Overview Of Cloud Identity Management

By Zach DeMeyer Posted January 27, 2019

Overview of Cloud Identity Management

With IT organizations shifting more of their core infrastructure to the cloud, many IT admins are looking for an overview of cloud identity management. Like any fairly new IT concept, there are a wide range of interpretations to cloud identity management.

Identity Management Through the Years

categories of identity and access management

In order to understand many of these different perspectives, it is important to step back and understand the history of identity management as a whole. The concept of identity management really kicked off with the advent of LDAP, the Lightweight Directory Access Protocol. LDAP subsequently spawned the top two identity providers, OpenLDAP™ and Microsoft® Active Directory®.

IT organizations would go on to centralize their concept of identity and access management (IAM) in Active Directory (AD). Because most organizations of the time were on-prem and Windows®-based, it made a great deal of sense to rely on AD as their central directory service. AD also provided a standard for the rest of IAM, offering features such as GPOs (Group Policy Objects) to facilitate IT admins’ approaches to user and system management.

If all IT resources had remained based on the Windows operating system and on-prem, it is doubtful that we’d even need to talk about a new approach to identity management. With the new millenium and the subsequent rise of the cloud, however, IT began to drastically change. Web applications and cloud infrastructure started to be more commonplace. Linux® and macOS® systems started to edge out Windows machines in the workplace. WiFi and cloud storage solutions all started to emerge as well, revolutionizing the way work was done entirely. Employees could work remotely, accessing their crucial IT resources through the internet instead of the physical network.

Facing the Change

All of these changes would force IT organizations to modify their approach with AD. IT organizations didn’t want to give up on AD since it had become the core of their IT infrastructure. In response, IT organizations added directory extensions and identity bridges, web application SSO, privileged identity management, and more to bolster their AD instances.

But these changes were simply a stop gap. New solutions emerged that shifted many of these tools to the cloud. Web application SSO became first generation IDaaS solutions. Identity bridges became cloud identity solutions. And then, a new category of cloud user management solution was introduced, Amazon®, Google®, and Microsoft each offering a solution in the space. Effectively called cloud IAM solutions, these cloud identity management solutions would control access to the web portals to each tech titans’ respective offerings, and in some cases include web application SSO.

Challenges with Cloud IAM

The challenge with all of these different approaches to cloud identity management was that they were all predicated on two things: first, each solution was siloed to a specific vendor, and second, a reliance on on-prem Active Directory as the identity source of truth. When thinking of truly cloud-based identity management, that’s not what IT admins had in mind.

IT organizations wanted a completely cloud-based approach to the identity provider, while also connecting users to much more than just Windows-based solutions or solely Microsoft, Google, or Amazon products. The modern organization is heterogeneous, relying on freedom of choice to facilitate efficiency and efficacy. Modern cloud identity management should be able to do the same.

Modern Cloud Identity Management

Thankfully, there is a completely cloud-based directory service that is taking the concept of cloud identity management, and applying it across virtually all IT resources. Regardless of their platform, provider, protocol, or location, this solution is federating user identities to whatever resource that user chooses, be it Windows, macOS, Linux, AWS®, G Suite™, Office 365™, etc. This cloud-based directory service is called JumpCloud® Directory-as-a-Service®.

Alternative to OneLogin

Directory-as-a-Service (DaaS) has changed the way the IT industry looks at cloud identity management. If you’d like to learn more, please contact us with your questions, or check out our YouTube channel. You can also explore the product firsthand, either via an expert-led demonstration or by signing up for DaaS and seeing it for yourself for free. Signing up includes ten users, free forever, to start off your JumpCloud journey.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts