Centralized Identity and Access Management

Written by Vince Lujan on February 13, 2018

Share This Article

Centralized identity and access management (IAM) is highly sought after in modern IT organizations. However, achieving centralized IAM is easier said than done. This is primarily because most IT organizations are either locked in to the Microsoft® Active Directory® (AD) ecosystem, or are trying hard to avoid it.

AD doesn’t play nicely with non-Windows® or cloud innovations. As a result, IT admins have been forced to decentralize their identity management infrastructure with an array of siloed solutions (e.g. Web application single sign-on). The good news is that a next generation directory services platform has emerged that offers centralized identity and access management in the cloud.

It’s called JumpCloud® Directory-as-a-Service®. We’ll dive into the use cases of the JumpCloud platform later in this blog. First, though, we should discuss the development of IAM. In doing so, the advantages of centralized identity and access management in the cloud will be revealed.

The Development of IAM

evolution of directory services

The modern era of identity management began in 1993 with the introduction of the Lightweight Directory Access Protocol (LDAP). LDAP was developed at the University of Michigan to help secure decentralized IT. Tim Howes, now a JumpCloud advisor, was the lead developer of LDAP.

The LDAP innovation led to the creation of the two most popular on-prem IAM platforms to date. The first was OpenLDAP, the open source iteration of the protocol released in 1997. The other came from Microsoft two years later, which combined LDAP and the Kerberos protocol to provide user and system management capabilities for Windows® based IT resources. It’s called Active Directory.

AD is a particularly interesting solution because it effectively established the modern concept of IAM. There really wasn’t a solution that offered both user and system management capabilities in one solution, prior to its release. In other words, AD was the first to provide centralized identity and access management. Add to the fact that Windows-based IT resources were already dominating the IT market at the time AD was released, and it’s easy to imagine how Microsoft was able to establish AD as the default directory services option.

AD has served IT admins well over the years. The challenge for modern organizations is that AD was designed for on-prem networks of Windows-based systems and resources. Networks haven’t looked that way since shortly after the turn of the century. Consequently, the efficacy of AD as an IAM platform has been in decline ever since.

The Beginning of the End for AD

Active Directory fails in the cloud

AD’s downward spiral began in the mid-2000s when cloud applications like Salesforce came to market. Then came macOS and Linux systems. Then came Google Apps, AWS, and more. In short, a wide variety of new innovations were introduced around this time. These solutions were great for end users. The trouble is they all had one thing in common – it was incredibly difficult, if not impossible, to bind them to an on-prem AD domain controller.

Initially, this meant that IT admins had to manage these new categories of IT resources independently. Then came first generation Identity-as-a-Service solutions like web application single sign-on (SSO). These types of solutions were essentially AD add-ons. While they required an existing on-prem AD infrastructure to function, they could address the use cases AD could not. This approach has proven to be effective. The issue is that IAM becomes increasingly decentralized as more add-ons are layered on top. In other words, IT admins must then manage the managers on top of managing AD.

This issue will only be exacerbated as the popularity of hybrid, cloud networks, and disparate system environments (e.g., Windows, Mac, Linux) continues to rise (SDI research report). IT admins cannot layer add-ons on top of Active Directory indefinitely. This is why so many organizations are looking to the cloud to provide centralized IAM.

The good news is that a next generation directory service platform called JumpCloud Directory-as-a-Service has come to market that can provide centralized identity and access management in the cloud.

Centralized Cloud Identity and Access Management

JumpCloud Directory-as-a-Service is AD and LDAP reimagined for modern networks. Similarly, it securely manages and connects users to their systems, applications, files, and networks. The key advantage that only JumpCloud can offer is that Directory-as-a-Service provides centralized IAM from the cloud for virtually any IT resource, regardless of platform, provider, protocol, or location.

For example, JumpCloud manages users and their systems – whether Mac, Linux, or Windows – and provides access to cloud and on-prem resources such as Office 365™, G Suite™, AWS®, Salesforce, and Jira®. The same login connects users to networks and file shares via RADIUS and Samba, respectively, securing your organization’s WiFi and file server access. These are but a few examples, but the bottom line is that by leveraging our cloud-based directory services, IT organizations can choose the best resources for the business.

We put control back in the hands of IT. Try JumpCloud for free today! You can also contact the JumpCloud team, or schedule a demo for more information.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter