Identity-as-a-Service: Cloud Service Management

By Rajat Bhargava Posted November 18, 2016

First-generation Identity-as-a-Service platforms focused on web application single sign-on. Those solutions would federate identities to SaaS-based platforms in the cloud. Some examples of these applications include Salesforce, Dropbox, and Slack.

These IDaaS solutions would sit on top of the core, authoritative directory service, Microsoft Active Directory in most cases, and extend the identity management infrastructure to cloud-based applications.

Unfortunately, these first-generation cloud identity management platforms didn’t focus on devices or systems. Consequently, Infrastructure-as-a-Service was largely left out of IDaaS. More recently, modern Identity-as-a-Service platforms are including the function of cloud server user management.

The Growing Need for Cloud Server User Management

amazon-aws-logo

As AWS has grown in popularity, integrating the ability to manage cloud server users into your cloud identity management platform has become critical. Many IDaaS vendors will point to their support of AWS IAM as supporting cloud server authentication.

However, that doesn’t illustrate an understanding of the difference. While web application SSO solutions can log a user into the AWS IAM console, they do not help users log into the actual servers themselves. With cloud servers from AWS, for example, the login process is with SSH keys and not username and password. As a result, the SAML protocol, which is what web app SSO solutions leverage, doesn’t help when it comes to logging into the server.

Advancing The Form, Fit, and Function of Identity-as-a-Service

function-of-identity-as-a-service

IT admins have been searching for a more comprehensive directory services solution that centralizes user management for systems, applications, and networks. This modern unified cloud directory service is the next generation of Active Directory. Not only does it function as a web application SSO solution, but it also extends that capability to authenticate and authorize users on systems, for instance, cloud servers. These can be Windows or Linux servers as well as macOS laptops or desktops. This approach to cloud identity management is multi-protocol. It leverages SSH, SAML, LDAP, RADIUS, and more. The virtual identity provider functions from the cloud for both cloud and on-prem systems.

Cloud servers hosted at infrastructure-as-a-service providers can be connected to the cloud directory service for authentication. If the server leverages username and password, it can be applied by the users at login. Alternatively, SSH keys can be used. The Directory-as-a-Service® platform also functions as an SSH key management store. In addition, you can add in multi-factor authentication to secure your servers to a higher level if you are using Linux servers.

Expanding Identity Management Capabilities With JumpCloud®

daas Directory-as-a-Service

Drop us a note to learn more about how the Identity-as-a-Service function for cloud server user management works. Also, please sign up for a free account and connect our Directory-as-a-Service platform to your cloud servers. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts