Identity & Access Management , Security Operations

Thoma Bravo Identity Push Continues With $2.3B ForgeRock Buy

Thoma Bravo-ForgeRock Deal Comes Months After PE Firm Agreed to Buy Ping, SailPoint
Thoma Bravo Identity Push Continues With $2.3B ForgeRock Buy

Private equity giant Thoma Bravo sees opportunity in identity, agreeing to buy ForgeRock for $2.3 billion just months after inking deals with Ping Identity and SailPoint.

See Also: Webinar | Level Up Your Security Stack: EDR vs Endpoint Privilege Management

The trio of deals mean that Thoma Bravo will spend $12 billion this year constructing a broad identity platform with expertise in customer and workforce identity as well as identity governance. The sale will end ForgeRock's short-lived stint as a publicly traded company, having completed just 13 months ago a New York Stock Exchange initial public offering that raised $275 million on a $2 billion valuation.

"Thoma Bravo has deep expertise in the security and identity solutions sector and a proven track record of partnering with companies like ForgeRock to accelerate growth and innovation," ForgeRock CEO Fran Rosch wrote in letters to customers, partners and employees. Joining the private equity world will "create value for all of our stakeholders by further positioning ForgeRock to capture new opportunities."

Under the terms of the deal, shareholders of San Francisco-based ForgeRock will receive $23.25 per share in cash, representing a 53% premium over the company's closing share price on Monday. The company's stock was up $7.36, or 48.55%, to $22.52 per share in trading Tuesday. That's the highest ForgeRock's stock has traded since Aug. 10. The deal is expected to close in the first half of 2023.

The transaction doesn't include a "go-shop" period, which would have allowed ForgeRock's board to move forward with a better proposal from another suitor, should an offer materialize. ForgeRock's largest shareholders include Accel, GravityRock, Foundation Capital, Riverwood and KKR, which own nearly 85% of the company's outstanding stock.

"Identity-centric cybersecurity solutions are a critical enabler for businesses to digitally transform their operations, and ForgeRock’s solutions combine both the advanced security and customer usability needed in the market," Thoma Bravo Managing Partner Chip Virnig says in a statement. "We look forward to partnering with ForgeRock to leverage our deep sector expertise and support the company."

Will ForgeRock, Ping and SailPoint Become One?

Thoma Bravo now faces the question of whether it will operate SailPoint, Ping Identity and ForgeRock separately or bring the three companies together to create a platform with the size and skill to take on Okta and Microsoft. ForgeRock was noncommittal in an FAQ published Tuesday on the prospect of combining with SailPoint and Ping Identity (see: Ping Identity to Go Private in $2.8B Thoma Bravo Acquisition).

"Any future decision will be made based on what is in the best interest for all stakeholders: customers, partners and employees," ForgeRock wrote in the FAQ.

Thoma Bravo often keeps portfolio companies with overlapping capabilities separate. Barracuda and Sophos maintain independent organizations even though both sell technologies such as network and email security to small and midsized businesses. This time around might be different given the consolidation that has taken place in the identity sector since the start of 2021.

Okta bought Auth0 for $6.5 billion to bring workforce and customer identity together on one platform. TPG Capital bought Centrify and Thycotic for a reported $900 million and $1.4 billion, respectively, and brought the two privileged access management rivals together as Delinea. And One Identity purchased OneLogin to bring identity governance, privileged access, and identity access management together on one platform.

SailPoint Founder and CEO Mark Clain told Information Security Media Group last month that Thoma Bravo's actions should allow for tighter collaboration with Ping Identity, though he wasn't sure if that would ultimately result in the two companies merging with one another. Thoma Bravo bought SailPoint for $6.9 billion in August and agreed to purchase Ping Identity that same month for $2.8 billion (see: Mark McClain on What Thoma Bravo's Buy Means for SailPoint).

"There are interesting things shifting around that may cause all of us to reevaluate some of our long-term strategic opportunities, and we're certainly going to have some of those dialogues as we settle in," McClain told ISMG last month. "There's going to be plenty of opportunity for us to dialogue about what makes sense independently or together as we go forward."

ForgeRock's Growth Comes in Below Expectations

Unlike SailPoint, which specializes in identity governance, ForgeRock and Ping have overlapping skills in areas such as customer identity and access management. KuppingerCole in its recent Leadership Compass recognized the two for having the strongest CIAM platforms. Gartner last year named ForgeRock and Ping as leaders in access management alongside Auth0, Microsoft, Okta and OneLogin.

ForgeRock's revenue for the quarter ended June 30 climbed to $47.7 million, up 8.5% from $44 million a year earlier. That edged out Seeking Alpha's sales projection of $47.2 million. The company recorded a net loss of $22.4 million, or $0.26 per share, 122.4% worse than a net loss of $10.1 million, or $0.40 per share, last year. Seeking Alpha was expecting a net loss of $0.27 per share.

The company revised its 2022 guidance to factor in impact from longer sales cycles and lowered sales projections to $206 million to $212 million compared to prior expectations of $212.2 million. Net loss guidance worsened to $0.44 to $0.49 per share as compared to prior expectations of $0.43 per share. That sent ForgeRock's stock down 18%, where it languished until Tuesday's announcement.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.