IAM – Federated Identity

Written by Greg Keller on March 7, 2016

Share This Article

Most of today’s cloud forward IT admins are asking the question of how they can federate identity simply and securely. A modern IT organization is no longer on-premises nor is it on a singular platform. Currently, the IT landscape is complex, heterogeneous, and global. As a result, being able to manage identities securely across various platforms is a major challenge. In fact, it may be one of the most critical challenges IT faces. The consequences of errors in identity management can be steep with compromises such as we saw at Sony and Target being good examples. Properly federating your identities through secure systems is critical to gaining the control and security your need while providing your employees with the IT resources they need to access in order to be productive.

Microsoft AD and the Firewall

Historically, IT environments were fairly simple. In the Microsoft Windows era, systems and applications were largely housed behind the firewall and were homogenous in nature. A central directory service called Microsoft Active Directory and the domain controller would work in conjunction to provide users access to the resources they need. Identities didn’t need to be federated because everything was secured behind the firewall. In today’s directory service market, the picture looks quite different as very few IT resources are maintained on-premises. There is a massive shift to cloud infrastructure and web applications underway.

Change is in the Air

The core, legacy directory service is becoming obsolete as it is only capable of connecting to a steadily shrinking number of IT resources. Mac and Linux devices are largely out of AD’s purview. Cloud infrastructure such as AWS brings up similar platform and security challenges as well. Since web applications are connected via third party single sign-on solutions to Active Directory, IT admins are forced to add more solutions in order to federate identities to cloud services. Additional solutions will mean more integration work, extra cost, and a greater likelihood of mistakes or outages. IT admins today are looking to collapse their complex identity and access management platforms into a simpler, cloud friendly approach.

The Cloud is on the Horizon

Directory-as-a-Service® is a modern, cloud-based approach to Identity-as-a-Service. Core user credentials are stored within the cloud-based directory and federated to a wide variety of resources through the support of multiple platforms and protocols. All three major platforms – Windows, Mac, and Linux are supported. Web applications are authenticated via SAML, and legacy applications via LDAP. RADIUS-as-a-Service is also a core part of the package which enables secure authentication to the WiFi network. Identities can also be federated to Google Apps, if necessary. Federated identities really don’t need to be a complex, multi-solution proposition .

If you would like to learn more about how Directory-as-a-Service can support your identity management plans, drop us a note. We’d be happy to discuss it with you. Or, feel free to give DaaS a try for yourself.

Greg Keller

JumpCloud CTO, Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

Continue Learning with our Newsletter