By Rajat Bhargava Posted August 26, 2016
The identity management market is complicated. With the IT landscape significantly changing over the past decade, it is no wonder that many IT admins are curious about directory services or SSO (single sign-on). The discussion used to be simple because, quite frankly, the two solutions were one and the same. Today, they are two distinct categories with very different benefits. Comparing and contrasting directory services and single sign-on is an important exercise for every organization.
Compare And Contrast To Learn What Comes First, What Comes Last
The comparison starts with your core needs. Here are some questions that may help in determining what type of Identity-as-a-Service platform is right for your organization.
- What types of IT resources do you have? Take an inventory of systems, on-prem applications, cloud applications, cloud infrastructure, networking components, etc.
- What access is most critical for you to control? Do you care about a user’s access to their machines, applications, network, etc.?
- What authentication protocols do you need to support? Are all of your services SAML, or do you need LDAP, RADIUS, SSH, or others?
- Do you believe that device management is critical to your organization? Do you want to control your user’s devices to ensure that they are secure and safe? Are you customers requiring you to contractually agree to user or device management?
- Are security policies and compliance a part of your requirements? Many organizations must comply with specific regulations. If that’s true for your organization, what do the regulations you are subject to say?
Either Directory Services Or Single Sign-On (SSO)?
These questions are a good place to start because they will help you identify your needs and requirements. For organizations that are largely focused on cloud applications and don’t care about systems or controlling users on devices, then a web application single sign-on solution may suffice. A large number of organizations are taking this route. They need an SSO solution because they have a majority of cloud-hosted data and applications. For other organizations, their environment dictates a broader view of authentication and authorization. These organizations are interested in controlling access to systems, cloud servers, on-prem applications, and networks among other things. Their IT environment generally involves a mix of platforms, applications, and locations (on-prem and cloud). In these situations, a directory service is an appropriate choice.
You May Need Both
It should be noted that many organizations opt to have both solutions. They are heavy cloud users, necessitating SSO. In addition, leveraging a mixed environment requires a directory service.
Organizations that have both needs or are interested in directory services opt for Directory-as-a-Service® for their core unified cloud directory service. The cloud-hosted directory from JumpCloud® integrates centralized user management, LDAP-as-a-Service, cloud RADIUS, device management, cloud application support, and multi-factor authentication in addition to other capabilities. One benefit of the cloud directory is the ability to tightly control user access to your organization’s resources. While IT has deep levels of control, end users enjoy unimpeded access to the systems, applications, and networks they need.
If you are interested in learning more about the differences and similarities of Directory-as-a-Service and SSO, drop us a note. We’d be happy to discuss our cloud directory platform and how it works in concert with a number of SSO platforms.