Using LDAP for SSO

By Rajat Bhargava Posted May 19, 2015

Traditionally, organizations haven’t thought of OpenLDAP™ as a single sign-on (SSO) solution. OpenLDAP only handles one protocol: LDAP. So it’s hard for an LDAP solution on its own to work across a variety of apps and devices to be a True Single Sign-on™ solution.

Most IT organizations think of SSO as the domain of Web applications and the SAML protocol, which has become a standard. LDAP can feed SSO solutions, but isn’t often viewed as the SSO solution itself.

Can You Centralize Identities through LDAP?

JumpCloud® has been thinking about the problem of centralizing identities for a while now.

LDAP is an excellent protocol for some authentication and authorization scenarios. For others, LDAP falls short. It’s a tool in the toolbox, just like SAML, Kerberos, OAuth, and many other protocols.

When you want to use an identity across the board and that identity is stored in LDAP, then you will have to attach LDAP to a number of different solutions that handle the other protocols. This route is loaded with challenges.

jumpcloud true single sign-on

JumpCloud®’s Innovative Multi-Protocol Solution

Our perspective has been to flip the discussion. We provide a core directory service that can house corporate identities. Each identity can be “emitted” via LDAP, SAML, SSH, and our REST-based APIs, among other protocols. IT admins can get single sign-on for a variety of different devices and applications via this method and the identities can be shared via LDAP.

It’s a different approach to SSO that still fits in well with existing methods and systems. Our Directory-as-a-Service® solution can integrate seamlessly into the traditional LDAP SSO solutions that are for Web applications.

The benefit of using JumpCloud as the core is that each person’s identity can cross a variety of different areas from their compute device (laptop, desktop) to internal applications (often authenticated via LDAP).

JumpCloud can also use that same identity for Infrastructure-as-a-Service access control and also integrate with SAML-based SSO solutions. As a result, JumpCloud along with a SAML-based SSO solution can act as your single sign-on solution, and it can be largely based on LDAP.

Ready for the Future of Single-Sign On?

jumpcloud learn more demo

If you would like to learn more about how JumpCloud’s Directory-as-a-Service can help you with your approach to single sign-on both with internal devices and application and cloud-based infrastructure, drop us a note. We’d be happy to help.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts