Can I Replace AD with OneLogin®?

Written by Jon Griffin on February 18, 2018

Share This Article

Web application single sign-on (SSO) solutions are abundant in the enterprise today. Cloud applications are helping organizations work faster and more efficiently, and SSO vendors such as OneLogin® are helping to connect users to the rest of their infrastructure. As a result of SSO vendors’ growing popularity, many IT organizations are beginning to wonder if they can do more with their SSO solution.

On a related note, one of the largest struggles of the modern IT environment is dealing with the challenges of Active Directory® (AD). It is clear a new solution is needed. Can a single sign-on platform do more than just provide access to web apps? Specifically, can you replace AD with OneLogin or some other SSO vendor?

The Rise of Application SSO Vendors

Applications have been in the cloud for a while now, but there are still new areas of IT infrastructure moving to the cloud. Servers, productivity platforms, file storage, and now even the directory is moving to the cloud. It makes sense that IT admins are trying to shift their setup completely to the cloud. The benefits and productivity the cloud offers are second to none. Unfortunately, most medium and large organizations still manage and maintain their identity management infrastructure on-prem. The core of most companies’ Identity and Access Management (IAM) approach is Microsoft® Active Directory, their on-prem identity provider.

IT admins have long been tied to AD because of the prevalence of Windows-based and on-prem infrastructure. Active Directory was designed to function in that environment, and for a while it thrived in the enterprise. But as we all know, things rarely stay the same for long in technology. One of the first IT resources to make the move away from the on-prem enterprise was applications. These cloud-based apps created a problem for AD because it couldn’t connect users to their web-based applications. This is how SSO vendors rose to prominence. By finding a way to connect AD identities to web applications, SSO vendors filled a big gap in AD’s capabilities.

Of course, the changes in the IT landscape didn’t stop there. Cloud infrastructure from AWS and others replaced on-prem data centers. Mac and Linux systems soared in popularity. Samba file servers and NAS appliances eliminated the need for Windows file servers. These changes, and many others, are driving IT admins away from Active Directory.

Can You Replace AD with OneLogin?

Active Directory Server fail

With IT admins starting to move away from AD, a logical question that arises is whether or not their web app SSO solution can replace Active Directory. Unfortunately, web app SSO solutions like OneLogin cannot function as the full AD replacement admins are searching for. OneLogin doesn’t feature the full suite functionality that IT admins have come to expect from a directory, such as robust user and system management. Rather, in most cases, OneLogin and other SSO providers operate as an adjunct to AD or other authoritative directory (i.e., LDAP).

Can You Replace AD with a Cloud Directory Service?

A cloud-based directory service can also provide SSO functionality. However, it is not the same thing as web app SSO that is built on top of an existing directory service such as AD. In fact, a modern approach to the on-premises identity provider does exist that is both cloud-based and vendor-independent, and it goes by the name of JumpCloud® Directory-as-a-Service®.

JumpCloud’s cloud-based directory is connecting IT admins to all of the resources they need today, regardless of the platform, protocol, location, or provider. Now, admins can manage user accounts on a variety of systems (Mac, Windows, or Linux). That same user identity can then be used to access web and on-prem applications (via SAML, LDAP), cloud and local servers (AWS, GCE/GCP), physical and virtual storage (Samba, NAS devices, Box), and WiFi and wired networks (via RADIUS). With one identity, your users can access all of the IT resources they need. Not only can JumpCloud Directory-as-a-Service function as a True Single Sign-On™ provider, but it also eliminates the need for an on-prem Active Directory deployment. This cannot be said of web app SSO providers. And, because the centralized JumpCloud cloud-based directory includes robust user and system management capabilities, it actually can function as a complete alternative to Active Directory.

Replace AD with JumpCloud


Unfortunately, you can’t completely replace AD with OneLogin or any other SSO vendor. JumpCloud Directory-as-a-Service however, was built just for that. Check it out by signing up for a free account. There you can test any aspect of the platform and see exactly how the JumpCloud cloud-based directory operates as an AD alternative. If you want to see a live demo, you can also sign up for a demo here. If you have any questions, feel free to contact us. We would be happy to help in any way we can. Check out the directory service built for modern IT today!

Continue Learning with our Newsletter