By Greg Keller Posted April 8, 2016
The concept of a cloud identity provider is a relatively new one. Directory services have historically been located on-premises. There are a variety of reasons for directory services being maintained in-house including security, IT resources within the networks, and users largely being within the office. With the advent of the cloud, many of those core assumptions have changed. As a result, the concept of utilizing a cloud identity provider to maintain these systems makes a lot of sense.
What’s In a Cloud-based Directory Service?
Directory-as-a-Service® was introduced as the next generation of directory services. Beyond just placing the user store in the cloud, the cloud identity provider has dramatically changed the definition of directory services.
Delivered as a SaaS-based platform
While many applications and systems have moved to the cloud, the directory service has only recently made the transition from being largely on-premises. As a core system within the IT environment, IT admins have historically been reluctant to let a third party control their core user identities. With the advancement in how directories operate in the cloud, sticking to on-premises solutions is changing and IT admins are off-loading their directories to be run as SaaS-based services.
While on-premises directories such as Microsoft Active Directory, Apple Open Directory, and OpenLDAP all have system preferences (Windows, Mac, and Linux, respectively), cloud directory services are device agnostic. Each system is treated equally for user authentication, authorization, and device management. This is a substantial step-up for heterogeneous IT environments.
On-premises and Cloud Applications
LDAP-based, on-premises applications are connected to the user store just as web-based SAML applications are. The concept of an identity provider is a core part of application integration. For users, the concept of single sign-on is an important part of the experience as it saves time for the user and enhances security for the organization.
Modern directory services are focused on connecting users to whatever IT systems, applications, and networks their users may need to access. In today’s modern IT environment, the only way to make that happen is through multi-protocol support. Directory-as-a-Service supports such protocols as LDAP, SAML, RADIUS, SSH, REST, among others. The wider the range of protocols supported, the more IT resources can be connected to the user.
A cloud identity provider must have intense security. Placing credentials in the cloud is a common practice these days, but there is still apprehension to moving them from on-premises to the cloud. Salting and hashing of passwords is a strong form of security as is ensuring that all communications are encrypted. Of course, the platform needs more security than just those components, but any cloud identity provider is going take security very seriously. In fact, if you don’t believe that the provider’s security is better than what you could do on your own, don’t do it. There are plenty of solutions that can provide the security your organization requires..
The Next Generation Directory Service
A cloud identity provider is the next generation of the directory service. If you would like to learn more about how Directory-as-a-Service can be your virtual identity provider, drop us a note. We’d be happy to discuss it with you. Or, feel free to try it for yourself. Your first 10 users are free forever.