next frontier is Data Security Posture Management (DSPM). The thesis is simple. It is not enough to know that “John has access to S3 Bucket X.” You need to know “S3 Bucket X contains PII.” We expect major IAM platforms like Okta and CyberArk to acquire DSPM startups to bridge this gap. This will drive up valuations for Data Security companies.

Decentralized Identity (DID) and Wallets

DID has been “the next big thing” for five years. However, with the EU’s eIDAS 2.0 regulation coming into full force in 2026 30, digital identity wallets will become mandatory infrastructure. Companies that provide the infrastructure for Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs) will see increased interest, especially from government-facing and CIAM vendors.

Quantum Resistance

As quantum computing advances, traditional encryption like RSA and ECC used in identity certificates becomes vulnerable. “Post-Quantum Cryptography” (PQC) readiness will become a due diligence checklist item for acquirers in 2026. IAM vendors that have already upgraded their certificate authorities to PQC standards will command a premium for “future-proofing.”

Actionable Insights for Cybersecurity Founders

Based on the extensive research and valuation analysis of Q4 2025, here is a strategic playbook for founders in the IAM space:

Optimize for the “Rule of 40”

Do not sacrifice margins for empty growth. Investors in 2025 will not pay for unprofitable growth unless it is hyper-growth (>50%). If you are growing at 30%, ensure your burn is manageable. Audit your Cloud COGS and S&M efficiency. Aim for a Magic Number > 1.0.

Build “Stickiness” into the Product

Valuations are driven by NRR. Don’t just sell a tool, sell a workflow. Integrate deeply into the customer’s DevOps pipeline for Machine Identity or HR system for IGA. The harder you are to rip out, the higher your valuation.

Prepare for the “Platform” Exit

The era of the standalone feature company is ending. Most exits will be to large platforms like PANW, Cisco, Google, or CrowdStrike. Build your product with API-first architecture that allows for easy integration. Develop partnerships with the major platforms early. Being a “Gold Partner” with CrowdStrike or Wiz can put you on the M&A radar.

Address the “AI Security” Narrative

Even if you are a traditional IAM company, you must have an AI story. Develop features that secure AI workflows. For example, “Identity Governance for Copilot.” This allows you to tap into the “GenAI Security” budget, which is the only budget that is expanding rapidly in 2025.

Geographic Variations: North America vs. Europe vs. APAC

North America: The Innovation Engine

This region commands the highest multiples. It is home to the major acquirers like Google and PANW and the deepest capital markets. Zero Trust mandates, such as Executive Order 14028, and SEC disclosure rules drive heavy spending on PAM and IGA here.

Europe: The Regulation Driver

Valuations are slightly lower than NA but are rising. The NIS2 Directive is the key driver. This regulation mandates strict access controls for critical infrastructure. This is a massive tailwind for PAM and IGA vendors with strong European footprints like Omada and Wallix. European “Sovereignty” concerns drive demand for EU-based IAM vendors, insulating them somewhat from US competition in government sectors.

APAC: The Mobile-First Frontier

Valuations are diverse here, with high growth in Southeast Asia. CIAM is the primary driver, fueled by “Super Apps” and digital banking. Fraud detection and mobile authentication are the key valuation pillars in this region.

Conclusion: The Identity Imperative

The Q4 2025 Cybersecurity Valuation Report confirms that Identity is no longer just a segment of cybersecurity. It is the foundation. The sheer magnitude of capital deployed ($56 billion across just two deals) validates the thesis that in a cloud-first, AI-driven world, the only perimeter that matters is Identity.

For investors, the opportunity lies in identifying the “platform winners” that can consolidate this fragmented market. For founders, the path to value creation requires a relentless focus on product efficiency, security efficacy, and the agility to secure the emerging world of non-human and AI identities. As we move into 2026, the winners will be those who can provide the “Identity Fabric” that allows enterprises to innovate securely at the speed of AI.

