By Greg Keller Posted December 9, 2015
Like much of the identity and access management market, Identity-as-a-Service is a complex, confusing space. When shopping around for the right solution, the challenge is not necessarily the wide variety of players. It is the multiplicity of definitions and solutions. Some consider it as part of directory services and to some it is a directory extension technology. Others consider it a single sign-on to web applications. So, what is Identity-as-a-Service?
Identity-as-a-Service Casts a Wide Net
To answer this question fully, let’s begin by taking a broad definition. Any identity management sector that is delivered as a service can be included in the Identity-as-a-Service (IDaaS) category. It could be a part of directory services, a directory extension technology, a single sign-on to web applications and more. With this comprehensive definition, it is incumbent upon IT organizations to define their needs clearly in order to decipher which solution is right for them.
First, Identify Your Needs
Let’s consider the following areas and questions to determine the right IDaas solution::
Internally hosted or cloud-based? – Is there a particular bias towards hosting the solution yourself within your own data center or is it acceptable to have a third-party provide the service?
Core, authoritative source of identity or federated? – Do you need a core directory service where all of your corporate identities will be hosted, or do you need an identity service to extend to areas where your directory cannot go?
Device authentication and/or application authentication? – Is there a need to provide access to your web applications, or do you need to incorporate authentication for devices in addition to your web applications? Devices could include your on-premises laptops or desktops and also your servers whether hosted internally or in the cloud.
If you have other key requirements add them to the list, but the above considerations are a great place to start and can quickly point you in the right direction.
Second, Identify the IDaaS Categories
Now, keeping in mind the considerations mentioned above, let’s break down the IDaaS market. There are three major identity access management categories to examine.
Core Directory Services
A cloud-based directory service can be considered as part of the Identity-as-a-Service space. Once user credentials are submitted into the directory, you can leverage those credentials to connect other your users to whichever IT resources they need. You may also federate those identities to other identity management providers, even to other IDaaS providers. The core directory service is an authoritative user store and is the central control center for your identities.
Many organizations have described their services as IDaaS. Their primary objective is to extend the existing directory service to cloud based IT resources including mobile workers, Infrastructure-as-a-Service providers, and cloud applications. This category often does not provide the core directory, but rather extends the directory to the IT resources that the core directory cannot manage.
Single Sign-on (SSO)
The move to web applications is currently underway, and many of the providers that centralize access to these web applications consider themselves Identity-as-a-Service providers. SSO providers connect to a directory service and then connects those users to all of the web applications that they want access to. SSO providers take that single set of credentials and allow users to access a set of applications without having to re-enter those same credentials.
The Identity-as-a-Service space is not inherently complex, but with so many varying, competing interests in the market it can be daunting to select the appropriate services. By being clear about your requirements and determining what you need, you will be better able to identify which of the three major identity access management categories will work for you.
If you find the above information helpful in your thought process, drop us a note. We would be happy to share how we think about the market and walk you through different options based on your needs.