Federated Single Sign-On (SSO)

Written by Rajat Bhargava on January 27, 2016

Share This Article

The holy grail for IT administrators within a professional environment is providing every one of their users with a single set of credentials that can be used to sign on to every IT resource that the user is entitled to access. The challenge with building a comprehensive single sign-on (True SSO™) approach is that it is complicated to stitch everything together. Users today need access to a wide variety of IT resources, both on-premises and in the cloud. The ideal fix for many organizations is a centralized, federated single sign-on solution. Unfortunately, because of the varying devices, applications and network infrastructures in today’s workplace environments, this type of solution takes on many forms, and derives from a number of vendors. However, there is a new category of cloud identity management solutions that is making a true federated solution a reality – Directory-as-a-Service.

True SSO of IT Environments Past

The concept of single sign-on has been around for many years. In fact, we could argue that a True SSO was much easier a decade ago. Most networks back then were almost exclusively Microsoft. The devices were Windows-based and the applications were sitting on top of Windows, leveraging the Windows authentication mechanism. Users would log in to the network with their credentials, and the domain controller and Microsoft Active Directory would authenticate the user to everything in the environment that the user was provisioned for.

SSO Breakdown and Fixes With Evolving IT Landscape

As the cloud emerged and infrastructure and applications moved to it, the dynamic of trying to log in to everything changed. Neither the domain controller nor Microsoft Active Directory had control over all resources. As a result, a new category of web application SSO solutions emerged. These solutions would connect to the on-premises directory service and federate those credentials out to a wide variety of web applications. Some of these solutions were on-premises and others were cloud-based. For a time, the combination of Microsoft AD and SSO solution covered what was needed.

However, more resources moved to the cloud including servers. At the same time, devices shifted from being primarily Windows to incorporate Macs and Linux as well. Wired networks shifted to wireless, and authentication to the WiFi network became much more critical due to security needs. Google Apps become the email and productivity infrastructure of choice. All of these changes made it more difficult for Active Directory and a web application SSO environment to be a complete solution.

Circling Back to True SSO With Directory-as-a-Service

Today’s federated single sign-on solution needs to incorporate this new IT landscape, and connect users to all of their IT resources with a single set of credentials. True SSO solutions need to go beyond web applications. Fortunately, Identity-as-a-Service platforms are integrating multiple components of the identity management landscape to provide SSO to systems, cloud and on-premises applications, and WiFi networks. Much like over a decade ago, when SSO was truly SSO for everything, this new generation of identity management solutions, Directory-as-a-Service, is making it a reality in the cloud era.

If you would like to learn more about how a next-generation federated single sign-on solution such as Directory-as-a-Service can support your organization, drop us a note. We’d be happy to discuss it with you. Or, feel free to give JumpCloud’s Directory-as-a-Service a try.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Continue Learning with our Newsletter