By Zach DeMeyer Posted August 21, 2018
Like many Windows® products, Microsoft® Active Directory® (MAD or AD) has dominated the IT industry for decades. In the modern era, however, innovations led by an overall shift of IT resources to the cloud have AD stuck between a rock and a hard place. A new generation of identity management solutions has risen to fill the gap between AD and the cloud, called Identity-as-a-Service (IDaaS). This meteoric rise has driven IT admins to wonder, can IDaaS replace Active Directory? Well, for most IDaaS solutions, the answer is no. Let’s explore IDaaS as a whole and see why.
What is IDaaS?
As previously mentioned, IDaaS solutions are the result of the general migration to the cloud. You may of also heard of them referred to as SSO (single sign-on) solutions. This is due to the fact that IDaaS solutions are utilized to connect users to the variety of web-based applications they may use in their day-to-day. Traditional IDaaS solutions are often layered on top of an on-prem directory services implementation, typically with Active Directory serving as the core identity provider (IdP). By using AD as their source of truth, IDaaS softwares can use a single identity to connect to those resources, hence the name single sign-on.
Can IDaaS Replace Active Directory®?
In most cases, IDaaS cannot replace Active Directory, but instead works in conjunction with it. As you dive deeper into IDaaS and Active Directory, you find that on top of the fact that you cannot replace AD with IDaaS, the two together don’t form a complete solution either. IDaaS solutions often struggle to connect users to their on-prem resources, and AD doesn’t work well with Mac® or Linux® users without extensive bridging software, requiring even more software to be tacked on to pick up the slack.
So, What Can Replace AD?
Stack Analysis is a next generation IT analyst firm that delved into the complex relationship between IDaaS and AD in a recent whitepaper. According to their research, cloud directory services can replace Active Directory, unlike first generation IDaaS. Cloud directory services is the next generation of identity management, akin to next gen IDaaS, but capable of so much more. With cloud directory services, a centralized user identity becomes the source of truth for all IT resources, a sort of True Single Sign-on™. This includes systems, on-prem and cloud infrastructure, file servers, productivity suites, and more. In particular, Stack Analysis points to JumpCloud® Directory-as-a-Service® as the cloud directory service for the future.
JumpCloud Directory-as-a-Service (DaaS) is a reimagination of AD for the cloud era. JumpCloud DaaS is endpoint-centric, starting with authorizing a user’s system (regardless of its platform) and then propagating that identity out to the other resources that user leverages. JumpCloud utilizes the popular LDAP, SAML, and RADIUS protocols to cover the range of tools an IT organization requires among others. As a result, IT admins can implement a single cloud identity management solution that can effectively manage their entire network.
So, can IDaaS replace Active Directory? Yes and no. A first generation IDaaS platform, or really a web app SSO solution, can’t, but JumpCloud can. To learn more about leveraging cloud directory services to replace AD, check out the Stack Analysis whitepaper or contact us at JumpCloud directly. Take the first step towards replacing AD by signing up for JumpCloud. Signing up is completely free, and so are your first ten users to get an idea of what JumpCloud can do. You can also schedule a DaaS demo to do so as well, or check out our YouTube channel and learn more.