By Kayla Coco-Stotts Posted December 30, 2019
The Identity-as-a-Service (IDaaS) model is popular among IT professionals looking to simplify the complexity of identity management tasks. By connecting users to web applications, IDaaS has revamped the way IT admins authorize and authenticate user credentials to modern IT resources. Below we have detailed where this concept originated and the future of IDaaS.
What is IDaaS?
Identity-as-a-Service is a Software-as-a-Service (SaaS)-based identity and access management (IAM) platform. The first generation of IDaaS effectively consisted of web application single sign-on (SSO), which allowed users to leverage a single set of credentials for the variety of web apps they needed to access.
Before SaaS applications, on-prem Microsoft Active Directory® (AD) controlled access to virtually all of an organization’s IT infrastructure (systems, networks, databases, and servers). As web applications started to become more popular, AD struggled. Admins needed a solution to extend existing AD credentials to these applications so users could securely use applications like Salesforce®, Dropbox, and more with one set of credentials as well as giving IT admins the control they wanted over user access. On-prem web application single sign-on solutions emerged to bridge the gap. Subsequently, these SSO solutions made the leap to be in the cloud so that IT admins didn’t need to manage them on-prem.
What Does IDaaS Provide?
IDaaS is all about connecting users to IT resources, specializing in granting SSO access to web applications.
Web Application Single Sign-On
SSO solutions came about as a supplementary, managed response to the rapid expansion of cloud-based web applications. SSO solutions were great for admins looking to extend their users’ credentials (primarily linked with AD) to resources outside the scope of legacy directory services.
Limitations of Web App SSO
The biggest downside of first-generation SSO solutions for IT admins is that the platform is layered on top of an existing AD instance. This layered approach means IT admins need to maintain two interfaces in order to manage access to on-prem Windows resources as well as web-based applications. While first-generation IDaaS fulfills the need for secure user access to web applications, many IT admins wondered about SSO for disparate systems (like macOS® and Linux® machines), VPNs and WiFi infrastructure, and on-prem Samba-based (non-Windows) file servers? An ideal SSO setup is one that uses one secure identity to access all of the IT resources that a user may need.
Next-Generation IDaaS: True Single Sign-On
As modern, non-Windows IT resources grew in popularity, a disconnect developed between web application SSO and the remaining host of resources admins needed to authenticate to. Each resource required its own set of credentials and often add-ons if they were non-Windows-based, further splintering the idea of singular access and management.
To meet this ever-growing need for unity, the next generation of IDaaS arose. These next gen IDaaS platforms integrated more than just web application SSO, instead opting for a unified cloud IAM platform that included directory services, MFA, system management, audit/governance capabilities, and privileged access management. These cloud IAM solutions sought to grant IT admins the ability to control access to every IT resource (with a single identity) all from a web-based management console.
What is Next-Generation IDaaS?
Next-generation IDaaS can be applied to any situation in which users are securely connected to IT resources, and it is delivered as an ongoing service, from the cloud. IDaaS has evolved in the IAM space to offer True Single Sign-On™ capabilities for IT admins looking to move their IT management infrastructure entirely to the cloud, including:
- Cloud Directory Service: For users, their attributes, and passwords all organized under one central, cloud-based identity
- Cross-Platform System Platform: Manage systems across all major platforms (including Windows®, macOS®, and Linux®)
- Administration Automation: Automation for groups, including provisioning and deprovisioning
- Single Sign-On: Passwords and SSH keys management for both web-based and on-prem applications via the SAML 2.0 protocol
- Cloud RADIUS and LDAP: Secure authentication to networks and on-prem applications
- Multi-Factor Authentication: Increase security with a second factor for Windows, macOS, and Linux systems, as well as application and network access
This next-gen IDaaS ensures IT admins can successfully implement secure access protocols over all resources a user needs without requiring multiple third-party add-ons or extensive licensing.
JumpCloud® Directory-as-a-Service® is the first next-gen IDaaS platform that delivers True SSO so that users can securely access the resources they need regardless of platform, protocol, provider, and location. Interested in learning more about a modern IDaaS solution to truly bring the next generation of directory services to the cloud? You can schedule a personalized demo, or register for a free account for up to 10 users for free.