References

Citations are integrated inline throughout the document using the [id] format corresponding to the source snippets.

Works cited

1. 1. Cybersecurity Sector Update–Fall 2025 – Kroll, accessed November 30, 2025, https://www.kroll.com/Reports/M-and-A/Cybersecurity-Sector-MA-Industry-Insights-Fall-2025
   2. CyberArk Shareholders Approve the Company’s Acquisition by Palo Alto Networks, accessed November 30, 2025, http://investors.cyberark.com/news/news-details/2025/CyberArk-Shareholders-Approve-the-Companys-Acquisition-by-Palo-Alto-Networks/default.aspx
   3. DOJ Clears Google’s $32B Acquisition of Wiz – GovCon Wire, accessed November 30, 2025, https://www.govconwire.com/articles/google-wiz-acquisition-doj-clearance
   4. Google Confirms Wiz Acquisition To Close In 2026; $3.2B Fee On The Line – CRN, accessed November 30, 2025, https://www.crn.com/news/ai/2025/google-confirms-wiz-acquisition-to-close-in-2026-3-2b-fee-on-the-line
   5. Global M&A industry trends: 2025 mid-year outlook – PwC, accessed November 30, 2025, https://www.pwc.com/gx/en/services/deals/trends.html
   6. SailPoint (SAIL) IPO Targets $11.5B Valuation – Nasdaq, accessed November 30, 2025, https://www.nasdaq.com/articles/sailpoint-sail-ipo-targets-115b-valuation
   7. Cato Networks Named to 2025 Forbes Cloud 100 for a Second Consecutive Year, accessed November 30, 2025, https://www.catonetworks.com/news/cato-named-2025-forbes-cloud-100/
   8. Cato Networks raises $359 million at $4.8 billion valuation, keeps IPO on ice | Ctech, accessed November 30, 2025, https://www.calcalistech.com/ctechnews/article/pmald8ywg
   9. U.S. Cybersecurity Sector Report – Q3 2025 | Ropes & Gray LLP …, accessed November 30, 2025, https://www.jdsupra.com/legalnews/u-s-cybersecurity-sector-report-q3-2025-2500469/
   10. Financials – Quarterly Results – CyberArk – Investor Relations, accessed November 30, 2025, https://investors.cyberark.com/financials/quarterly-results/default.aspx
   11. CyberArk Announces Strong Third Quarter 2025 Results, accessed November 30, 2025, https://investors.cyberark.com/news/news-details/2025/CyberArk-Announces-Strong-Third-Quarter-2025-Results/
   12. Financial Info – Quarterly Results – SentinelOne, Inc. – Investor Relations, accessed November 30, 2025, https://investors.sentinelone.com/financial-info/quarterly-results/default.aspx
   13. Okta Announces Third Quarter Fiscal Year 2025 Financial Results, accessed November 30, 2025, https://ir.okta.com/news-and-events/news-releases/news-details/2024/Okta-Announces-Third-Quarter-Fiscal-Year-2025-Financial-Results-12-03-2024/
   14. SentinelOne Announces Third Quarter Fiscal Year 2025 Financial Results, accessed November 30, 2025, https://investors.sentinelone.com/press-releases/news-details/2024/SentinelOne-Announces-Third-Quarter-Fiscal-Year-2025-Financial-Results/default.aspx
   15. Wiz’s $32B sale is another record—and a sign of new rapid-growth era – PitchBook, accessed November 30, 2025, https://pitchbook.com/news/articles/wiz-google-acquisition-record-growth
   16. Analysis: How Wiz Went From Zero To $32B In Five Years – CRN, accessed November 30, 2025, https://www.crn.com/news/security/2025/analysis-how-wiz-went-from-zero-to-32b-in-five-years
   17. Google announces agreement to acquire Wiz, accessed November 30, 2025, https://blog.google/inside-google/company-announcements/google-agreement-acquire-wiz/
