IAM Vs IDaaS

By Vince Lujan Posted March 26, 2019

IAM vs IDaaS

The modern identity management space can be confusing. With a wide array of identity management solutions available from a variety of different vendors, it can be difficult to make sense of it all. It doesn’t help that there are so many acronyms in use today such as IAM, IdP, IDaaS, SaaS, PIM, PAM, MFA, 2FA, and many more to describe similar but distinct identity management concepts. For that reason, this blog post will analyze IAM vs IDaaS in an attempt to bring some clarity to the market.

What is IAM?

Identity and Access Management (IAM) refers to the overall category of identity management solutions that are used to manage digital user identities and access to various IT resources. The IAM space is a broad category that includes the core identity provider (IdP), also known as directory services, as well as many subcategories such as directory extensions, web application single sign-on (SSO/IDaaS), privileged identity/access management (PIM/PAM), two-factor authentication (2FA/MFA), and more.

Essentially, IAM solutions are in the business of securely managing and connecting users to the IT resources they need to Make Work Happen. The challenge for IT organizations is finding the best IAM solution to meet their specific requirements. And with such a huge variety of IAM solutions currently available, this is often easier said than done.

Managing user identities and access to IT resources wasn’t always so complex, though. IT networks were once entirely on-prem, and effectively revolved around the Microsoft Windows® operating system (OS). The Microsoft dominated landscape enabled IT admins to leverage Microsoft’s traditional IAM platform, called Active Directory® (AD), to manage user identities and their access to Windows-based IT resources. In other words, AD was basically the only IAM solution required—at the time.

However, the IT landscape started to change around the turn of the century as a variety of new innovations came to market. Web applications such as Salesforce® and Google Apps (now called G Suite) were at the tip of the spear. Solutions such as these offered significant advantages over their legacy counterparts such as decreasing cost while simultaneously increasing productivity. The challenge was that they were difficult to manage with traditional IAM solutions.

Of course, it’s easy to scrutinize the past when looking through a modern lens, but it is important to understand that traditional IAM solutions such as Active Directory, OpenLDAP, and even Apple Open Directory (OD) were never built to support newer innovations including web applications, cloud infrastructure, virtual storage solutions, and remote networks. Consequently, it has been difficult to manage cloud-based resources such as these with traditional IAM infrastructure.

To mitigate this challenge, a number of third-party identity management solutions emerged that could extend traditional user identities (primarily AD user identities) to cloud-based or non-Windows IT resources. Specifically, with respect to web applications, these directory extension solutions were known as web application single sign-on (SSO), which is also traditionally referred to as Identity-as-a-Service (IDaaS).

IDaaS in a Nutshell

IDaaS, in a traditional sense, represents a subcategory of the overall IAM space that is focused on extending user identities to web applications. Historically, IDaaS solutions have been layered on top of traditional IdPs, primarily Active Directory, to extend the functionality of legacy platforms to previously unsupported remote solutions. As a result, IT organizations could continue to leverage their legacy IdP, with added support for web applications such as Salesforce, Google Apps / G Suite, GitHub, Slack, and many more. So, while Identity-as-a-Service is technically an IAM solution, we can see that IDaaS represents a subcategory within the overall IAM space.

The Future of IDaaS and IAM

The evolution of directory services

Interestingly, however, the IAM space has continued to evolve through the years as more of IT infrastructure moves to the cloud. Today, next generation IDaaS platforms are emerging from the cloud that can consolidate what was once a patchwork of siloed identity management solutions into a comprehensive cloud IdP. The JumpCloud® Directory-as-a-Service® (DaaS) platform is a great example, which can securely manage and connect users to virtually any IT resource, without anything on-prem and without the help of third-party add-ons. Think of it like True Single Sign-On. The DaaS platform accomplishes this in part by leveraging secure protocols such as LDAP, SAML, RADIUS, SSH, and REST working in concert with the JumpCloud system agent. As a result, IT organizations can leverage a single IAM solution to manage the complexity of modern networks.

Contact JumpCloud to learn more about IAM vs IDaaS, and to see how our comprehensive cloud IAM solution can deliver next generation IDaaS capabilities to your organization. Check out our knowledge base and YouTube page for supplemental information. Sign up for a free account to see the future of IAM vs IDaaS in action today. We offer 10 users free forever to help you explore the full functionality of our platform at no cost.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts