Cloud-based User Authentication

By Greg Keller Posted December 15, 2015

Historically, most IT assets were on-premises and protected behind a firewall. As such, the authentication server – usually Microsoft Active Directory or OpenLDAP – lived next to the server, endpoints, and applications that it served. When somebody logged in, the credentials were passed locally to the AD or LDAP server to be processed. In a world where IT assets are now located everywhere, how does authentication work?

The Shift to Web-based Infrastructure

Authentication servers are considered by any organization to be core infrastructure services. Without authentication, IT organizations have no control over who has access to what IT resources. Over the last decade, there has been a fundamental shift to the cloud, resulting in some dramatic changes for key IT infrastructure components. Servers now live at Infrastructure-as-a-Service providers such as AWS or Google Compute Engine. Endpoints are tied to their users, who are now more mobile than ever, working from virtually any location around the world. And, with the advent of SaaS-based applications, an organization’s core application infrastructure may now be web-based.

For security purposes, authentication servers have been housed internally and rarely opened to the public Internet. Any remote devices or users were required to authenticate through the VPN. Now, when virtually all resources are in the cloud, VPNs pose a significant headache for IT. On-premises user authentication system  are out of place in a cloud-based world.

How Cloud-based User Authentication is Delivered

Recently, a new generation of technology has emerged to enable cloud-based user authentication. The platform is called Directory-as-a-Service (DaaS), and it’s delivered as a SaaS-based solution from the cloud. The central user directory securely authenticates users, devices, and applications, whether it be in the cloud or on-premises. The cloud-based directory service securely communicates to devices over a mutual TLS tunnel, ensuring high security and eliminating the need for VPNs, thus saving IT staff time and money. IT organizations can enable their employees to work from anywhere with virtually any provider, ensuring that their core corporate mission comes first.

Cloud-based user authentication removes the necessity of keeping your IT infrastructure on-premises while still maintaining control over user access. If you would like to learn more about how you can leverage cloud-based user authentication to make your workforce more productive and secure, drop us a note. We’d be happy to discuss Directory-as-a-Service and other approaches to solving core security and productivity problems. If you’d like to play with a cloud-based directory yourself, feel free to give JumpCloud a try – your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts