By Greg Keller Posted March 3, 2015
We often hear the comment that, “I don’t need a directory – I’ll just use ‘X’” where X is usually Google Apps (now known as G Suite) or a Single Sign-On provider. The person will go on to say that they don’t need to have a central user store because they can do what they need to do with either Google Apps Directory (now Google Cloud Directory) or the Single Sign-On solutions user store. That very well may be the case for some of these organizations, but we’d like to point out a few weaknesses with that approach.
Google Apps Directory
Google has transformed the market with their Google Apps solution. They have kicked the door wide open against a very strong competitor in Microsoft Exchange and Office. Once Microsoft Exchange is out of the picture, you begin to wonder if Microsoft’s Active Directory® is really necessary. So many organizations then just go with Google Apps as the directory.
This approach runs into a challenge when it becomes time to manage non-Google IT resources. How will a user authenticate on their compute device? Will IT manually manage accounts on all computers? If you are leveraging Infrastructure-as-a-Service solutions such as AWS or GCE, then how will you centralize the user access control to those servers? Google Apps Directory was primarily created as a user management service for Google Apps and for those apps that are willing to federate their authentication via OAuth. But, unfortunately, it doesn’t authenticate your users to devices, servers, and networks. So while a Google Apps Directory appears seamless, those aspects will still need to be managed manually.
Single Sign-On Providers
For web applications, SSO solutions are an excellent way to manage access. They can provide IT admins with an easy way to provision and manage users for certain applications. More importantly, your users just need to login to the SSO provider and from there jump to whatever application they need. This ends up being easier for the users as they only need to know one login! The challenge for IT admins is how to manage everything else. Computer devices need to have their access managed. Same with your servers at AWS, GCE, or elsewhere. What about your wireless network? Internal applications? All of those need to have access control, but the SSO solution doesn’t focus on those areas. Similar to Google Apps, you’ll need to manage those areas yourself.
Some organizations only have a few SaaS-based apps and/or Google Apps that they really care about. Many of these organizations are small or set up in such a way as to not need a wide range of IT resources for their employees. For those organizations it may make sense to just use these solutions and not focus on a user directory. For virtually all of the other organizations in the world, directory services are a core necessity. They are the solution that connects users with the IT resources that they need to be productive in their jobs.
The Real Trick to Managing Users
When we hear people say that they don’t need a directory, we tend to think that it really means that they don’t want to put up with the hassle of managing a directory like Microsoft Active Directory or OpenLDAP™. With cloud-based Directory-as-a-Service® solutions such as JumpCloud, there is no reason for IT admins to deal with the hassle of implementing and managing a directory. We take the heavy lifting off of your plate. If you would like to learn more about how you can implement a powerful, robust directory service without the effort, drop us a note. Additionally, feel free to try out our cloud based directory for yourself. Your first 10 users are free forever.