   18. Check Point Acquires AI Security Company Lakera, accessed November 30, 2025, https://www.itsecurityguru.org/2025/09/17/check-point-acquires-ai-security-company-lakera/
   19. SentinelOne’s Strategic Acquisition and the Rise of Runtime AI – Security Buzz, accessed November 30, 2025, https://securitybuzz.com/industry-news/sentinelones-strategic-acquisition-and-the-rise-of-runtime-ai/
   20. Okta acquires Axiom Security after better-than-expected second quarter – SiliconANGLE, accessed November 30, 2025, https://siliconangle.com/2025/08/26/okta-acquires-axiom-security-better-expected-second-quarter/
   21. 10 Big Cybersecurity Acquisition Deals In 2025 – CRN, accessed November 30, 2025, https://www.crn.com/news/security/2025/10-big-cybersecurity-acquisition-deals-in-2025
   22. Omada Announces Investment from GRO and Kirk Kapital to Drive Next Phase of Growth and Innovation in Identity Governance, accessed November 30, 2025, https://omadaidentity.com/press/omada-announces-investment-from-gro-and-kirk-kapital/
   23. Best IAM Solutions 2025: Complete Buyer’s Guide – Deepak Gupta, accessed November 30, 2025, https://guptadeepak.com/top-identity-and-access-management-iam-solutions-you-should-know-in-2025/
   24. SailPoint Announces Fiscal First Quarter 2026 Results – June 11, 2025, accessed November 30, 2025, https://investor.sailpoint.com/news-releases/news-release-details/sailpoint-announces-fiscal-first-quarter-2026-results
   25. Sailpoint IPO: S1 Breakdown – Mostly metrics, accessed November 30, 2025, https://www.mostlymetrics.com/p/sailpoint-ipo-s1-breakdown
   26. SailPoint: Second Shot at IPO Success – Life Self Mastery, accessed November 30, 2025, https://lifeselfmastery.com/2025/02/05/sailpoint-second-shot-at-ipo-success/
   27. SailPoint Announces Strong Fiscal Fourth Quarter and Full Year 2025 Financial Results, accessed November 30, 2025, https://investor.sailpoint.com/news-releases/news-release-details/sailpoint-announces-strong-fiscal-fourth-quarter-and-full-year
   28. New names for ForgeRock products – Ping Identity Support, accessed November 30, 2025, https://support.pingidentity.com/s/article/New-names-for-ForgeRock-products
   29. Making sense of the Ping Identity & ForgeRock CIAM roadmap – Strivacity, accessed November 30, 2025, https://info.strivacity.com/hubfs/PDFs/Strivacity_Ping-ForgeRock-Merger-Report.pdf
   30. IAM Predictions for 2025: Identity as the Linchpin of Business Resilience – Thales, accessed November 30, 2025, https://cpl.thalesgroup.com/blog/access-management/iam-predictions-for-2025
   31. SaaS Valuation Multiples: 2025 Report – First Page Sage, accessed November 30, 2025, https://firstpagesage.com/business/saas-valuation-multiples/
   32. Saviynt Recognized on the Prestigious Inc. 5000 List of America’s Fastest-Growing Private Companies, accessed November 30, 2025, https://saviynt.com/press-release/saviynt-recognized-on-the-prestigious-inc.-5000-list-of-americas-fastest-growing-private-companies
   33. 2025 Funding Rounds & List of Investors – Semperis – Tracxn, accessed November 30, 2025, https://tracxn.com/d/companies/semperis/__gWjgfIiLM9AoUlzB7xd1s63fBPe3fypcR6gUZV2J2zk/funding-and-investors
   34. SailPoint announces pricing of upsized initial public offering, accessed November 30, 2025, https://www.sailpoint.com/press-releases/sailpoint-announces-pricing-of-upsized-initial-public-offering
   35. Cato Networks Raises $359 Million at a Valuation of More Than $4.8 Billion, accessed November 30, 2025, https://www.catonetworks.com/news/cato-raises-359-million/