In Best Practices, Blog, Identity and Access Management (IAM)

avoid identity lock directory-as-a-service

Why is it so easy to get locked into your identity solution? Vendors make it easy to do on purpose. It should really come as no surprise. They want to make more money and the way to do that is to ensure you are using their services.

The problem is that a single vendor likely doesn’t offer all of the IT resources an organization needs. The reality is this means IT admins often face a number of challenges with trying to centralize management over their infrastructure.

Identity Lock-In Happens to Everyone

password identity lock

Take Active Directory. Microsoft makes it vastly easier to wire other Microsoft products to Active Directory, compared to third-party competitors. They even made Azure so they can offer to host your infrastructure for you. But if you want to make your Windows systems talk to another directory? Well, it’s possible, but it’s certainly not encouraged or made easy.

Google has recently thrown their hat into the ring. They will now help you manage your devices — so long as they’re Chromebook machines. They’re also making inroads into web-based identity and single sign-on (SSO). So do you choose Google Apps as your identity store?

Or maybe you go the LDAP route. A competent system administrator can set up a cluster of LDAP servers and wire LDAP identity into your Linux servers. With some effort, it can even be made to authenticate into Windows machines.

Then you’re acquired. Or your company acquires another company that has made their own solutions. Now you have some people on LDAP, some in Azure, some in AD, some in Google Apps. You have to integrate the identities across these and break down the silos. You have to manage and support all of these disparate systems and infrastructures.

Worse, you have the million things attaching identity to each of those stores. You have some systems using LDAP for authentication, and others using AD. You have SSO wired into Azure and Google Apps. You’ve lost your centralized place for managing identity.

So what can you do to avoid identity “lock-in”?

Build from the beginning with this end in mind. Choose vendors and practices that encourage interoperability and centralization of identity, instead of those that lock you in.

JumpCloud allows you to manage all of your users in one location. Extract users from Active Directory or Google Apps, and leverage SSO applications like Okta, OneLogin, or Bitium. JumpCloud is the best way to transition from messy, disjointed identity infrastructure to One Directory to Rule Them All®.

To learn more about how Directory-as-a-Service can help your organization avoid identity lock-in, drop us a note. You can also sign up today and see for yourself. Your first ten users are free forever.

Recent Posts