Better Single Sign-On

By Zach DeMeyer Posted June 6, 2018

better single sign-on

Is there a better single sign-on (SSO) approach available in the market? Many IT admins have either considered or used a wide variety of web application single sign-on solutions (including those from Amazon®️, Microsoft®️, and Google among many others). But, with the changing nature of IT, some are asking, is there a better strategy for tackling SSO and identity management?

The Original True Single Sign-On™

The first directory services solutions

Traditionally, the single sign-on system to beat was Microsoft Active Directory®️ (AD), although the term SSO hadn’t really been used at the time AD was introduced. AD has been a staple in IT organizations since its creation in the early 2000s. IT networks at the time were largely based on Windows and operated on-prem, so it was easy for Microsoft to establish a foothold with AD. These largely homogenous, Microsoft-centric environments ended up creating a single sign-on experience for the end user that looked a lot like what IT admins envision today with True Single Sign-On™. End users would simply log in to their systems when attached to the network, and they would be connected to whatever Windows IT resources they needed via the domain controller, including the network, files, servers, applications, and more. For end users, it was a great experience, and for IT admins, it provided central control and security.

The Evolution of SSO

The evolution of SSO

Then, web-based applications surfaced. These resources quickly became invaluable to organizations, but they weren’t on-prem or Microsoft Windows-based. As a result, IT admins weren’t able to integrate these new, modern resources with Active Directory, and that initial SSO experience was lost. To unify access to web-based apps, a new category called Identity-as-a-Service (IDaaS) was created. These first generation IDaaS or web app SSO solutions would sit on top of AD and extend AD identities to web-based applications, providing IT admins with something resembling the centralized control that they used to have. Changes in the IT landscape didn’t stop with web-based applications, however, and Active Directory has continued to lose its ability to offer centralized user management.

For example, mobile devices and employees have become standard in the workplace with the widespread adoption of laptop computers and – eventually smartphones and tablets. Meanwhile, platforms like Amazon Web Services (AWS®️) have shifted the data center from being on-prem or collocated to being in the cloud. End users have started using Mac®️ and Linux®️ machines more often, thereby creating mixed platform environments. Windows®️ File Servers are no longer nearly as popular as on-prem Samba file servers and NAS appliances, or cloud storage options such as Box, Dropbox, and G Suite™.

Mixed platform environments changing IT landscape

These new resources also defy the Windows-centric environment AD was built to manage, but web app SSO providers only solve the web app portion of the problem. They often don’t integrate with Mac and Linux systems, new file storage options, or wireless networks. Consequently, many IT environments end up having AD, a web app SSO provider, and a multitude of other solutions to connect users to the wireless network, cloud servers, file storage, Mac and Linux machines, and more. The problem with this setup is that it is costly and ends up creating a decentralized IT environment, not to mention the security risks.

So, IT organizations are ready for a more comprehensive solution: a better single sign-on solution that doesn’t just focus on web-based applications, but can connect users to virtually all of their IT resources. The good news is that a solution like this exists, and and it’s called True Single Sign-On™.

Directory-as-a-Service®️: True SSO for the Cloud Era

This better single sign-on approach is looking at the problem holistically by providing users with one identity that connects them to systems, applications, files, and networks. True SSO today resembles the centralized simplicity of authentication in the on-prem, Windows days – only it’s built for the needs of cloud-forward organizations and their heterogeneous environments. True SSO is a new approach to SSO, and is more than just web application SSO or Identity-as-a-Service, as many analysts and vendors have called it. This concept of True SSO is really more akin to a reimagination of AD for the cloud era, and is available from JumpCloud®️ Directory-as-a-Service®️.

virtual true sso

JumpCloud Directory-as-a-Service enables IT admins to securely manage and connect user identities to IT resources via central user management. JumpCloud doesn’t just stop with user management; it also integrates system management, cloud LDAP, RADIUS-as-a-Service, multi-factor authentication, and many more capabilities into one modern cloud identity management platform. To learn more about how JumpCloud Directory-as-a-Service is a better single sign-on approach for IT organizations, write a note to some of our experts, or see for yourself with a free trial, which provides you with ten users free forever.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts