By Zach DeMeyer Posted August 3, 2018
The identity management space is getting more complex, but in doing so, more interesting. It used to be that everything was based off of the core identity provider, Microsoft® Active Directory® (AD or MAD). Today, though, a new generation of identity access management, or IAM, solutions is creating the perception that the IT market is now a battle of directory services vs SSO (single sign-on). What does this battle mean for IT organizations?
Before we talk about whether there is competition between directory services and SSO, we should explain each category.
A directory service is essentially a database that stores core user identities, and provides users with access to the IT resources necessary to do their jobs. IT admins can also manage which users have access to various IT resources via the directory services platform. Historically, these IT resources have been almost strictly limited to Windows®-based systems, applications, files, and networks. This is primarily because the directory services space has been dominated over the last twenty years by Microsoft Active Directory. However, as IT infrastructure has shifted to the cloud, a new generation of IAM solutions have appeared.
Single Sign-On (SSO)
Web applications emerged in the mid-2000s as an alternative to many of the on-prem applications provided by Microsoft. While they offered a number of advantages, they were also difficult to manage with AD. That’s when a new generation of IAM solutions was created to help. Known as web application single sign-on (SSO) solutions, these platforms are connecting users to their web applications. The challenge with a majority of SSO platforms is that they have not eliminated the need for directory services, but rather built to work in partnership with them. It’s fairly common for IT admins to view the two as competitors, but this just isn’t the case.
Is it Really Directory Services vs SSO, Then?
Today, with even more IT resources moving to the cloud and the increase in use of non-Windows platforms, there is even more pressure on traditional directory services. AD, which has been the gold standard of directory services, is no longer able to effectively connect users to all of their IT resources. Non-Windows systems, such as Mac® or Linux®, are often going unmanaged. Web applications need an SSO platform. Legacy, on-prem applications often require LDAP or manual user management. File servers and network infrastructure, such as WiFi access points, often require their own authentication approaches such as Samba or RADIUS. When viewed holistically, the identity management strategy for many organizations becomes a great deal more complicated than simply the use of a legacy directory or a single sign-on platform. Since they’re designed to work together, admins should be looking for how to leverage both, rather than replacing one with the other.
In their detailed paper comparing cloud directory services and SSO, the analyst firm, Stack Analysis, argues just that, and holds the view that the comparison of directory services vs SSO is often misguided. Each IAM tool serves a separate yet complementary purpose. Cloud directory services are the next generation of AD and LDAP, while SSO platforms are an excellent tool to connect users to web applications. For those organizations that are searching for a core identity management platform to connect users to a wide range of IT resources such as systems, servers, file servers, and WiFi networks, cloud directory services are the right fit. If the organization really only cares about control over web applications, an SSO solution might fit better.
Regardless, the Stack Analysis whitepaper is a great read for those interested in learning more about the pros and cons of each category, directory services and SSO. To learn more about comparing directory services vs. SSO, or the combination of the two, you can contact our support team, or read more at our blog.