By Vince Lujan Posted September 13, 2017
Identity-as-a-Service (IDaaS) platforms are expanding their repertoire. Instead of just focusing on web application single sign-on (SSO), which is what most IDaaS solutions do today, some are extending their IDaaS functions to include virtual LDAP capabilities.
A Brief History of IDaaS
IDaaS solutions emerged a little less than a decade ago and largely in response to a wide variety of web applications. Back then, organizations looked dramatically different than they do today. Most were primarily Microsoft Windows® based at the time and much of their infrastructure was located on-prem.
Microsoft built strong tools to help in this regard including solutions such as Active Directory® (AD) and SCCM. AD leveraged protocols such as Kerberos and LDAP to create what could be described as close to one of the first True Single Sign-On™ experiences. The user would login to their laptop or desktop when connected to the wired network and the AD domain controller would authenticate the user to whatever resources they were authorized to access. This worked brilliantly across homogeneous Windows environments. The benefits were that IT admins could more easily control and manage the IT infrastructure.
However, the introduction of web applications created a significant problem:
On-prem directory service solutions like AD and SCCM were never designed to support cloud services outside of their domain. As a result, a new category of solution emerged called IDaaS to solve the problem. IDaaS solutions were built on top of Active Directory and leveraged a protocol called SAML, which was the web application authentication protocol of choice. This enabled IDaaS solutions to federate AD identities securely to resources external to the domain. This approach worked well for a few years. Then the world started to change some more.
Systems started to proliferate and different operating systems started to become more popular. Mac and Linux usage started to dramatically increase as did mobile devices. On-prem applications that may have been authenticated via Kerberos or LDAP started to shift to the cloud, but many of these didn’t leverage SAML. This created a perfect storm for yet another new wave of more technically focused applications emerged and centralized around LDAP and other protocols (e.g. Jenkins, Docker, OpenVPN, and many others).
Today, it’s not uncommon for the majority of an organization’s resources to be hosted in the cloud. While this and many other things have changed with the shift to the cloud, the method for authenticating and authorizing user identities has largely stayed the same. The result is that many IT admins are beginning to recognize that the traditional concept of IDaaS has become too limiting. What is needed is a broader view of IDaaS to accommodate for all of these new cloud delivered resources.
Directory-as-a-Service Function Virtual LDAP
The modern Identity-as-a-Service platform is viewed as a complete cloud directory service – a replacement to on-prem implementations of old like Active Directory or OpenLDAP. Directory-as-a-Service® has recently emerged to offer a particularly powerful solution. Directory-as-a-Service manages and connects users to the IT systems, applications, data, and networks that the user needs. A key feature of this modern Identity-as-a-Service platform is the function for virtual LDAP.
A cloud-based LDAP server endpoint is created for IT organizations to authenticate their users against. No longer does the IT admin need to install, configure, and manage an OpenLDAP infrastructure. Instead, IT and DevOps organizations simply point their applications that need to authenticate via LDAP to a globally dispersed network of LDAP servers in the cloud. The approach is secure and off-loads a tremendous amount of the work to create a highly available, resilient, and secure platform.
If you would like to learn more about how the Identity-as-a-Service function virtual LDAP, watch the video above or drop us a note. Alternatively, feel free to dive into our IDaaS solution and fire up the cloud LDAP functionality with our free account. Sign up today and your first 10 users are free forever.