The rapid growth of the identity-as-a-service (IDaaS) market during the last few years means that security and risk (S&R) professionals now have a viable, and possibly even a preferable, alternative to traditional on-premises IAM solutions. For years, many small and medium-size businesses were reluctant to deploy an on-premises IAM solution because of the cost and complexity coupled with a lack of sufficient in-house skill. Today, the relatively easy deployment of an IDaaS now puts IAM capabilities within reach for these smaller firms. Moreover, the continued maturation of the IDaaS market and vendor landscape means that even larger enterprises have begun to consider IDaaS solutions as replacements for existing on-premises IAM implementations or at least a complement for these legacy solutions. Every security team, regardless of the size of its organization, should develop a deliberate strategy for determining whether an IDaaS offering makes sense. This report provides a set of key evaluation questions for S&R professionals to utilize when assessing the potential fit of an IDaaS solution for their organization.