Cloud Identity Bridge Solution

Written by Vince Lujan on October 4, 2017

Share This Article

The term cloud identity bridge defines exactly what the name implies – a utility to bridge the gap between a user identity living on-prem and resources living in the cloud. It’s a process of federating on-prem identities through a variety of secure protocols with the purpose of authenticating against cloud resources for access. The result is a far more secure approach to leveraging cloud resources.

Organizations all over the world are moving to the cloud. The benefits are numerous – including scalability and cost-efficiency – but moving to the cloud doesn’t come without it’s own set of challenges. This is especially true for older organizations that are heavily invested in on-prem infrastructure. For most, that means Microsoft Active Directory® (AD). The good news is that a cloud identity bridge solution may be able to help your organization find its place in the cloud.

But first…

Where did Cloud Identity Bridges Come From?

Active Directory has been the preferred option for directory services since the turn of the century. Back then, everything was running Microsoft Windows® for enterprise level computing solutions. Employees had Windows laptops and desktops, they created documents and spreadsheets with Microsoft Office, checked their email with Microsoft Exchange and Outlook, and verified their identities against an Microsoft Active Directory domain controller. Microsoft owned the enterprise space and identity management in the IT world was straight forward.

The IT landscape started to change in the mid-2000’s. New innovations in cloud technology offered a better way to deliver products and services. It enabled vendors to forge their own paths rather than riding on Microsoft’s coattails. Web applications like Salesforce and Dropbox led the way and their success encouraged many others to make the shift to the cloud.

Yet, the cloud wasn’t all sunshine and rainbows. Active Directory was still the choice for identity and access management (IAM) services. While it was great at managing Windows resources on-prem, it was never designed for non-Windows resources in the cloud. Instead, Microsoft’s approach was to enable third party add-ons to connect third party IT resources. Microsoft didn’t want to make it easy to connect to non-Windows resources, but they didn’t also want to appear to be limiting their customers. Ultimately, their strategy was to lock customers into the Microsoft  ecosystem. The approach backfired and IT admins began to lose faith in Active Directory as a result and Microsoft in general. As a result, many organizations began to leverage Microsoft alternatives (e.g. G Suite, AWS, Macs, Linux, etc).

Building Cloud Identity Bridge Solutions

Active Directory fails in the cloud

Today, many organizations still leverage an on-prem Active Directory instance as their core identity provider. Yet, with disparate operating systems (e.g. Windows, Mac, Linux), highly mobile employees, cloud infrastructure such as AWS, and new web-applications from the cloud every day – managing those resources with Active Directory has never been more challenging.

Fortunately, there are third party solutions available to help bridge the gap and begin to help organizations leverage the cloud further. Directory-as-a-Service® offers a particularly intriguing cloud identity bridge solution. JumpCloud refers to this feature as Active Directory Integration.

AD Integration: A Powerful Cloud Identity Bridge Solution

AD Integration is a tool for extending Active Directory identities to non-Windows systems and resources, both on-prem and in the cloud. It works by installing a lightweight agent, called AD Import, on the Active Directory domain controller(s). This allows AD Integration to federate Active Directory identities into JumpCloud. The identities now in JumpCloud can be leveraged to connect to a wide range of different IT resources – all of which aren’t required to be bound to Active Directory. The beauty of this approach is that the same identity in AD can now be leveraged elsewhere even though AD may not natively support that resource.

AD Integration by JumpCloud is unique in that it extends Active Directory via a comprehensive cloud-based Directory-as-a-Service. That means in addition to simply extending identities, IT admins can leverage management capabilities to non-Windows systems such as GPO-like capabilities for Mac and Linux, multi-factor authentication (MFA) at a system and application level, WiFi authentication via RADIUS, and much more.

The benefit for IT admins is they gain comprehensive user and device management capabilities regardless of platform, provider, or location. AD Integration even works for resources not bound to AD directly. This is exemplified by the AD Sync feature. AD Sync bi-directionally propagates password changes from non-domain resources into JumpCloud and further into Active Directory. End users benefit from the first True Single Sign-On™ experience that only a centralized cloud-based Directory-as-a-Service can provide.

Of course, for organizations that have little to no investment in on-prem infrastructure, it probably makes more sense to build a cloud-forward IT infrastructure from the ground up with Directory-as-a-Service. However, if your organization is simply not ready to leave Active Directory behind, then a powerful cloud identity bridge solution like AD Integration may be the next best thing.

To learn more about how a cloud identity bridge solution can benefit your organization, drop us a note. Ask about how we can help you test the full functionality of our cloud identity management product at scale or schedule a guided demo.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter