By Kayla Coco-Stotts Posted December 26, 2019
With the identity and access management (IAM) market changing rapidly, IT admins are sifting through the flood of new IT resources to find the best way to bridge Microsoft® Active Directory® (AD) identities to new cloud-based resources.
Although Microsoft’s Windows-centric identity provider was reported to dominate 95% of Fortune 1000 companies in 2015, AD has limitations. It is designed to manage an on-prem, Windows-based environment and struggles to manage other systems like macOS® and Linux® machines, AWS infrastructure, web applications, cloud storage solutions, and more.
The Rise of Active Directory
We all know that AD has been the foremost on-prem identity provider for Windows systems and applications since its introduction in 1999. And, historically, it worked well because the IT environment was Windows-based and on-prem. AD simply connected users to what they had.
However, AD has struggled to maintain efficiency in heterogeneous environments. IT organizations are adding resources such as G Suite™ and Office 365™, AWS, macOS-based devices, cloud-based Linux servers, and web applications to their lineup to give users the freedom of choice in doing their jobs. Because AD is Windows-based, it struggles to manage these different device types.
In addition, AD was not designed to operate through the internet, and as more services shift to the cloud, the legacy on-prem directory struggles to communicate with cloud-based services like Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) platforms, often requiring third-party add-ons that can be expensive and cumbersome.
Bridging AD with the Cloud
With the shift in the IT landscape, many IT admins ponder the best way to bridge Active Directory to the cloud. Microsoft no longer operates as the center of the technological world, and the rapid growth of the cloud means that IT professionals now have to handle a variety of cloud-based applications in the modern workplace.
As environments included cloud infrastructure, web applications, Mac and Linux systems, WiFi, and more, IT admins struggled not only with connecting their users to these IT resources but with how to secure the overall infrastructure.
With Active Directory at the core, many have started to look for add-ons like directory extensions and identity bridges to help extend user identities to these other facets of technology.
Active Directory Extensions
In an attempt to facilitate the transition to the cloud, Microsoft introduced Azure® Active Directory (Azure AD). With Azure AD, admins utilize the Azure cloud and aid user access to Office 365 and Azure services, but this cloud extension still requires an on-prem connection to AD. Additionally, AAD struggles to support other types of systems, providers (e.g. AWS), and productivity platforms (i.e. G Suite).
With Azure AD, the total cost of ownership (TCO) includes the cost of AD, Azure AD, Azure AD Connect, Azure AD DS, and any other third-party services required to implement new systems beyond a Windows-based environment. There are also costs for multi-factor authentication (MFA) and governance capabilities.
A number of third-party vendors created identity bridges so IT admins could manage non-Windows systems from Active Directory. These bridges were layered with AD to extend AD credentials to macOS and Linux systems.
Traditionally, these identity bridges were located on-prem, which added additional work in terms of integration and cost. Coupled with the other IAM add-ons needed to shore up AD, and IT admins struggled to accommodate their changing IT network.
Web Application Single Sign-On Solutions and MFA
Web application single sign-on (SSO) solutions bridge AD identities to web apps, while MFA solutions add extra security. In implementing more add-ons to bridge AD to the cloud, IT admins discovered the challenge in adding tremendous integration work and cost to the overall infrastructure, but they were able to keep the familiarity of the legacy, on-prem AD.
Each addition and add-on cemented the IT management infrastructure on-prem, causing organizations to stray from the cloud, rather than join it, in their attempt to integrate heterogeneous environments with a homogenous directory service.
Finding an AD Bridge
IT admins struggle with managing such a complex identity and access management infrastructure. And while AD may live on-prem, cloud-based directory extension technology that could cover all of these various needs in one solution from SSO to PAM to user and system management for cloud infrastructure and macOS and Linux would effectively maximize the ROI of AD. JumpCloud’s AD Integration makes it easy to extend your AD-managed identities to authenticate with non-Windows applications and systems not supported by AD directly.
JumpCloud makes it simple to synchronize your desired users and groups managed in AD, and to gain control over networks, systems, servers, and applications not directly linked to AD. Active Directory can remain as your master authority, with JumpCloud serving as the bridge connecting AD to the cloud.
To learn more about JumpCloud’s AD Integration, and how you can manage your entire IAM from the cloud, you can request a personalized demo or sign up for free.