Share This Article
Small and mid-size enterprises (SMEs) are the backbone of the global economy. There were an estimated 213 million SMEs worldwide in 2020, which equates to exponentially more employees and customers. This means that it’s imperative for SMEs to be productive and efficient to satisfy customers and meet organizational objectives while also utilizing proper security solutions to protect company, customer, and employee data from an ever-growing threat landscape.
To mitigate risk and provide employees with the resources they need to get work done, identity and access management (IAM) solutions emerged as an integral component of enterprise IT. Some IAM solutions on the market have remained stagnant, while others have emerged and evolved concurrently with the modern IT environment and workforce. A robust, modern IAM strategy can help SMEs bolster their overall security posture while enhancing employee productivity by streamlining identity creation and access workflows.
For many years, SMEs have used Microsoft’s Active Directory Federation Services (ADFS) to accomplish this, which helped them federate on-premises identities to third party networks and/or applications. However, the growth of cloud-based services and an increasingly distributed mobile workforce have both surfaced new, and magnified existing, issues with ADFS. These problems include security issues, high costs, and complexities that only well-versed IT professionals can handle, all on top of ADFS limitations that are inherent in Microsoft’s identity federation solution.
In addition, new technologies have emerged that provide more IAM capabilities in more accessible ways. These are some of the reasons that lead SMEs to ask if they truly need ADFS.
This article discusses the primary functions of ADFS, common IAM challenges SMEs face and whether ADFS is a good solution for each, and why the future of SSO lies in cloud-based solutions.
Functions of ADFS
ADFS serves two primary functions:
- Acts as a limited single sign-on (SSO) tool. Organizations can use ADFS to provide single sign-on authentication for users that need to access off-premise resources such as applications in a partner organization or modern cloud services. It uses a claims-based authentication framework that authenticates users via security assertion markup language (SAML) and cookies.
- Streamlines identity federation. With ADFS, employees don’t authenticate directly with the service provider (SP). Instead, user credentials remain centrally located inside the identity provider (IdP) or home organization via Active Directory (AD). This solution is used by organizations that have AD and need to gain a bit more control over user identities.
Common IAM Challenges for SMEs
Managing identities and access rights in SMEs is challenging because of many reasons, such as:
- The growth in distributed workforces
The need for skilled IT professionals in areas such as cybersecurity and cloud computing has continued to rise. Yet, the pool of qualified candidates cannot keep up with the demand. According to Gartner, businesses saw talent scarcity as the most considerable adoption barrier to 64% of emerging technologies in 2021, compared to a paltry 4% in 2020.
This problem becomes even more compounded for SMEs because they often have limited resources to hire and retain skilled IT professionals compared to large enterprises. With a constantly evolving IT environment and a significant talent shortage, many SMEs have opted for a remote workforce to access skilled IT professionals and other employees wherever they may be while keeping expenses in check.
However, to maintain a productive remote workforce, SMEs must provide a seamless experience for employees regardless of the IT resource they need to access, where they’re located, or what kind of device they’re using, all without sacrificing security.
If your SME has remote employees, what solution is best?
❌ ADFS
✔️ A cloud-based IAM/SSO platform
Why? Remote employees need to sign in to a variety of resources such as their device(s), networks, applications, cloud infrastructure, and more. All of this needs to be managed by IT, and ideally, IT can put a True Single Sign-OnTM solution in place to allow remote users to connect to all of these resources via SSO, which ADFS does not account for. This type of solution falls under the cloud-based IAM/SSO platform.
- Proliferating software-as-a-service (SaaS) applications
SaaS applications have experienced a massive increase in usage as organizations have adapted to remote and hybrid working environments. According to BetterCloud, a typical small business — with fewer than 50 employees — uses an average of 16 SaaS services, while those with more than 50 workers use an estimated 24 SaaS applications.
SaaS models have become the go-to solutions for many SMEs for various reasons such as affordability and flexibility. However, the popularity of these applications also means that SMEs must do more to manage user identities and access to those services. Without a seamless platform to access SaaS applications, employees often struggle with password fatigue while the organization deals with rising support costs from frustrated users.
If your SME uses a variety of SaaS apps, what solution is best?
✔️ ADFS
✔️ A cloud-based IAM/SSO platform
Why? ADFS was created to connect users to resources like cloud apps, so if your SME primarily relies on cloud apps to get work done, ADFS may work for you. However, if you don’t have AD in place already, or you want to implement an IAM solution that will evolve and scale with your organization while streamlining identity and access processes, a cloud-based IAM/SSO platform is the better option for you.
This is because a holistic IAM/SSO platform has the infrastructure needed to scale and safely connect your users to virtually all of their IT resources as you add more to your IT environment, whereas web app SSO only helps connect users to their apps, leaving a lot of room for IAM improvement.
- The popular bring-your-own-device (BYOD) trend
The bring-your-own-device (BYOD) trend is popular among employees because they’re already comfortable using personal devices, and they often provide more flexibility than organization-issued devices. BYOD can also help lower costs for cash-strapped SMEs because they no longer need to buy or pay for regular maintenance expenses.
However, the challenge with BYOD is not whether employees use their personal devices to access the organization’s resources but whether IT teams can react quickly and effectively to protect the business assets on those devices — without sacrificing productivity. Nearly every organization has some sort of BYOD policy in place to secure its resources.
However, BYOD policies may be difficult to enforce for employees that access SaaS applications on their personal devices, posing a serious security threat to the organization. Besides managing who has access rights to the organization’s resources, IT teams must keep track of which endpoints — device type and/or operating system — employees are using to access the services. From there, IT needs to be able to manage those devices from a central location along with any organization issued devices.
If your SME allows BYOD, what solution is best?
❌ ADFS
✔️ A cloud-based IAM/SSO platform
Why? ADFS is not meant to help control access to personal devices. A cloud-based IAM/SSO platform will be able to help manage identities and access while allowing you to implement conditional access policies and other security measures to mitigate risk.
- Inefficient employee onboarding and offboarding
Onboarding new employees is quite time-consuming for many SMEs. This is due to manual and non-standardized processes, as well as the sheer number of IT resources that they need to be provisioned access to (devices, legacy and cloud applications, emails, servers, networks, cloud infrastructure, etc.). Without an automated IAM platform in place, provisioning access becomes increasingly tedious, complex, and inefficient.
On the flip side, failure to quickly revoke access privileges for employees that have left the organization can have serious security consequences. Unfortunately, in many SMEs, this means that the IT or management team has to manually go through each employee’s account to understand what resources such employees have access to in order to properly offboard them.
Manual onboarding and offboarding is labor-intensive, prone to human errors, and less productive in the long run.
If your SME needs to improve onboarding and offboarding, what solution is best?
❌ ADFS
✔️ A cloud-based IAM/SSO platform
Why? ADFS is a clunky, add-on solution that can help streamline some parts of onboarding and offboarding — primarily provisioning and deprovisioning access to some limited set of applications. However, a cloud-based IAM/SSO platform will give your SME the ability to streamline user lifecycle management from beginning to end within a single platform. This means provisioning and deprovisioning access to virtually all IT resources, not just web apps. This type of solution also includes SCIM and JIT provisioning to add another layer of security and efficiency to the onboarding and offboarding processes.
- Password overload
The growth of SaaS services means that users must memorize a surging number of passwords for applications across various domains. Employees can get frustrated when they spend more time managing passwords, potentially degrading user experience and overall productivity due to password fatigue. Resetting passwords also makes IT teams less productive because they have to suspend essential tasks to attend to employees’ immediate issues.
If your SME needs to improve password management, what solution is best?
❌ ADFS
✔️ A cloud-based IAM/SSO platform
Why? ADFS is not a password manager, it simply allows the federation of identities in AD to non-domain bound applications. Users will still need separate passwords for resources not connected via ADFS. However, with a cloud-based IAM/SSO platform, users only need to remember a single set of secure credentials that meet the password requirements that your SME sets up. This one set of credentials can then be used to access all IT resources that have been provisioned to the associated identity by IT.
Using a Cloud IAM/SSO Solution Rather Than ADFS
The challenges listed above present a need for a comprehensive single sign-on tool that’s part of a bigger IAM solution. These needs go beyond the scope of what ADFS can do, especially when you consider all of the costs associated with ADFS. Whereas a modern IAM solution gives IT high visibility into what remote users have access to while keeping user identities secure and productive, all under one pricing structure.
ADFS extends on-premises identities managed within AD infrastructure to some cloud-based resources. However, it can only authenticate users in an on-premise setup and doesn’t authenticate through Azure infrastructure.
Rather than relying on Microsoft’s legacy AD and multiple add-ons, the JumpCloud Directory Platform enables IT teams to securely manage identities, devices, and IT resources from a single console. This comprehensive IAM platform comes with True SSOTM capabilities that allow IT to set up SSO for users across virtually all IT resources, greatly simplifying the end user experience while reducing the overall workload on IT.
Plus, SMEs with minimal IT budgets and staff can use JumpCloud’s platform to minimize infrastructure costs and risks and simplify IT operations.
Try JumpCloud’s Solution Free
Test out JumpCloud’s modern, simplified IAM solution with True SSO, and see if it’s right for your organization! Create a JumpCloud Free account to access the entirety of the platform for free, up to 10 users and 10 devices. Along with that, enjoy 24×7 in-app support — free for the first 10 days!
