By Ryan Squires Posted September 11, 2018
Microsoft® Active Directory® (AD) is an IT industry standard when it comes to directory services. For many organizations, AD serves as the main source of identity and access management (IAM). In today’s increasingly cloud-based IT world, however, AD is struggling to connect users to the heterogeneous resources that most organizations leverage every day. The void in federating on-prem AD identities to cloud-based services traditionally fell to single sign-on (SSO) solutions. SSO solutions can remedy immediate pains but don’t deal with the root cause. Cloud-based directories are the next generation approach to AD, combined with SSO (and more) in one solution, leaving many to ask: directory services or SSO first?
First, Directory Services
Cloud directory services are the new generation of IAM for IT professionals. As opposed to traditional on-prem AD, cloud directory services leverage the cloud so the service can be implemented easily in almost any organization. Cloud directory services are considered Software-as-a-Service (SaaS). Unlike Microsoft AD, these solutions are not directly affiliated with any operating system and manage Windows®, Mac®, and Linux® systems equally. Cloud directory services enable access to a wide array of on-prem and cloud-based resources with one identity. Resources on-prem and in the cloud include: productivity platforms (G Suite™, O365™), file servers (Samba and NAS devices, Box™) cloud infrastructure (AWS®, Azure®, GCP™), web-based applications (Salesforce®, BlueJeans®, DocuSign®), WiFi and wired networks via RADIUS, legacy applications via LDAP (Atlassian® applications, MySQL™, Jenkins), MFA (multi-factor authentication, two-factor authentication or 2FA), and many more.
Web application SSO solutions, on the other hand, are focused on, you guessed it, web apps. Conventionally, SSO has worked as an add-on solution on top of an existing directory (e.g. Microsoft Active Directory). But this functionality can be accomplished more elegantly by cloud-based directory services. Hassle is reduced. Cloud directory services integrate the most commonly used protocols a user may need into a single authoritative solution that requires minimal setup time. For IT admins looking to have control over an efficient environment, a web-app SSO solution might not be the best “first” tool out there because they deal with treating symptoms instead of the true underlying problem.
Stack Analysis goes into great detail on the topic of cloud directory services first in their whitepaper on the subject. In particular, Stack Analysis focuses on JumpCloud® Directory-as-a-Service® as their cloud directory of choice. Even if AD is a must for your organization, cloud-based directory services from JumpCloud can extend AD via AD Integration and allow that on-prem source of truth to extend to the cloud and non-Windows solutions.
Directory Services or SSO First?
When deciding between directory services or SSO first, it is clear that directory services should come first. Directory services act as the source of truth for identities and allow for management of systems, applications, files, and networks—not just web apps. When you choose JumpCloud, you get the management capabilities of a directory service combined with the convenience of SSO and a whole lot more. Don’t settle for patching together an AD strategy with a lot of add-ons or going unmanaged and simply not utilizing a directory service. Cloud-based directory services is a comprehensive solution, nothing patched together, that takes away the fear of an unmanaged user having access to IT resources long after they’ve departed.
If this sounds good to you, give JumpCloud Directory-as-a-Service a try for free today, and check out our YouTube channel for informative whiteboard videos and tutorials on how to get your console up and running. When it comes to directory services or SSO first, choose a directory that can connect you and your users to all the resources they need – not just a few.