The meteoric rise of web-based apps in the enterprise is exemplified by the prominence of Salesforce®, G Suite™, and Office 365™. SaaS apps are the fabric of the modern office – and it’s IT’s job to iron out the wrinkles. For a long time, that meant Single Sign-On (SSO). But that’s only part of the story.
First-generation SSO integrated with an Identity Provider (IdP) already providing a core user database. The IdP was usually Microsoft® Active Directory® (AD). Today’s SSO solutions are increasingly aiming to be everything IAM, including the IdP. Below we’ll discuss why there are still benefits to integrating SSO with directory services.
Organizations might use upward of 203 different combined applications. That means 203 different places to change passwords and manage users. When all web applications are integrated with a core directory service via an SSO solution, managing user access is as easy as adding a user to a group with the applications they need.
Because application usage varies across different departments, having the ability to standardize application access across individual departments helps IT admins save tremendous amounts of time since they aren’t forced to add individual users to applications. The average mid-sized company changed 39% of their SaaS apps between 2017-18, according to Blissfully’s 2019 SaaS trends report, so the ability to manage those changes at scale is critical.
Plus, innovations like Just-In-Time (JIT) provisioning are enabling IT admins to streamline the account creation process. Provisioning a user to a new application no longer requires tedious manual set up. With JIT, users log in to a pre-configured web application, and as soon as they sign in, an account gets created automatically. Protocols such as SCIM are also adding the capability to deprovision users. As more web applications support these protocols, IT admins will have more and easier control over web application access for their organizations.
With a protocol like SAML and customizable user portals, users only have to enter their unique set of credentials once and get access to whatever applications they need. No need to juggle 203 passwords.
But, while these benefits seem great, getting to this point can provide a challenge for many IT admins.
Three Challenges of SSO and Directory Integration
- Integrating an SSO solution with Active Directory® (AD) works great with Windows systems. But when macOS and Linux devices enter the fray, it becomes more difficult because admin need identity bridges to integrate non-Windows systems with AD.
- On-prem solutions like AD require more effort to manage and maintain. Organizations want managed infrastructure, like the SaaS apps they’re using, because they require less time and effort to manage. An all-in-one solution from the cloud would help companies the most.
- Conventionally, SSO solutions only take care of one pain point: web applications. They are becoming more robust with LDAP support, but system management is still lacking, so an MDM is likely required in most cases to manage non-Windows systems.
SSO and More from the Cloud
JumpCloud® Directory-as-a-Service® is a comprehensive directory services solution with on-board, deep single sign-on capabilities. JumpCloud’s user portal is a gateway to all the SAML apps your users need as well as the authentication source for LDAP applications as well. But, unlike web application SSO, the JumpCloud admin console provides system-based user management and policy execution, in the model of conventional directory services — and includes all this functionality for macOS and Linux in addition to Windows. By unifying these long disparate solutions into one tool, IT simplifies identity management and increases user productivity.
To begin the process of integrating SSO with your directory, start with a pre-integrated directory. To learn more, check out our piece, “The Foundation of IT.”