What is an identity provider (IdP)? It is what stores and authenticates the identities that your users use to log in to their systems, applications, and much more depending on the configuration. Generally, most IdPs are Microsoft® Active Directory® (AD) or OpenLDAP implementations. IdPs fall into a much larger space, however, one called identity management. It is a complicated area, so this article will aim to unravel both the identity management space, as well as define what an identity provider is.
The identity management space is complex, with a number of different components to it. Identity management underpins most organizations; it is the central nervous system of an organization’s IT infrastructure. It tells users and IT resources who can do what and on which resources. As organizations get larger, the job becomes more complex and critical. In fact, over time, the function takes on a security angle as well.
The identity and access control systems within an organization span a number of different resources. It starts with the directory service, which is often referred to as the identity provider (IdP), all the way through to the web app single sign-on (SSO) and multi-factor authentication (MFA) services. The IdP, though, is the brain of any identity management infrastructure.
IdP: The Central Source of Identity
The core identities for any infrastructure are stored within the identity provider. So, what exactly is an identity provider? The identity provider is a database of user records. Those user records contain credentials that are leveraged when users access different IT resources. IT resources will check with the identity provider to verify that a user is allowed to access that resource and to what degree. Historically, that was a simpler process as the communication between IT resource and identity provider took place over just one protocol: LDAP. It was used decades ago and was widely known as the industry standard. More recently, though, different types of devices, applications, and network equipment are using a variety of different authentication protocols. The result? Identity providers are feeling the pressure to keep up and remain the central source of identity within an organization.
Legacy Directories Exit the Identity Provider Stage
Over the past two decades, on-premises solutions such as OpenLDAP and Microsoft Active Directory served as the core identity provider for an organization. These were often referred to as user directories. More technical infrastructure that was based on Linux® would likely connect to OpenLDAP, while Microsoft Windows®-based devices and applications would connect to AD. This process worked reasonably well until several new categories of IT infrastructure emerged. Solutions like cloud infrastructure and web applications changed the identity provider game. Newer IT resources struggled to connect to OpenLDAP and AD for one of two reasons: they either leveraged different protocols or networking became an issue. As macOS® systems emerged, those too put pressure on the legacy directories. Existing IdP solutions weren’t keeping up with user access authentication needs and the changing IT landscape. Thankfully, one solution was made for the cloud era.
Directory-as-a-Service® is an Identity Provider for Today and Tomorrow
A new generation of identity provider has emerged in the form of JumpCloud® Directory-as-a-Service®. The DaaS platform is agnostic in every respect: platform, location, protocol, and provider. Directory-as-a-Service is a centralized SaaS-based identity provider that organizations can leverage for all of their IT resources. That’s because it utilizes core protocols, such as LDAP, SAML, RADIUS, SSH, REST, and others. It also securely connects to resources on-premises or in the cloud. Additionally, Directory-as-a-Service supports Windows, Mac, and Linux systems. In short, Directory-as-a-Service is the next generation identity provider that organizations are seeking.
Learn More About JumpCloud®
If you would like to learn more about how your identity provider can support your organization’s needs, drop us a note. We’d be happy to chat with you about how JumpCloud’s Directory-as-a-Service is enabling you and your organization to evolve with the changing IT landscape. Or, you just want to try it out, sign up for a JumpCloud account today. It’s free, requires no credit card, and empowers you to manage up to 10 users with the full-featured version of JumpCloud, forever. Additional information can be found on our Knowledge Base and YouTube page.