It’s no secret that, in the past, IT organizations have relied heavily on the legacy platform, Microsoft Active Directory (AD), for handling authentication services. For almost two decades, there’s been been very little reason for IT admins to question the all-inclusive, on-prem approach for managing Windows-based IT resources. But with SaaS-based applications and cloud-based microservices popping up across the radar, is the idea of authentication as a microservice something worth considering?
Tethered to On-Premises Authentication
Historically, IT admins have been dependent on AD as it inherently requires regular on-prem management. Users are registered to the directory services platform and then connected to the appropriate Windows®-based systems, applications, networks, and files. These Windows-based IT resources are then validated and approved for use by the IT admin through the on-prem AD server, acting as the source of truth for authentication services. Pretty simple, right? Well, the challenge of this approach is the increasing level of upkeep required. IT admins need to regularly manage, update, and implement authentication infrastructure including servers, software, VPNs, backup systems, security, and more.
But, how do IT admins know what’s appropriate for each type of IT resource with protocols such as LDAP, SAML, RADIUS, OAuth, and many more available? Authentication—the process of confirming the user is actually who they say they are—is handled through a wide range of approaches these days. Ensuring the authentication process is airtight is vital to maintain security in IT infrastructure, and its importance can’t really be overstated. Each time an end user logs in and tries to access a resource, the authentication process should quickly and effectively reaffirm the user’s identity and process their credentials for security. And, most importantly it must be right – the user is who they say they are.
Growing out of this dependency on AD, dramatic changes in IT authentication delivery are being driven by a mass migration to the cloud. SaaS-based services, such as Salesforce® and G Suite, enable the user’s internet browser to act as the application container, which has changed the game for how software can be accessed. Now more than ever, these SaaS-based IT services are being delivered as microservices from the cloud, adding pressure on legacy directory services to adapt. As a result, IT admins are searching for the most effective methods to provide extended security for these cloud-based applications.
Microservices and the Cloud
Can legacy directory services, such as AD and OpenLDAP™, provide the best authorization and authentication for users choosing SaaS-based software solutions, Mac or Linux systems, legacy on-prem software solutions, and more? The answer is no, they simply can’t, and that’s where microservices have stepped in. IT admins are using microservices as tailored solutions to solve specific problems, often delivering microservices as application programming interface (API) calls or easy-to-implement, third-party solutions. In general, APIs can be thought of as “a set of subroutine definitions, protocols, and tools for building application software,” allowing programs written in different formats or even different programming languages to communicate with each other.
For organizations using legacy directory services, microservices can do much more than just plug a hole in the side of the ship. Some microservices can be delivered as cloud services, requiring zero on-prem IT resources besides a connection to the cloud. What’s the added value here?
Little-to-no infrastructure and management requirements from the IT organization, and therefore, an immense amount of time and money saved. Furthermore, many microservices only charge on an as-needed basis, so customers avoid any extra costs and only pay for what they need and use.
With this new approach, IT admins can simply load their users into the authentication microservice, point all of their IT resources to the cloud-based service for authentication, and they’re off to the races. No more on-prem requirements. No more tethering users to a specific location. As the IT landscape moves closer to the cloud, authentication is moving with it, giving users more freedom to roam and organizations the ability to choose the IT resources that are right for them—not just ones delivered from the vendor that owns the directory.
Microservices are being created and used together to solve all types of problems and create a more optimal experience for IT organizations and their users. Because of the benefits of these added choices, IT organizations can make personalized decisions and, ultimately, redefine their competitive advantage from the inside out. One excellent example of authentication as a microservice is JumpCloud Directory-as-a-Service (DaaS), as it reimagines Active Directory for the cloud era.
Now, IT admins can securely manage and connect their user identities to the IT resources they need through this cloud directory service. JumpCloud is an always-on, cloud-based directory platform with multi-factor authentication (MFA) and multi-protocol support. This modern approach to authentication frees admins to manage all of their users and resources from a central location. Directory-as-a-Service provides native authentication APIs for Mac, Windows, and Linux® devices, LDAP, SAML-based single sign-on, cloud RADIUS service, and SSH key authorization, all handled via a SaaS identity provider to save IT organizations time and money.
Streamlined Authentication with Directory-as-a-Service
Do you think your organization could benefit from cloud-based authentication as a microservice? Make sure to explore the JumpCloud Directory-as-a-Service platform to see how your company can migrate to a centralized directory managed from the cloud. Contact JumpCloud directly to learn more and one of our experts will be happy to answer any questions. Alternatively, you can set up a personalized demo, or just go ahead and try the platform out for yourself!