Organizations looking to extend their directory service Microsoft® Active Directory® (AD) to the cloud may be considering Azure® Active Directory (Azure AD or AAD) or Ping Identity® as their next IAM provider.
For many, finding the ideal identity provider comes after strategizing what requirements are necessary to best serve an individual IT organization. As such, we will be discussing what admins commonly look for in a core identity provider (IdP) to securely manage their on-prem and cloud-based resources, as well as potential use cases for web application SSO solutions like Ping Identity and Azure AD.
What is Ping Identity?
Ping Identity introduced many to the concept of single sign-on (SSO) in the early 2000s by extending user identities from AD to web applications. Ping Identity was unlike many subsequent web application SSO solutions because it could be hosted on-prem or in the cloud. This optional approach may be ideal for organizations seeking to maintain their on-prem infrastructure.
Beyond web app SSO, Ping Identity has worked toward becoming a core identity provider, but gaps in its functionality lead most organizations to layer it on top of AD rather than use it as a standalone service.
What is Azure AD?
In a similar sense, Azure AD is most commonly used so organizations can extend their existing AD identities to Azure cloud infrastructure and select web applications.
Microsoft introduced AAD as an adjunct identity management solution to control Azure access, and it’s useful for organizations wanting to extend the reach of their existing on-prem AD identities to select SaaS applications. However, AAD is not a cloud-based replacement for on-prem directory services, and is more meant as a complementary service to AD, much like Ping Identity. AAD also suffers many of the pitfalls of its legacy predecessor in that it is not well suited for managing IT resources operating outside of Microsoft’s product stack.
What to Look for In Cloud Identity Management
For most organizations looking to extend the reach of Active Directory, Azure AD and Ping Identity may be effective as web application SSO solutions. However, they struggle as comprehensive solutions for admins looking to authenticate users to resources other than web applications, such as:
- Disparate systems (including Windows®, macOS®, and Linux® devices)
- Networks via RADIUS
- On-prem or cloud applications via LDAP
- Infrastructure-as-a-Service platforms (such as servers hosted at AWS®)
The ideal AD add-on would be one that could extend legacy identities to virtually any IT resource, whether on-prem or in the cloud.
Identity management in the cloud should be comprehensive. It should provide IT departments with the opportunity to move away from the maintenance and additional costs associated with maintaining on-prem legacy directory services.
JumpCloud® Directory-as-a-Service® (DaaS) is the first IAM platform that delivers comprehensive directory services entirely from the cloud. DaaS is platform agnostic and authenticates user credentials to the applications, networks, systems, and files users need through protocols including cloud LDAP, SAML 2.0, cloud RADIUS, and more.
Although DaaS can serve as a standalone cloud directory, securely managing and connecting users to virtually all of their IT resources, it also offers the flexibility to integrate with AD and extend legacy identities to all of the IT resources that a user may need access to, from a single web-based administrative portal.
The end result is that IT admins in AD environments can leverage a single solution to extend user identities to all of their IT resources, or leverage the same solution to migrate off of AD entirely.