breaks out its identity management crm) is making the identity management embedded in its bread-and-butter sales and marketing applications more broadly available. And yes, that means increased competition for third-party identity and access management (IAM) players.

sfiam2In a world where company employees use on-premises legacy applications and cloud-based SaaS apps often via personal devices, its incredibly important to make sure the user is who she says she is and is authorized to see or download data. That’s the problem companies from IBM(s ibm) and CA(s CA)  to newer products from Okta and Ping Identity are attacking.

That is expanding IAM beyond its core applications should not be a huge surprise since CEO Marc Benioff  a year ago signaled his intention to take on vendors in cloud storage, ID management and collaboration. Since then the company’s brought out Salesforce Files (aka Chatterbox) for file share and storage, Do for collaboration and now Salesforce Identity.

For $5 per user per month the new application, available as of Tuesday, provides user and access management, multi-factor authentication, Chatter social networking and  reporting/dashboards.

This means that Salesforce Identity can be applied by existing CRM users to applications but perhaps even more interesting, developers building applications on or Heroku platforms can now incorporate it in their work, said Ian Glazer, research vice president at Gartner(s IT).

He said IAM is at a transition point. Legacy IT powers IBM and CA offer these solutions as do a raft of younger startups like Okta, OneLogIn and Ping Identity.  But, users of major SaaS applications and cloud offerings — and Microsoft Azure — for example, have been using the IAM embedded in those offerings without necessarily being aware of it, Glazer said.

What is now doing is bringing its IAM out of the closet.

Benioff’s words last year were a clear signal that Salesforce wanted its customers to spend more of their IT budget with Salesforce rather than third-party point solutions that fill gaps in its platform. His words were very reminiscent of what Oracle CEO Larry Ellison said years ago when he warned storage management and other vendors that Oracle planned to take on those product niches itself in integrated solutions.

Big vendors invariably say they do this because customers want integrated solutions but they must also contend with user concern about vendor lock in. Because supports key IAM standards — SAML, OAuth, OpenID Connect and SCIM — customers can keep using third-party IAM products if they desire, said Chuck Mortimore, VP of product management for Identity and Security.

While might upset the status quo in some respects it’ s not going to blow all the competitors out of the water.  “On-premises directory and identity solutions still have a huge role to play, mostly because they give large and regulated enterprises the control they seek,” said Eve Maler, principal analyst with Forrester Research(s forr). “