By Greg Keller Posted February 9, 2015
Some organizations aren’t interested in running directory services. Here are some common themes behind their thought process: there are issues and drawbacks, it’s expensive, it’s time consuming, and the boss simply doesn’t want to spend the money.
While these organizations may not use a “directory service” per se, they are definitely doing directory services, albeit manually which can get really expensive. Seemingly, there are good reasons for not having directory services. However, modern approaches to cloud-based directory service can be game changers for IT.
Here are four common alternatives businesses try to use instead of running a directory:
Perhaps the most common alternative to a user directory is manual user management. IT admins hand-provision users on devices and applications. When users leave the organization, they manually delete them from the IT resources.
This causes timely repercussions and security risk.
Admins either create spreadsheets to manage the details of user access or script the process of provisioning and deprovisioning users to create some automation. With a limited number of users, platforms, and applications, manual management is a reasonable approach to controlling access.
However, this manual process automatically puts the business at greater risk for a security breach. The manual process is prone to human error. In addition, there’s usually only a handful of IT admins that understand how to implement a manual process. If those people were to leave the company, it would be hard to fully recover the processes. And, perhaps, the user accounts too.
2—Configuration Management Tools
Tools like Puppet, Chef, Salt, or Ansible offer a centralized management solution that can provide effective user management on servers in cloud-friendly organizations. These tools allow one to provision users, primarily on production systems (as they are not often used in development, test, or desktop environments), via a central set of scripts.
The downside to these tools is that they achieve this through the use of scripting, and each change requires a code change. Scripts become complex when exceptions are needed. By the time an organization reaches 30 or so users that need access to servers, these exceptions become common. Configuration management tools don’t handle these types of complex requirements well. In addition, configuration management tools do not satisfy the user management needs of IT for their desktops, laptops, and applications.
3—Google Apps Directory
Google Apps for Work is a standard tool for small to medium-sized enterprises. Over 2 million businesses are on the platform, making it serious competition for Microsoft Office 365. While the platform offers some unique advantages, such as having email live at the center of the business, the Google Apps Directory isn’t a great solution for directory services.
First of all, it doesn’t extend to devices such as a user’s desktop or laptop. Further, an organization’s server infrastructure – whether on-premise or in the cloud – needs to be managed in a different way outside of Google Apps Directory. WiFi authentication cannot be done through Google Apps Directory. In addition, legacy application support is not available. For organizations that don’t need a significant amount of IT infrastructure, Google’s directory could be an option. However, for those companies that need more than just email and Google services, Google Apps Directory will not suffice.
Organizations with largely web-based applications view Single Sign-On as a potential option. SSO solutions do manage access to web-based applications well. Here are some other considerations: SSO controls and manages SaaS-based applications, requires an AD or LDAP on-premise directory, and is not easily managed. SSO does not act as a central user directory for all IT resources, including a user’s computer device, on-premise applications (LDAP-based), WiFi, and cloud server infrastructure. Many organizations try to leverage SSO solutions without an on-premise AD or LDAP instance but quickly realize that these solutions are not directory services. In this way, it’s an incomplete system.
Why None of These Directory Services Alternatives Actually Work
Unfortunately, each of these directory services alternative solutions has significant drawbacks for IT admins and their organizations.
None of these solutions creates a central user directory. In fact, these solutions create many different “mini-directories.” Whether these are spreadsheets, scripts, or siloed systems, multiple directories translate into more work and increased risk.
A change in one directory may not propagate through to others. Of course, this increases the workload on IT. Further, and perhaps as significant, a company is at risk of a terminated user still having access to a core IT system. Also, none of these systems manage all of the IT infrastructure. The on-premise devices and cloud infrastructure are largely missed. This causes IT to manage yet more systems. Directory services are all about central control over users and their IT resources.
The Directory-as-a-Service® platform from JumpCloud® is a cloud-based directory service intent on solving the issue of directory services. Today, identity management platforms are taking a modern approach, such as SaaS-based solutions, to the dated on-premises software solutions. JumpCloud’s virtual identity provider can function as a central user management system, hosted LDAP, RADIUS-as-a-Service, True SSO™, device management platform, and more. If you would like to learn more how Directory-as-a-Service could support your organization and save your IT team from the manual, tedious tasks for directory services, drop us a note. Or, feel free to give JumpCloud a try. Your first 10 users are free forever.