By Zach DeMeyer Posted October 28, 2019
As organizations look to extend their on-prem identity management tooling toward the cloud, they are evaluating the various Identity-as-a-Service (IDaaS) solutions on the market. A major consideration when doing so, however, is asking what level of control you need from your IDaaS solution. To that end, let’s look at IDaaS solutions as a whole.
What is IDaaS?
IDaaS is a term that has generally been used to describe Software-as-a-Service (SaaS)-based web application single sign-on (SSO) point tools. The thought process behind that definition is the use of a subscription service to propagate user identities to web application IT resources outside the traditional domain.
IDaaS solutions come from a variety of vendors, each with their own specialized features. In general, though, every IDaaS solution should be adept at extending identities stored on-premises to the cloud, applying them to web applications and Infrastructure-as-a-Service (IaaS) providers for authentication.
Why the Need for IDaaS Solutions?
Traditionally, identity management has been carried out by on-prem directory services, using solutions like Microsoft® Active Directory® (AD) or LDAP. The rise of web-based applications, cloud infrastructure, file servers, and more, however, has thrown a wrench in the works for these on-prem directory services / identity management tools.
Using IDaaS solutions, IT admins can extend these on-prem identities to their web applications as needed. Beyond that, some IDaaS solutions provide multi-factor authentication (MFA) and other identity management capabilities that traditional tooling options generally lack.
The Root of IDaaS
At their core, many IDaaS solutions are simply point solutions; they are usually only applicable to the web application niche in the overall identity management space. Many IT organizations, however, are evaluating their identity management woes holistically. With a growing stack of point solutions, like IDaaS and others, admins are trying to find a way to solve the problem at the root: the directory service.
At its core, Identity-as-a-Service should represent the use of the cloud for the federation of an identity for authentication to all resources. As a concept, the directory service could therefore fall under the IDaaS mantle, although traditional directory service options are most certainly not offered ‘as-a-Service.’ Traditional directory services are usually limited by three core problems:
- They’re based on-prem and struggle to reach cloud apps/infrastructure
- They’re dependent upon the operating system/vendor of systems/apps
- They require on-prem hardware to operate, as well as IDaaS solutions and other tools for complete cloud identity management
The Cloud Directory Service
A cloud directory service, however, can be considered a next generation IDaaS platform. Cloud directory services are often offered on a subscription basis, and are completely cloud-hosted, much like other IDaaS solutions. The difference between first generation IDaaS solutions and modern ones is that IDaaS solutions no longer need to rely on an on-prem identity provider. Modern IDaaS implementations are the identity provider.
With a cloud directory service, IT organizations can rest assured that they can extend their identities to virtually all IT resources, regardless of vendor or location. Beyond that, they also experience the benefits of eliminating the work and cost of setting up on-prem equipment and additional web application SSO solutions.
Learn More About Cloud Directory Services
If the possibility of a cloud directory service as your centralized, next generation IDaaS solution sounds appealing to you, please contact us. We can point you in the right direction regarding your options for a cloud directory service.