What is Identity-as-a-Service (IDaaS)?

By Vince Lujan Posted February 23, 2019

What is Identity-as-a-Service? The term Identity-as-a-Service (IDaaS) has historically referred to web application single sign-on (SSO), a category of cloud-based IT solutions that is focused on extending user identities to web applications. User identities are a collection of attributes that include the username, email, and password of an individual user, which are often leveraged to authenticate user access to various IT resources including web applications and more. Now though, Identity-as-a-Service is considered to be next generation cloud directory services that employ True Single Sign-On™ to just about all IT resources.

Traditionally, user identities have been managed on-prem with legacy identity providers (IdPs) such as Microsoft® Active Directory® (AD) and OpenLDAP, which don’t natively support cloud-based IT resources such as web applications. Hence, the need for first generation IDaaS platforms, which were developed to provide SSO access to web-based applications—primarily, for on-prem, Windows®-based user identities. But, now IT organizations need to go beyond that first definition of Identity-as-a-Service to connecting users to whatever IT resources they need regardless of type or platform.

IDaaS Origins

The concept of Identity-as-a-Service came to be in the early-2000s, just after web applications like Salesforce®, Google Apps (now called G Suite), Slack®, and GitHub® came to market. At the time, Microsoft effectively owned the IT space, and virtually every IT resource was on-prem and Windows-based.

The dominance of Microsoft solutions enabled IT organizations to leverage AD as their core IdP, which could securely authenticate and authorize users to all of their Windows-based IT resources via the AD domain controller. The trouble was that web applications were not Windows-based, nor could they bind to the AD domain controller in most cases. Thus, they often had to be managed independently, or worse, not at all.

Web applications created quite the dilemma for IT admins. On one hand, web applications were effectively an early form of shadow IT in that they often went unmanaged, which is a major security risk. On the other hand, web applications offered tremendous advantages such as increasing productivity and usability while simultaneously reducing cost and management overhead.

Of course, that’s when first generation IDaaS platforms came to market. They could seamlessly connect on-prem user identities to cloud-based web applications, which enabled admins to manage user access to web applications with AD identities.

Identity Management with IDaaS

However, as more IT resources shift to the cloud and diversify, more IT admins have come to discover that traditional IDaaS solutions paired with a legacy IdP are no longer enough to manage the complexity of modern networks. Today, cross-platform system environments, web and on-prem applications, cloud infrastructure at AWS® and GCP®, and networks spanning multiple locations are placing tremendous strain on traditional identity management solutions.

The trouble is that new innovations often require their own identity federation services such as identity bridges, privileged identity management, directory extensions, and more for IT admins to authenticate users in an AD environment. Sadly, the future of the traditional on-prem approach is bleak as IT resources continue to the shift away from an on-prem, Windows-based foundation in favor of the cloud.

Next Level Identity-as-a-Service

The good news is that a next generation IDaaS platform has emerged that offers True Single Sign-On to virtually any IT resource, while shifting the core IdP to a comprehensive cloud alternative. It’s called JumpCloud® Directory-as-a-Service®, and it is effectively a reimagination of AD for the modern era of IT—a cross platform, protocol-driven approach to delivering directory services from the cloud. Thus, enabling IT admins to leverage a single cloud-based identity provider throughout their entire organization.

Contact JumpCloud to learn more about Identity-as-a-Service, and to see how the Directory-as-a-Service platform can deliver True Single Sign-On capabilities that span the breadth of your IT network. Sign up for a free account and check it out for yourself—we offer 10 users free forever to help get you started. Finally, check out our YouTube Channel to gain a foundational grasp of everything that JumpCloud has to offer, and let us know if you have any questions.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts