Centralized Client Identity Management for MSPs

Written by Zach DeMeyer on May 27, 2020

Share This Article

Does the prospect of a single solution that centralizes all of your clients’ identities sound appealing? Armed with centralized client identity management, managed service providers (MSPs) and other IT service providers can expand their businesses with increases in efficiency and security, compounding their value to their clientele.

Identity Management for MSPs

Before we talk about centralized identity management, let’s first discuss how MSPs have managed identities up until now.

The Break-Fix Model

Before the emergence of modern managed services, IT service providers had to administer to each of their clients’ organizations in person, manually addressing problems and fixing them as needed. This “break-fix” model of IT services made sense for the time, as most IT environments were homogenized, Windows®-based, and on-prem.

To manage identities, most organizations were based around a central identity provider, often Microsoft® Active Directory® (AD). While physically attending to their clients, IT service providers would manually configure on-prem AD instances to manage passwords and control resource access.

Over time, MSPs grew tired of the break-fix method of IT services. Not only did moving back and forth between client organizations eat up a technician’s time, but each truck roll racked up overhead costs due to fueling and maintaining their vehicles. These inefficiencies ultimately took a toll on an MSP’s business, limiting the amount of clientele they could acquire due to full technician schedules.

MSPs in the Cloud Era

Today, MSPs can use modern solutions to remotely manage much of their clients’ IT infrastructure. Not only do these solutions cut down on time spent traveling in between client offices, but they also allow for quicker response times as well.

Although MSPs can do much of their work remotely, modern IT resources create new snags for them as well. Unlike IT legacy environments, modern offices are heterogeneous. Disparate cloud resources like SaaS applications or IaaS each need their own unique identity. Mac® machines and Linux® systems/servers, which are gaining popularity in the enterprise, all require an identity for authentication. Beyond that, wireless networking is a standard for most offices, so MSPs need to find secure ways to authenticate client users to the network, too.

Unfortunately, most traditional identity providers only serve a selection of resources. For example, Active Directory excels for on-prem, Windows systems and applications, but struggles with Mac, Linux, and most cloud apps and infrastructure.

In order to handle these new resources, many MSPs turn to Identity-as-a-Service (IDaaS) tools, which are specialized to authenticate specific resources. An example of this is web application single sign-on (SSO) solutions, which use the SAML protocol to federate identities to web applications.

MSPs face several issues with these IDaaS tools. The first is that each IDaaS tool adds another line item on an MSP’s budget, affecting the rates they charge their clients. Some clients may not want to foot the bill for IDaaS solutions, requiring MSPs to seek out an alternative. Other clients may not have an identity provider altogether, so while an IDaaS solution may cover specific identity management needs, they perpetuate the identity silos that modern IT resources have introduced.

There is, however, an IDaaS solution MSPs can employ that centralizes their client identity management, organizing each client organization’s identities behind a single pane of administrative glass.

Centralized Client Identity Management

The cloud directory service, or Directory-as-a-Service® (DaaS), enables MSPs to provide a single identity that their client users can leverage across virtually all IT resources. JumpCloud® DaaS uses a lightweight agent to manage systems, relying upon the SAML, LDAP, and RADIUS protocols to authenticate and authorize access to applications (on-prem and cloud-based) and wireless networks. For client identity security, MSPs can also utilize DaaS to enforce multi-factor authentication (MFA) across each of these resources.

With Directory-as-a-Service, MSPs can leverage a Multi-Tenant Portal (MTP) to remotely manage each clients’ identities from a centralized location, providing them the ability to freely navigate through each organization from one cloud-based admin console.

If you’re interested in centralized client identity management, try JumpCloud Directory-as-a-Service for free. The first ten users in every organization are free forever.

Partner Program

The JumpCloud Partner Program provides MSPs with competitive margins, unique features like the MTP, as well as co-marketing/lead-generation opportunities. You can apply to join the Program here, or contact our Partner team to learn more.

Continue Learning with our Newsletter