By Rajat Bhargava Posted August 18, 2017
We recently announced our cloud identity bridge solution called AD Integration. The goal of this capability is to integrate Active Directory® identities to non-Microsoft® IT resources. Due to the nature of this feature, some have asked us why we created the ability to extend Active Directory to Macs®, Linux®, AWS®, G Suite™, and more, when our platform is a fully capable cloud directory service that can replace Active Directory? I thought that we’d take a minute to give some background on our cloud identity bridge strategy.
Active Directory’s Beginnings
As we all know, Microsoft introduced Active Directory in the late 1990s and it took off in earnest in the 2000s. It has been a runaway hit for Microsoft. In fact, many would argue that it is a monopoly in the space, and that it has more market share than any other Microsoft product. In short, Active Directory has been the gold standard in identity and access management for the last almost two decades.
The reason that AD was so successful was simple. Microsoft already owned the enterprise IT infrastructure with Windows, Windows Server, Office, and Exchange. These solutions were the backbone of every organization in the 1990s. Microsoft leveraged that position to create Active Directory, which would control user access to these and other Microsoft solutions. For IT admins, AD made it simple to administer their network of users and Windows resources.
Microsoft also included a key piece of functionality which was brilliant: they enabled IT admins to manage Windows devices. Not only would AD control user access, but also the device itself. That made a huge difference to IT admins. Active Directory become the industry standard.
Microsoft-Exclusive No More
In the mid 2000s a curious thing started to happen. The IT world started to shift. Macs became popular. Linux started to invade the data center in a much more significant way. AWS introduced the concept of Infrastructure-as-a-Service to the world, and Google started to attack Microsoft’s hold on email, file storage, and productivity applications. The consequence was that many systems and resources were no longer easy to connect to Active Directory.
In order to compensate for this consequence, IT admins started to manage their non-Windows resources differently. A generation of directory extension technology was created, which extended the on-prem Active Directory with their own enterprise level systems. With these solutions, IT admins could manage their on-prem Mac and Linux machines, but that meant that they had to manage yet another heavyweight system.
The Current Identity Challenge
Fast forward to now, and the problem has only become worse. There are more non-Windows IT resources available, including web applications, cloud infrastructure, remote data storage and backup systems, and much more. On-prem Active Directory was already struggling in a mixed platform environment, and with IT admins adding directory extension technology for their on-prem infrastructure the problem was only magnified. Plus, when you consider that all of this is happening while IT admins are looking to eliminate infrastructure and shift to the cloud, the burden becomes quite heavy.
Seeing that backdrop, we knew that we could help. As a cloud directory service, we already could manage Windows, Mac, and Linux systems, on-prem and web applications (via LDAP and SAML), cloud and on-prem servers (hosted at AWS, GCP, or within internal data centers), local and remote storage systems, and wired or WiFi networks. In short, our cloud identity management platform was a self-contained SaaS-based directory service.
The Cloud Identity Bridge Solution
Our challenge was to help IT organizations that wanted to keep Active Directory because it was already entrenched in their organization, while still extending those identities to non-Windows IT resources. A cloud identity bridge was the way to make it happen. Our solution is called AD Integration, and it simply does what the name says: integrates Active Directory with systems, apps, and protocols not otherwise possible.
Here’s how it works. A lightweight agent is installed on internal domain controllers, and identities are automatically synced to our cloud directory. A copy of the identities then live within our platform which can subsequently be federated to Mac and Linux systems, AWS or GCP™ for cloud servers and infrastructure, Linux-based applications (including Jenkins, Docker, OpenVPN, and more), web applications (like Slack, GitHub, and others), and to WiFi networks without the need for a separate RADIUS server.
The identities within Active Directory remain authoritative, and IT organizations continue to manage their on-prem AD server. They simply replicate what they need to a cloud identity platform to extend the reach of Active Directory. The benefits are that IT organizations can maximize their investment in their current architecture, while leveraging the best IT platforms available as well. There is no additional IT infrastructure required on-prem, and user management still occurs in one place. Not a bad deal for IT admins.
Check out the Cloud Identity Bridge for Yourself
Our strategy for the cloud identity bridge is simply to enable IT admins to leverage their current IAM platform, but extend it to a wave of modern technology that is infiltrating organizations. This enables IT admins to be agile and flexible to the needs of their users, while still maintaining the control and security that is critical in identity management.
If you would like to learn more about our strategy for AD Integration, and why our approach to this identity bridge makes sense for your organization, drop us a note. Also, feel free to give our AD Integration capability a try for yourself. You can leverage our 10 free users forever to test as much as you like.