By Zach DeMeyer Posted November 12, 2019
While “as-a-Service” offerings continue to flood the software market, some are wondering about what Identity-as-a-Service (IDaaS) means.
IDaaS Through the Years
If you were to look up the dictionary definition of IDaaS, it would look something like this: IDaaS is identity and access management (IAM) software delivered on a subscription basis, as-a-Service from the cloud. This definition is an intuitive one; an identity and the access it requires being served up in an easy-to-use, cloud-hosted fashion is a great boon for IT in the modern era.
The longest-standing definition of IDaaS, however, is essentially that of a web app single sign-on (SSO) solution. SSO tools federate on-prem identities to cloud applications. When the introduction of the cloud caused a shift in applications to the web, on-prem identity providers (IdPs), such as Active Directory® (AD), struggled to authenticate access to them. SSO tools filled this need by leveraging the SAML protocol, subsequently creating this widely-accepted definition of IDaaS in the process.
Diving Deeper into IDaaS
Although the SSO-centric definition is the most popular iteration of the meaning of IDaaS, it isn’t necessarily the most correct one. Using the holistic “dictionary” definition, IDaaS as a term can apply to several solutions around the IAM industry.
Obviously, SSO deserves to be a part of this list. Unfortunately, the reach of an identity expands much further than just access to web applications.
One such facet is systems. On-prem IdPs, namely AD, authenticate access to Windows® systems. AD struggles with system authentication outside of the Windows OS, especially in regard to macOS® and Linux® endpoints.
Organizations based around Active Directory with mixed-platform environments turn to identity bridges to fill this need. Identity bridges assimilate non-Windows systems into an AD domain, making life easier for admins who are trying to do so manually. In that regard, identity bridges function as an IDaaS solution as well, as they extend identities from AD into resources outside of the domain and can be leveraged from the cloud.
Taking a big step back, however, we must look at the concept of identities, and therefore identity management as a whole. The identity is the gateway to virtually all IT assets and resources leveraged in the workplace. So, an Identity-as-a-Service solution should apply to all of these resources, whether they are applications, systems, networks, infrastructures, file servers, etc. This idea leads us to a more accurate meaning of IDaaS: a centralized identity for virtually everything in an IT environment. This role is often filled by the directory service.
Traditional Directory Services
A directory service/IdP, has traditionally served the role as the core of IAM for much of the history of IT. Directory services federate identities to systems, applications, networks, etc., and serve as the hub for the identity of any given user in an organization.
However, as the above IDaaS examples show, legacy directory service solutions struggle in regard to cloud/non-Windows additions to the IT landscape. Beyond that, they are often hosted on-prem and purchased through binding licensing fees, putting them out of the realm of the “as-a-Service” category.
Cloud Directory Services
A cloud directory service, or Directory-as-a-Service®, embodies the true meaning of IDaaS. A cloud directory service provides secure identity management and connects said identities to virtually all of the IT assets and resources an organization needs. This One Identity to Rule Them All® applies to both on-prem and cloud-based resources, regardless of platform, protocol, or provider.
Try True IDaaS Today
Instead of using a handful of solutions for IAM, leverage true Identity-as-a-Service from a single solution in the cloud. Please contact us if you’re interested in learning more.