By Jon Griffin Posted June 29, 2017
An often missed part of identity and access management (IAM) is the management of devices. At face value, it doesn’t make sense that device management would be a part of identity management, but it is. We all have Microsoft® to thank for that. Now, a new generation of cloud identity management solutions is embedding the device management function instead.
Directory Services and System Management
Directory services, which was effectively IAM, historically was distinctly separated from the management of systems. JumpCloud advisory board member, Tim Howes, created the LDAP protocol along with his colleagues at the University of Michigan, and even they didn’t integrate device management. Most directory services solutions kept identities and devices/systems separate.
When Microsoft introduced Active Directory® in 1999, they used their position to their advantage. With the IT environment being almost entirely Windows systems, Microsoft was able to focus on user management exclusively on Windows systems. They took the idea of identity management one step further by embedding the ability to manage Windows machines with the concept of Group Policy Objects.
IT admins loved this feature and leveraged GPOs a great deal. From their perspective, an integrated solution for authentication, authorization, and device management was a huge win. Those device management capabilities often centered around identity or access control issues such as password complexity, screensaver lock, or mapping and access to network drives. But, GPOs were generic enough to allow for a large number of different device management functions. The result was that when IT admins thought of identity management, device management was a required function.
Moving into Cloud Identity Management
As the market is shifting to cloud identity management, a key function will be device management. Similar to Active Directory, IDaaS providers will need to have deep capabilities to execute tasks, set policies, and secure devices. The trick in the post-Windows world will be to do this in a cross-platform fashion across Macs and Linux devices as well.
While Active Directory, and Azure Active Directory, are not solutions for this problem, one potential replacement for AD called Directory-as-a-Service® is. This cloud identity management platform functions as a cross-platform device management solution that allows you to execute policies across all three platforms, and helps IT admins to create virtually any command or script to execute on the device. The IDaaS platform can also group types of devices to more easily execute commands and policies, and send a report to IT admins on the success or failure of the task. With the cloud identity management function device management, Directory-as-a-Service is a viable alternative for mixed platform environments.
Integrating Cloud Identity Management and Device Management
If you would like to learn more about how you can integrate cloud identity management and device management, drop us a note. Alternatively, give our policies framework or command execution capabilities a try for yourself. Sign-up for a free JumpCloud directory services account. Your first 10 users are free forever.