Connecting Cloud Servers To Your AD Or LDAP User Store

By Greg Keller Posted November 19, 2014

Connecting

This is 4th and final blog of our four part series on cloud server user management. Here’s a list of the others:

  1. Cloud Server User Management
  2. 6 Ways to Manage Users on Cloud Servers
  3. Challenges of Connecting Directory Services to Cloud Computing
  4. Connecting Cloud Servers to your AD or LDAP Store (you’re here!)

Historically, the most efficient and complete way to tackle server access, privacy, and security issues is to fix a central user directory with either LDAP or AD internally. The directory store becomes the one directory of record. From this central directory, organizations create a “bridge” to their cloud server infrastructure. That infrastructure may be at one or a number of different Infrastructure-as-a-Service (IaaS) players.

Because many servers are located remotely, businesses need a simple way for each server to know who needs to have access to it. Efficient organizations will leverage a SaaS-based cloud user management service or Identity-as-a-Service platform. The cloud user management service will sync the users with the internal LDAP or AD directory. From there, a lightweight agent is generally employed on each server. In this way, the right users are provisioned and managed on each server virtually automatically.

User Management

cloud-based directory ends up creating a number of benefits for IT admins:

Benefit 1: No network configuration required

Agents installed on each server send feedback securely to the cloud-based, SaaS user management service. The LDAP and AD agents manage all users, keeping them in sync without opening firewall ports or exposing your core directory to the Internet.

Benefit 2: Increased security

With a cloud-based directory services solution your central directory is kept secure, and all of your users are continuously kept in sync. User access to your server infrastructure is tightly controlled because it is in sync with your core user store. Extraneous accounts aren’t provisioned and left in place after a user is terminated. The number one risk for any organization’s directory is compromised user accounts. Businesses must maintain the accuracy of users allowed into the system, and management of every machine used by every employee is critical.

Benefit 3: Little to no additional administration

Because your users are kept automatically in sync and your group tags are replicated to your cloud infrastructure, there is very little additional work to be done by IT admins. They are, of course, responsible for creating accounts and providing privileges once, but from there, the system does the work of securely replicating that information and creating the right access across all of your systems, applications, and networks.

Learn More About Connecting Cloud Servers to Your AD or LDAP User Store

The cloud-based directory is the approach that modern organizations are employing to manage and secure access to their cloud server infrastructure and beyond. A SaaS-based, hosted directory service centralizes user management, is a hosted LDAP platform, provides True Single Sign-On™, WiFi authentication, and more. Cloud server user management is a vexing problem without the right approach. However, by leveraging an elegant cloud-based, SaaS user management “bridge,” IT admins can make quick work of connecting cloud servers to your AD or LDAP user store. Please drop us a note to learn more. Or feel free to try our Directory-as-a-Service® platform. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts