By Vince Lujan Posted August 30, 2017
Single Sign-On (SSO) refers to the concept of having one set of credentials to gain access to multiple IT resources within an organization. Most organizations leverage a wide array of IT resources on a daily basis, so it is easy to see how a hosted SSO provider can be a powerful ally – especially if it’s True SSO™, which provides unified access to all IT resources from one single set of credentials.
The trouble is that hosted SSO providers tend to gloss over the fact that most still require a separate on-prem directory service (e.g. Active Directory® or OpenLDAP) to act as the authoritative source for user credentials. They also don’t like to mention that users typically require separate credentials to gain access to their systems, on-prem resources, servers, WiFi, and more.
Can that really be considered hosted True Single Sign-On™?
A Brief History of Single Sign-On
SSO has always been somewhat of a misnomer. It was created in the early 2000’s when Microsoft® systems and applications were the preferred option for enterprise computing solutions and everything was on-prem. Microsoft Active Directory (AD) had just been introduced, and managed access to Windows resources in a secure domain known as a virtual private network (VPN).
This scheme was all well and good so long as everything was Windows-based and on-prem. However, it was shortly after AD was introduced that web applications started to gain popularity. Applications like Salesforce led the way, and their success led many others to shift their delivery away from out-of-box solutions in favor of the cloud. The result was the Software-as-a-Service (SaaS) model that is widely implemented today.
The problem was that SaaS applications fell outside of the AD domain. Thus, user identities could not be authenticated to manage access to these applications. This opened the door for vendors to create solutions layered on top of AD aimed at extending AD identities to cloud resources. Despite the fact that users still needed separate credentials to gain access to their systems, on-prem resources, servers, WiFi and more, these vendors started calling themselves “SSO” providers and the name stuck.
Hosted Single Sign-On Today
Today, SSO providers are still a major part of the identity and access management (IAM) space. The issue for admins is that each non-Windows or cloud resource requires its own SSO manager (e.g. one identity for web applications, another for servers, and yet another for your desktop or laptop). With many different types of IT resources, there hasn’t been a way to create one identity to cut across everything. In fact, because people have only brought half solutions to market, IT organizations have been forced to have a multiple systems and only provide partial SSO.
Directory-as-a-Service® features Hosted True SSO
The modern approach to hosted True SSO is changing all of that. The concept is to create One Identity to Rule Them All®. One identity to cut across all types of different IT resources including systems (Windows, Mac, Linux), cloud and on-prem servers (e.g. AWS, Google Cloud, internal data centers), legacy and web applications via SAML and LDAP, data and files on-prem or in the cloud, and wired and WiFi networks via RADIUS.
In doing so, admins can leverage one virtual identity provider that securely stores identities and then federates those to a wide range of different types of IT resources regardless of location, platform, protocol, or provider. A single identity securely stored in the cloud that can access on-prem and cloud resources such as Mac, Linux, AWS, G Suite, Office 365, Azure, Slack, and much more.
A new generation of cloud identity management platforms called Directory-as-a-Service accomplishes this vision of hosted True SSO.
To learn more about how Directory-as-a-Service can provide hosted True Single Sign-On access to all of your resources, both on-prem and in the cloud, drop us a note. You can also sign up for a free IDaaS account for a first hand True SSO experience.