By Greg Keller Posted September 18, 2015
What does a single sign-on (SSO) service do? It allows a user to log in with a single ID, gaining access to connected systems without being prompted for different usernames or passwords. The well-known SSO market has dramatically grown over the past few years. Players like our friends at Bitium™, Okta™, and OneLogin™ have built businesses focused on single sign-on for web applications.
These companies concentrate on external IT applications. Many of these applications are SaaS services such as Salesforce™, Workday, and Box™. There is a common goal among traditional SSO players: make it easy for end users to use applications. How does it work? Users simply log into a browser plugin or go to the end user portal supplied by the SSO provider. From there, users go to the desired application and are automatically logged in. They don’t need to remember unique credentials or multiple passwords to access each desired web application. End users find this process very easy. In addition, it’s more secure for IT admins in most cases.
The Pitfall of Only Using Single Sign-On
If a user only needs one username and password for SSO, where do the SSO providers get their user credentials? If they house them, how do those credentials sync with what end users are using on-prem? Specifically, what credentials do they use when they access their laptop or desktop, internal WiFi network, internally hosted web applications, or their own servers? Today’s SSO solutions look outward and are largely based on SAML – one of the standard protocols for web authentication and authorization. Most internal resources are based on different protocols such as LDAP, Kerberos, and RADIUS. IT admins face a huge pitfall due to this scenario.
Directory Services With SSO Is The Way To Go
There are many benefits to connecting directory services and single sign-on together. Probably the two most noteworthy are that IT organizations achieve maximum centralization and control while providing users with a simple one account system to manage.
The directory service provides credentials to your internal IT resources and is the engine to the SSO providers. As a result, any additions, deletions, or modifications in the core directory are automatically propagated to internal and external IT resources via the SSO solution. SSO providers integrate so well with directory services, and that’s why every company wants directory services plus SSO. IT admins can build one core directory service and cover both internal and external IT resources. Most directory services cannot match the single sign-on capabilities of companies like Bitium and others. Furthermore, folks like Okta and One Login haven’t focused on managing internal IT resources.
Sign On With JumpCloud
As a cloud-based directory solution, JumpCloud® Directory-as-a-Service® integrates well with most of the single sign-on players, including Bitium, Okta, and OneLogin.
JumpCloud’s directory service provides the core, authoritative identities which are then federated to whatever IT resources the user needs. This includes web applications through the SSO solution. Users get the True Single Sign-On™ they have been looking for across the entire set of IT resources they need. It’s easy for users and highly secure for IT admins.
In conclusion, our product offers a single sign-on solution unlike any other in the market. Not only do we store the core identity for a user, but we also closely work with the solutions that have been traditionally identified as SSO providers.
If you are interested in learning more about how we easily integrate with companies like Bitium, Okta, and OneLogin to provide the core directory services, drop us a note. We’d be happy to discuss it further. Or feel free to give JumpCloud a try for free and connect the two types of solutions together. Finally, you will find detailed instructions on how to integrate the solutions on our knowledge base.