By Rajat Bhargava Posted October 19, 2015
Since a number of our JumpCloud® customers use Okta® for their Single Sign-On (SSO) solution, we are often asked an important question: where should organizations manage their SSH keys – in Okta or in JumpCloud? It’s a great question, and one we’re happy to answer For a full explanation, keep reading.
TL;DR SSH keys are managed in JumpCloud.
The challenge in the Identity and Access Management space, sometimes referred to Identity-as-a-Service, is that distinct solutions end up looking very similar. Let’s look at Okta.
Okta as SSO Solution
Okta is a cloud-based single sign-on provider for Web applications. Their goal is to make it easy for users to log into their web applications from one spot. A user can leverage a single set of credentials to log into any number of web applications. In fact, Okta supports thousands of applications including the likes of Box, Concur, Workday, and many others. SSO solutions are a significant step forward for end users, because they simplify access control. Other SSO providers in the space include OneLogin, Bitium, and Ping Identity.
But where do those credentials come from? Okta generally integrates with a directory services solution to leverage those core credentials. Directory services solutions federate their credentials to Okta, which in turn federates them to all of the web applications that the user needs to utilize. JumpCloud Directory-as-a-Service® platform is that core user store for credentials. Those credentials can include the usernames, password, and SSH keys. Because Okta is focused on web applications, which do not generally use SSH keys for access, the integration between Okta and Directory-as-a-Service syncs username and passwords only.
The Best Way to Manage SSH Keys
Most often, SSH keys are utilized to access servers, which are usually Linux servers. Infrastructure-as-a-Service providers, such as AWS®, Azure®, and Google Compute Engine, leverage SSH keys to increase the level of security when accessing server resources. JumpCloud Directory-as-a-Service connects users to those servers, whether the users or the servers are located on-premises and in the cloud. Directory-as-a-Service supports Linux® and Windows® servers. As a result, JumpCloud manages SSH keys within the platform so that user access can be granted to these servers.
To sum up, you can leverage Okta for your single sign-on access to your web applications. More so, it’s best to connect Okta to your cloud directory services solution like JumpCloud and then manage your SSH keys from JumpCloud. Drop us a note if you have any questions or comments. We’d be happy to walk you through how we integrate with Okta, as well as how to best leverage Directory-as-a-Service.