By Greg Keller Posted December 29, 2016
Our vision of IDaaS (Identity-as-a-Service) is quite different from the overall market. While much has been made of IDaaS as the next wave of identity, truthfully, the category has lacked imagination.
Conventional IDaaS has largely focused on just web application single sign-on. But that pales in comparison to the true of scope of the modern identity – which is also used to access devices and for IT to manage users. The truth is that the term “Identity-as-a-Service” was coined by the web application SSO providers to make it sound much more fancy that what was really going on.
The problem with the conventional definition of IDaaS is simply this: web application single sign-on isn’t a central and authoritative system of record for the entire organization. Further, if you’re looking for system management, then you’re out of luck. System management is generally the furthest thing from what traditional “IDaaS” platforms manage.
True IDaaS Does More
The good news is the next-generation IDaaS platform called Directory-as-a-Service® is building a comprehensive cloud identity management system. Included in the platform is, of course, web application single sign-on. But that’s just the beginning.
Directory-as-a-Service goes further by becoming the authoritative system of record for user identities – centralizing management and access to apps in the cloud, on-premise, and even to endpoints, WiFi, and networks. One identity has never been federated to such a wide variety of different IT resources.
IDaaS and System Management
Let’s talk about systems (AKA endpoints). I’m guessing your users don’t just have Windows workstations any more. So you probably want identities that can federate to Windows, macOS, and Linux systems. Preferably, you could control identities across all three major types of systems.
That’s exactly what’s possible with a virtual identity provider. It may sound a tad futuristic. Central user management for the three major platforms from the cloud is a novel concept. When you add in system management capabilities, it rounds out the platform to be the next generation of Microsoft Active Directory.
That title may be selling IDaaS short. While IDaaS doesn’t currently offer every single feature of Active Directory, it does offer major advantages that Microsoft can’t. At the fundamental level, the difference is this: IDaaS has been built during the cloud era, for the cloud era. That means cloud-forward security and functionality.
Expansive Capabilities, Central Control
IDaaS and system management capabilities can include running and executing tasks or commands on the various devices. Those tasks could be to enable the screensaver lock, have specific policies, disable guest accounts, ensure that disk encryption is on, and much more. In fact, the Directory-as-a-Service command execution capabilities can be thought of like cross-platform Group Policy Objects (GPOs). Instead of only having these capabilities on Windows with Active Directory or not even having any device management abilities with traditional IDaaS, Directory-as-a-Service gives IT admins full central control over devices.