Federated Access Management

Written by Greg Keller on March 18, 2016

Share This Article

In today’s complex identity management world which now encompasses cloud infrastructure, on-premises equipment, and a mobile workforce, the question becomes how one can tightly control user access. Federated access management solutions are driving a new approach to user management. Directory-as-a-Service® platforms are completely changing the market for user access to a wide variety of IT resources.

On-premises Solutions Outdated

Historically, there has been a separate category of federated identity management solutions. These solutions start with a core directory service hosted on-premises. Often this is Microsoft Active Directory or OpenLDAP. Usually another identity management solution is purchased in order to take those core identities and federate them to a wide variety of web applications. Still other solutions are needed to take those core identities and leverage them for cloud server infrastructure. Perhaps others are needed for privileged accounts on network equipment or user account management on Macs and Linux machines. Suddenly, the concept of tightly controlling user access across a wide variety of IT resource is not so simple to implement. The concept of federated access management emerged based on these varied and complex necessities.

In the past, when everything within the IT environment was on-premises behind the firewall and often largely Microsoft Windows based, the traditional directory service was adequate. It was possible to single sign-on (SSO) to everything the user needed with one set of credentials. Fast forward to the cloud era and that is rarely the case. Most of those resources are no longer  on-premises. With solutions such as Google Apps and Microsoft Office 365 becoming more frequently used, the core of a user’s productivity platform was now in the cloud. IT admins had to start searching for platforms in order to extend the core directory service to the cloud. Those solutions are often referred to as web application SSO.

New Generation of Cloud-based Solutions

This category of federated access management solutions requires more than just access to web applications. IT continues to adapt to these changes and has been forced to shift more of the infrastructure to the cloud. Also, the introduction of more platforms such as Macs and Linux devices began causing the foundation of the core on-premises directory service to be ineffective. A new generation of solutions was needed that enabled the core directory to manage virtually all of the IT resources that a user needs without having to utilize a number of different solutions.

Modern Identity-as-a-Service (IDaaS) platforms integrate the core user directory with device management, application user management, and WiFi authentication among others. The platform enables authentication, authorization, and device management to all three major operating systems (Mac, Windows, and Linux), web and on-premises applications, and network equipment. The key is to provide support regardless of location, platform type, or protocol. The goal is to provide a True Single Sign-On™ solution in the modern, complex era of the cloud.

If you would like to learn more about how Directory-as-a-Service is a modern federated access management platform, drop us a note. We’d be happy to discuss it with you. Or, feel free to try JumpCloud’s Identity-as-a-Service platform for yourself. Your first 10 users are free forever.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter