Cloud IAM Function: Linux System Authentication

By Rajat Bhargava Posted May 12, 2017

Linux System Authentication Cloud IAM

The cloud identity management sector has now become the main identity management sector. As more organizations shift to the cloud, many are interested in an integrated identity management solution that can cover a number of areas. One such area that has historically lived in a separate area is the cloud identity management function for Linux system authentication.

Linux Management

Linux System Authentication

As Linux has grown in popularity, the challenge that comes along with it is the management of those systems. A few different approaches have emerged to manage Linux devices. Traditionally, organizations have been leveraging Microsoft Active Directory® as their identity and access management platform. Of course, Microsoft AD works well with Windows machines, but it does not handle Mac or Linux systems very well at all. This lack of cross-platform system authentication has become a core driver in the search for Active Directory alternatives.

As more DevOps organizations leverage more and more Linux cloud servers, the challenge for centralized Linux user management grows. Many Linux systems are still being managed manually. More progressive DevOps and IT organizations have implemented cloud identity management approaches, including configuration management platforms such as Chef, Puppet, Salt, or Ansible, or a cloud directory service.

Identity Management Approaches

securing identities

For small implementations, manual user management isn’t so bad. An IT or DevOps admin can easily manage user access via passwords or keys to Linux servers and systems. Organizations such as these often will leverage Google Apps (now called G Suite) for their productivity platform, and AWS for their server infrastructure. With this system, only a handful of devs and IT admins need to have access. The result is manual provision, de-provision, and managed user access.

As the organization grows and the server infrastructure grows, manual user management ends up breaking down. There are too many changes to keep track of, and the infrastructure scales too quickly. DevOps and IT admins end up spending too much of their valuable time trying to keep up with the onboarding and offboarding of users. On top of this, they also end up having to deal with forgotten passwords and lost SSH keys.

So, when DevOps and IT admins hit this spot, many will end up using some quick and dirty solutions and automation. This oftentimes ends up being a configuration management platform. While these solutions fortunately give you a system and the ability to scale for a little bit, you still end up having to write code to implement the solution. This works fine for a while, but as organizations hit around 30 users, this system ends up breaking down. The changes become too frequent, and the lack of security ends up being a issue. Eventually, it is too time consuming to create unique levels of access for all of the users. Additionally, even if the end result is efficient, it is not necessarily secure.

The Cloud Identity Management Approach

cloud identity management remote

The next step for IT and DevOps organizations is to leverage a cloud identity management solution that supports Linux user management. The leading platform, called Directory-as-a-Service®, is able to centralize the entire identity management function for an organization. As a modern Identity-as-a-Service solution, organizations who employ this tool can leverage one set of credentials to access their desktop and laptop systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, Google Cloud, Linux, Windows, etc.), web and on-prem applications, and wired or WiFi networks.

The cloud directory service can also easily tie SSH keys to the individual, and place those keys on Linux servers for authentication. This process can be automated as well with the end user placing their public key into the cloud identity management solution, and the platform then subsequently placing the public keys on the Linux servers – no IT or DevOps involvement required.

Directory-as-a-Service and Linux System Authentication

cross-platform device management

With DaaS, Linux system authentication becomes quick and easy for the end user, and there isn’t the hassle for DevOps or IT to manage the process. If you would like to learn more about the cloud identity management function for Linux system authentication, drop us a note. Or, sign-up for a free account and see how our cloud directory works for yourself. As a hosted directory service, it works seamlessly with AWS and on-prem resources. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts