IDaaS Group Policy Object (GPO) Replacement

By Greg Keller Posted June 5, 2017

Identity-as-a-Service Group Policy Object (GPO) Replacement

A critical part of the Microsoft Active Directory® platform is their Group Policy Objects (GPOs). In fact, many IT admins would have already replaced Active Directory years ago if they could find an alternative that could match AD’s GPO function.

GPOs enable IT to manage devices as well as control user access more efficiently by segmenting them into groups. Having the ability to manage Windows devices through GPOs was a crucial IT management capability, especially for organizations with larger numbers of users or endpoints. In short, the need for group-based access management is one of the main reasons that AD has been so firmly embedded in organizations for over a decade.

Now however, there is finally an alternative. A modern, cross-platform approach to GPO-like functionality is being driven by a new category of solution called Directory-as-a-Service®. This solution is a part of the Identity-as-a-Service category delivering a Group Policy Object replacement.

The Power and Value of Group Policy Objects

identity management market alternative

GPOs are a valuable part of AD. With GPOs, IT admins can execute policies and scripts on Windows devices. Those items can include the ability to manage password policies, screensaver timeouts, disk encryption, guest user accounts, and much more. Microsoft AD not only provides templates for a wide variety of GPOs but also gives IT admins the ability to write their own custom GPOs. The inclusion of device management capabilities with directory services was a brilliant move by Microsoft.

Identity-as-a-Service Emerges – without GPOs

the future of cloud IAM

As the Identity-as-a-Service market has emerged, GPO replacement capabilities have not been at the top of the list. In fact, the first generation of IDaaS providers focused on web application single sign-on. These cloud identity management solutions focused in on leveraging AD as the core, authoritative directory service and then federating those identities to the web application SSO component. The assumption was that AD would always be the directory service.

IDaaS Matures into Group Policy Object Replacement

cloud identities

With the shift to the cloud and to mixed-platform environments, Active Directory is no longer the unified cloud directory service that IT organizations are looking for. In fact, they are seeking a cross-platform, independent directory service that does authentication, authorization, and device management. Think of this as an Active Directory alternative built for the cloud era. It should have cross-platform user management capabilities for MacOS, Linux, and Windows. In addition, it must have device management capabilities similar to GPOs but across all three major platforms.

Manage Groups of Users and Systems from the Cloud

cloud identity management jumpcloud

If you would like to learn more about how the Identity-as-a-Service function for Group Policy Object replacement works, drop us a note. You may also sign up for a free account and take a look at our Directory-as-a-Service command execution functionality. Your first 10 JumpCloud® users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts