For many in IT management and general management, the concept of a cloud-hosted directory service can be mind-bending at first.
Historically, most IT professionals were trained on the on-premises solutions Microsoft® Active Directory® (AD) and OpenLDAP™. In some ways, the idea of a cloud-based directory service doesn’t initially make sense to some of them.
Maybe the absence of a domain controller (or even a domain, for that matter) and directory server where users authenticate is what’s most perplexing. Can you really go domainless? How will employees even log into the network and gain access? What does the network even look like? Where would an AD-like server fit in a world like this? For these reasons and others, many IT leaders have questions about the concept of a SaaS-based directory service.
The good news is that these questions are nothing new for the cloud industry, and JumpCloud® in particular. Our Directory-as-a-Service® platform was built to solve these issues and more. The benefits of a cloud identity provider are significant for many organizations. Advantages include the ability to more quickly execute tasks, improved flexibility of platform choice, and better security. Let’s walk through some of the questions and concerns surrounding a cloud-based directory and how you can enable a Domainless Enterprise.
Answers To Your Cloud-Based Directory Service Questions
True Single Sign-On™
Conventionally, a domain controller and on-prem AD server permitted users to authenticate into everything on-premises that was Windows® based. With a cloud directory service, think about this concept and extend it to all non-Windows and off-prem resources. This concept is called True Single Sign-On (SSO). It integrates cloud infrastructure such as:
- AWS®, GCP™, Azure®, and other IaaS platforms
- Multiple device platforms (Windows, Mac®, and Linux®)
- Core SaaS productivity services such as G Suite™ and Microsoft 365™
- Web applications such as Salesforce, GitHub, Zoom, Slack, and thousands more
- File storage services such as Box, Dropbox, etc.
Users can access all of their IT resources with just one set of credentials. IT can manage and centralize user access from one single place including provisioning and deprovisioning to save time and increase security.
If the cloud directory service is offline, what does that mean to my organization? That’s a really good and common question. Similar to many of the other features within the cloud directory, resiliency is built in. Systems will continue to function without interruption. If an individual service is interrupted, other LDAP, SAML, and RADIUS authentication requests can continue to be fulfilled via a global network of servers. The system is designed around the understanding that client systems must maintain operation even if the central directory database is offline.
Can Directory-as-a-Service be as secure as an on-prem managed directory service? Yes, it can. In fact, for many organizations the security available in the cloud is better. A cloud directory service is constructed with the supposition that it is to live on the public Internet. As a result, there are a number of core design decisions that are made to ensure security, including one-way hashing and salting of credentials, secure communication channels via mutual TLS, and regular scanning and penetration testing. If you would like more details on security, drop us a note. We’d be happy to share our practices and our SOC 2 examination. We also have detailed whitepapers from QSA Coalfire examining our approaches to PCI and HIPAA. We are GDPR compliant as well.
If a cloud-based directory service is so great, why hasn’t Microsoft done it already? Well, they do have a solution called Azure Active Directory. However, it is only intended for Azure and web applications. You’ve got your work cut out for you if you want to use it with all of your IT resources. You will need to add in Active Directory on-prem, Azure AD Connect to integrate the two, a directory extender for Linux and Macs, another service to integrate G Suite (if needed), and vast security and networking expertise for your AWS or GCP servers. It takes a lot of different solutions to cover all of the things that JumpCloud’s Directory-as-a-Service already does.
Is a cloud-based directory service cost-effective? While you should do your own calculations, there are a number of cost savings associated with a SaaS-based solution. First of all, there is no hardware or software to purchase. Directory-as-a-Service covers a number of individual solutions you may need to purchase including system management, SSO, MFA, MDM, and audit/governance solutions. Another advantage is that system maintenance and management is done by the provider. Finally, automation and user control help reduce work time for IT. If you would like to learn more about whether Directory-as-a-Service can be cost-effective for you, drop us a note and we’ll pass along our ROI calculators for you to evaluate.
Put JumpCloud To Work For You
A cloud directory may not be for everybody. But for most organizations, it can be a significant step-up in their ability to centralize user management, on-board and off-board users quickly and efficiently, manage devices, increase security to reduce the chances of a breach, and integrate cloud and on-prem systems into one unified view.
If you would like to learn more about whether a cloud directory service can make sense for your organization, please reach out to us. We’ve worked with over one hundred thousand organizations and can help you figure out whether JumpCloud’s Directory-as-a-Service is right for you.