By Rajat Bhargava Posted February 11, 2017
Identity-as-a-Service (or IDaaS for short) has become a major buzzword in the IT industry. In fact, it might just be one of the hottest segments of the red-hot identity and access management market. The challenge is that IDaaS has lost a lot of its meaning. It’s not clear to IT admins what the term means anymore.
That’s why it’s helpful to think of IDaaS in terms of generations. We like to think of first generation IDaaS as being web single sign-on, and next-generation IDaaS as the more encompassing Directory-as-a-Service® approach.
What is First Generation IDaaS?
The term Identity-as-a-Service emerged a little less than a decade ago. The term was pioneered by the web application single sign-on players. Even though it was somewhat of a stretch in thinking about IAM, the term made sense at the time. When the cloud SSO providers emerged, the core identity provider at the time was Microsoft Active Directory®. IT was a Windows-based world, so AD made a lot of sense. The web application SSO providers sat on top of AD and extended it to cloud applications. AD was the identity provider while the SSO solution received a federated copy of the identity.
You can start to see why the term IDaaS was a bit of stretch for the SSO providers.
However, the analysts jumped on the term, so it became very popular. As the world started to shift away from Active Directory, new solutions emerged that encompassed a true Identity-as-a-Service approach. These approaches centralized the user’s identity in the cloud and federated it to a wide variety of different IT resources, including systems, on-prem applications, and networks. These virtual identity providers were connecting users to web applications as well. The term IDaaS started to have new meaning beyond simple web application SSO.
New Generation of IDaaS Actually Provide Identities
Next-generation IDaaS is a central and cloud-based identity provider. These platforms, such as Directory-as-a-Service, securely manage and connect employee identities to the IT resources those users need. The IT resources include Windows, macOS, and Linux systems whether on-prem or hosted in the cloud. As such, cloud servers hosted at AWS can be easily managed by the central directory service. On-prem and web applications are connected via the LDAP and SAML protocols, among others.
The connection to the network was severed when Active Directory was replaced. Eliminating the domain controller meant that a different mechanism was needed to securely and uniquely connect users to the WiFi network. This approach with modern IDaaS solutions is done through RADIUS.
Device management and multi-factor authentication are some other key areas that have emerged as Active Directory and OpenLDAP have been reimagined for the cloud era. When you combine all of these different approaches to help manage a modern IT network, it is clear what True Single Sign-On™ and next-generation IDaaS truly are.
JumpCloud® is Next Generation IDaaS
If you would like to learn about why you should move beyond first generation IDaaS, drop us a note. We’ll help you understand the identity and access control market and why Directory-as-a-Service is your next-generation IDaaS solution. If you’d like to see it in action for yourself, sign up for a free account. Your first 10 users are free forever.