“Nearly 100% of MSPs” believe that now is as good a time as ever to be in the managed services industry. New MSP businesses are joining the space and long-time MSPs are seeking to scale and modernize their operations. One prevailing trend between new and established MSPs alike is the adoption of cloud-based management solutions. Among these solution needs is user management.
Why User Management?
User management is a core role of an MSP that involves creating client user accounts and provisioning/deprovisioning their access to critical work resources. This practice provides end users with the credentials they need to log in to systems, applications, networks, etc. and ensures that only the proper users have access to hardware and software resources as well as the critical organizational data they contain. Through user management, MSPs can control how users interact with resources and crucial data, improving client security posture.
Since nearly every resource an organization employs contains some sort of crucial information –– be it financial data or even just the identities used to access those resources –– user management is necessary across all IT resources. That includes systems, applications, infrastructure, networks, servers, and file storage, as well as MSP-specific tools like RMM (remote monitoring and management) software.
With effective user management, MSPs can also enable their clients to leverage modern tools that increase productivity and efficiency, promoting growth for their clients, and ultimately, themselves.
MSP User Management Tools
Given the importance of user management to MSPs and their clients, it’s imperative that an MSP organization, whether rookie or veteran, invests in a user management tool that covers all of their needs. In the modern era, however, that’s sometimes easier said than done. Let’s look at how these tools have evolved over the past several decades.
Legacy MSP User Management
For many years, internal IT teams and MSPs alike turned to Microsoft® Active Directory®, the on-prem directory service, for its user management capabilities. Active Directory (AD) manages user accounts from creation to deletion, leverages groups to automate processes, and controls account access to Windows® systems, applications, and other on-prem resources like wired networks and servers. The average client IT environment in these early days was almost entirely Windows-based and confined within four walls, so it made sense that AD became the go-to directory service for many organizations.
Since AD is implemented on-prem and isn’t multi-tenant, MSPs had to physically administer each client’s AD instance in order to manage users. This “break-fix” model was a necessary evil of its time, but proved to be burdensome over time. As MSPs acquired more clients, physically attending each client’s AD instance ate away at their availability and overhead as more technicians spent time on the road between client offices.
Additionally, as modern, non-Windows IT resources started hitting the scene, MSPs found that AD limited the scope of resources their clients could use. AD excels at managing user access to Microsoft-made products, so in order to avoid Microsoft lock in and let their clients choose the best tools for their organizations, MSPs needed to find new user management tooling.
Cloud User Management for MSPs
The advent of modern IT resources like macOS® and Linux® systems –– as well as SaaS-delivered apps and infrastructure –– led MSPs to seek out additional user management tools to compensate. After all, AD struggles to manage user access to these resources that exist outside of its on-prem, Windows domain. Of course, MSPs can manage each user individually for their macOS/Linux system, cloud app, IaaS solution, etc. But compared to using a dedicated user management tool, this practice is highly inefficient, not to mention can be insecure.
Some MSPs have sought out Identity-as-a-Service (IDaaS) solutions to fill the holes in their AD-based user management approach. Although they’re effective at remotely managing user access to some modern IT resources, most IDaaS tools still require a core identity provider such as AD in order to properly authenticate and authorize access. Beyond that, many IDaaS solutions only pertain to a specific resource (i.e. non-Windows systems, web applications), meaning they create identity silos that fragment identities and make them more difficult to manage. For complete user management, IT admins may need to combine AD with multiple IDaaS solutions.
What today’s MSPs need is a tool that centralizes user management for virtually all IT resources into a single location, much like how AD managed the early Windows domain. What’s more, MSPs need this tool to be cloud-based and able to control multiple clients’ users from a single solution, achieving similar remote management capabilities to IDaaS solutions while avoiding identity silos.
Centralized Cloud User Management for MSPs
A cloud directory service covers virtually all an MSP’s user management needs from a single cloud console. Here are a few of the characteristics of a cloud directory service:
- Platform-agnostic – Manages user access to Windows, macOS, and Linux endpoints equally, enabling freedom of choice for clients
- Protocol-independent – Uses LDAP, SAML, and RADIUS to manage user access to applications and networks regardless of their location or provider
- Multi-tenant – Capable of managing multiple clients’ users from a single pane of administrative glass
If you’re an MSP in need of a modern user management solution, contact our Partner team to learn more about cloud user management for MSPs.