What is Identity-as-a-Service? The term Identity-as-a-Service (IDaaS) has historically referred to web application single sign-on (SSO), a category of cloud-based IT solutions that is focused on extending user identities to web applications.
User identities are a collection of attributes that include the username, email, and password of an individual user, which are often leveraged to authenticate user access to various IT resources including web applications and more. Now though, Identity-as-a-Service is considered to be the next generation cloud identity platform that employs a single sign-on experience to virtually all IT resources.
Traditionally, user identities have been managed on-prem with legacy identity providers (IdPs) such as Microsoft Active Directory (AD) and OpenLDAP, which don’t natively support cloud-based IT resources such as web applications.
Hence, first generation IDaaS platforms were developed to provide easy access to web-based applications primarily for on-prem, Windows-based user identities. But now, IT organizations need to go beyond that first definition of Identity-as-a-Service.
With the changing landscape in IT and the modern shift to remote work, connecting users to whatever IT resources they need regardless of type or platform is now paramount. In fact, one could argue that the more critical role for IT now is to enable their remote workforce to securely and frictionlessly connect to their IT resources in order to get work done.
The concept of Identity-as-a-Service came to be in the late-2000s, after web applications like Salesforce, Google Apps (now called Google Workspace), Slack, and GitHub started to become popular. At the time, Microsoft effectively owned the IT space, and virtually every IT resource was on-prem and Windows-based.
The dominance of Microsoft solutions enabled IT organizations to leverage AD as their core IdP, which could securely authenticate and authorize users to all of their on-prem Windows-based IT resources via the AD domain controller. The trouble was that web applications were not Windows-based and on-prem, nor could they bind to the AD domain controller in most cases. Thus, they often had to be managed independently, or worse, not at all.
Web applications created quite the dilemma for IT admins. On one hand, web applications were effectively an early form of shadow IT in that they often went unmanaged, which is a major security risk. On the other hand, web applications offered tremendous advantages such as increasing productivity and usability while simultaneously reducing cost and management overhead.
Of course, that’s when first generation IDaaS platforms came to market. They could seamlessly connect on-prem user identities to cloud-based web applications, which enabled admins to manage user access to web applications with AD identities from a SaaS-based solution.
Identity Management with IDaaS
However, as more IT resources shift to the cloud and diversify, more IT admins have come to discover that traditional IDaaS solutions paired with a legacy IdP’s are no longer enough to manage the complexity of modern networks. Today, cross-platform system environments, web and on-prem applications, cloud infrastructure at AWS and GCP, physical and virtual file servers, and networks spanning multiple locations all combine to place a tremendous strain on traditional identity management solutions and even the pairing of an on-prem IdP with a legacy IDaaS solution.
The trouble is that new innovations often require their own identity federation services such as identity bridges, privileged identity management, directory extensions, and more for IT admins to authenticate users in an AD environment. Sadly, the future of the traditional on-prem identity management approach is bleak, as IT resources continue to shift away from an on-prem, Windows-based foundation in favor of the cloud.
How to Choose Your Identity-as-a-Service Needs
In order to choose the right Identity-as-a-Service solution, start with your requirements. Ignore what the outside world is saying to you about what it should mean, and define what it does mean to you. The conventional wisdom is that anything ‘as-a-Service’ must be delivered from the cloud. While that may be other definitions, it may not work for you. Discard whatever isn’t useful for you during the discovery process so you can more readily define your own requirements.
Here are some areas to get you started in thinking through IDaaS in your organization.
Core Identity Store
Do you need your IDaaS to be your core, authoritative user store? Many organizations don’t have a central user store or are leveraging Google Apps as their directory, and that’s not a directory service! There are options for you to leverage as your central directory, including some cloud-based options.
What do Identities Need to Connect to
Identities are created for a reason – to connect users to IT resources. Some pundits in the industry are so focused on the identities themselves that you end up losing sight of the reason they exist. Do you need your IDaaS to connect to devices, applications, and networks? Or some portion of those? Maybe just cloud applications? Perhaps just your devices? You choose your requirements.
DIY or Service
Is your IDaaS going to be delivered for you as a traditional SaaS solution or are you planning to manage it yourself? Perhaps you are managing it yourself but are delivering it your customers. Isn’t that Identity-as-a-Service, too? Or does it just have to be in the cloud, delivered by a third-party provider?
Next Level Identity-as-a-Service
The good news is that a next generation IDaaS platform has emerged that offers a single sign-on experience to virtually any IT resource, while shifting the core IdP to a comprehensive cloud alternative. It’s called JumpCloud Directory Platform, and it is effectively a reimagination of AD for the modern era of IT—a cross platform, protocol-driven approach to delivering directory services, single sign-on, privileged access management, MDM capabilities, and more from the cloud. Thus, enabling IT admins to leverage a single cloud directory platform throughout their entire organization.
Contact JumpCloud to learn more about Identity-as-a-Service, and to see how the cloud directory platform can deliver single sign-on capabilities that span the breadth of your IT network. Sign up for a free account and check it out for yourself—we offer 10 users and 10 systems free to help get you started. You can even contact our support 24×7 through in-app chat during the first 10 days to solve any problems. Finally, check out our YouTube Channel to gain a foundational grasp of everything that JumpCloud has to offer, and let us know if you have any questions.