JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Directory Services or Single Sign-On? (Or Both?)



The identity management market is complicated. With the IT landscape significantly changing over the past decade, it is no wonder that many IT admins are curious about directory services or SSO (single sign-on). The discussion used to be simple because, quite frankly, the two solutions were one and the same. Today, they are two distinct categories with very different benefits. Comparing and contrasting directory services and single sign-on is an important exercise for every organization.

Compare And Contrast To Learn What Comes First, What Comes Last

screenshot-drive.google.com 2016-07-22 12-42-05

The comparison starts with your core needs. Here are some questions that may help in determining what type of Identity-as-a-Service platform is right for your organization.

  1. What types of IT resources do you have? Take an inventory of systems, on-prem applications, cloud applications, cloud infrastructure, networking components, etc.
  2. What access is most critical for you to control? Do you care about a user’s access to their machines, applications, network, etc.?
  3. What authentication protocols do you need to support? Are all of your services SAML, or do you need LDAP, RADIUS, SSH, or others?
  4. Do you believe that device management is critical to your organization? Do you want to control your user’s devices to ensure that they are secure and safe? Are you customers requiring you to contractually agree to user or device management?
  5. Are security policies and compliance a part of your requirements? Many organizations must comply with specific regulations. If that’s true for your organization, what do the regulations you are subject to say?

Either Directory Services Or Single Sign-On (SSO)?

These questions are a good place to start because they will help you identify your needs and requirements. For organizations that are largely focused on cloud applications and don’t care about systems or controlling users on devices, then a web application single sign-on solution may suffice. A large number of organizations are taking this route. They need an SSO solution because they have a majority of cloud-hosted data and applications. For other organizations, their environment dictates a broader view of authentication and authorization. These organizations are interested in controlling access to systems, cloud servers, on-prem applications, and networks among other things. Their IT environment generally involves a mix of platforms, applications, and locations (on-prem and cloud). In these situations, a directory service is an appropriate choice.

You May Need Both

It should be noted that many organizations opt to have both solutions. They are heavy cloud users, necessitating SSO. In addition, leveraging a mixed environment requires a directory service.

daas-landscape

Organizations that have both needs or are interested in directory services opt for Directory-as-a-Service® for their core unified cloud directory service. The cloud-hosted directory from JumpCloud® integrates centralized user management, LDAP-as-a-Service, cloud RADIUS, device management, cloud application support, and multi-factor authentication in addition to other capabilities. One benefit of the cloud directory is the ability to tightly control user access to your organization’s resources. While IT has deep levels of control, end users enjoy unimpeded access to the systems, applications, and networks they need.

If you are interested in learning more about the differences and similarities of Directory-as-a-Service and SSO, drop us a note. We’d be happy to discuss our cloud directory platform and how it works in concert with a number of SSO platforms.


Recent Posts
Migrating clients off Active Directory and to a cloud directory service doesn’t have to be difficult. Check out our free tool, the ADMU.

Blog

Migrating Clients Off Active Directory

Migrating clients off Active Directory and to a cloud directory service doesn’t have to be difficult. Check out our free tool, the ADMU.

By adding MFA to VPN connections through RADIUS, IT admins can rest assured that their remote user access is secure. Try JumpCloud free.

Blog

Setting Up VPN MFA to Secure Remote Workers

By adding MFA to VPN connections through RADIUS, IT admins can rest assured that their remote user access is secure. Try JumpCloud free.

In an ideal world, MSPs could leverage a group policy object analogue across all three operating systems. Are there cross-OS GPOs for MSPs?

Blog

Group Policy Objects (GPOs) for MSPs

In an ideal world, MSPs could leverage a group policy object analogue across all three operating systems. Are there cross-OS GPOs for MSPs?