The identity management space is complex, with a number of different components to it. Identity management underpins most organizations; it is the central nervous system of an organization. It tells users and IT resources who can do what and on which resources. As organizations get larger, the job is more complex and critical. In fact, over time, the function takes on a security angle as well. The identity and access control systems within an organization span a number of different resources. It starts with the directory service, which is often referred to as the identity provider (IdP), all the way through to the web single sign-on and multi-factor authentication services. The IdP, though, is the heart of any identity management infrastructure.
Acting as The Central Source of Identity
The core identities for any infrastructure are stored within the identity provider. So, what exactly is an identity provider? The identity provider is a database of user records. Those user records contain credentials that are leveraged when users access different IT resources. IT resources will check with the identity provider to verify that a user is allowed to access that resource. Historically, that was a simpler process as the communication between IT resource and identity provider took place over just one protocol: LDAP. It was used decades ago and was widely known as the industry standard. More recently, though, different types of devices, applications, and network equipment are using a variety of different authentication protocols. The result? Identity providers are feeling the pressure to keep up and remain the central source of identity within an organization.
Legacy Directories Exit the Identity Provider Stage
Over the past two decades, on-premises solutions OpenLDAP and Microsoft Active Directory served as the core identity provider for an organization. These were often referred to as user directories. More technical infrastructure that was based on Linux would likely connect to OpenLDAP, while Microsoft Windows-based devices and applications would connect to AD. This process worked reasonably well until several new categories of IT infrastructure emerged. The truth is that cloud infrastructure and applications changed the identity provider game. Newer IT resources struggled to connect to OpenLDAP and AD for one of two reasons: they either leveraged different protocols or networking became an issue. As Macs emerged, those too put pressure on the legacy directories. Existing IdP solutions weren’t keeping up with user access authentication needs and the changing IT landscape.
DaaS: Peak Performance in Every IT Arena
A new generation of identity provider has emerged in the form of Directory-as-a-Service. The DaaS platform is agnostic in every respect: location, device or application, and protocol. Directory-as-a-Service is a centralized SaaS-based identity provider that organizations can leverage for all of their IT resources. DaaS utilizes core protocols, such as LDAP, SAML, RADIUS, SSH, REST, and others. It also securely connects to resources on-premises or in the cloud. Directory-as-a-Service supports Windows, Mac, and Linux machines. In short, Directory-as-a-Service is the next generation Identity Provider link to yet published What is an Identity Server Post (IdP) that organizations are seeking.
If you would like to learn more about how your identity provider can support your organization’s needs, drop us a note. We’d be happy to chat with you about how JumpCloud’s Directory-as-a-Service is creating a new Identity-as-a-Service category link to yet published Identity Management as a Service post for IT admins to leverage.