Managed Single Sign-On (SSO)

Written by Jon Griffin on January 17, 2018

Share This Article

Over the last decade, single sign-on has become one of the hottest categories in IT. Many companies have come out of this space as big winners, with some going public and some being acquired. The focus of these successful organizations has always been web application single sign-on, but as time goes on, their solutions have just become a tack-on to Active Directory®. As a result, a need has developed for something more. Fortunately, a new managed single sign-on (SSO) platform is emerging, and it is connecting users to all different types of IT resources including systems, applications, file servers, and networks. To understand the need for this new managed SSO platform, it’s important we look at how the field has progressed.

The Beginnings of SSO

old office

The concept of SSO really started about 20 years ago with the massive adoption of the domain controller. The domain controller enabled admins to have more control over their IT network, as well as make it easier for end users to gain access to the tools they needed. As a result, admins were able to create a process where a user could login to the network once and gain access to virtually any IT resource on-prem. This setup became quite popular, and when combined with the management capabilities of AD the IT network became secure and easy to use. It wasn’t long until Microsoft became a monopoly in the space.

However, there was a catch with this setup. The SSO concept in this age was pretty limited to Microsoft solutions and on-prem resources. Within the IT organization’s walled garden of Microsoft technology, end users could log in to their machine and gain access to their Windows IT resources. Outside of this garden, users didn’t have as much luck without a VPN. Still, this setup worked at the time because the majority of offices fell into that type of environment. However, as we all know, nothing in technology stays the same for long.

New IT Means New SSO

As time went on, the all Microsoft and on-prem environment started to change. IT organizations started to add web applications and cloud infrastructure, and this caused end users to need to create and manage separate accounts for those off-prem solutions. At the same time, many end users started to shift to non-Windows devices like Mac and Linux machines. These changes, along with a heightened awareness around identity security, quickly became a problem for IT. End users could no longer log in to all of their resources with the same account, and IT admins started to lose control over the IT infrastructure.

Active Directory wasn’t designed to handle cloud resources, so this created a gap. Fortunately for IT, many independent solutions appeared to fill this gap. A wave of web application SSO providers emerged, eager to take advantage of the opportunity. But because the identity provider was still Active Directory, all of them were built to be supplemental. In other words, they were add-ons. This meant that now IT admins had two systems to manage. That wasn’t overly difficult however, and admins were happy to adopt that responsibility to aid the end users. But the gaps in Active Directory didn’t stop there. As more and more of the IT network moved to the cloud, these gaps in AD continued to appear. The platform just wasn’t built for this cloud-based, non-Microsoft IT world. Of course, 3rd party solutions were always there to help fill in the gaps, but it came at a cost. Solutions like privileged identity management (PIM) for network infrastructure, multi-factor authentication, password managers, and much more started to make their way into the network. What used to be a single sign-on process, had now turned into a multi sign-on process.

Returning to True SSO™ with Managed Single Sign-On

This IT environment is currently very hard on admins. With so many 3rd party solutions being tacked on to Active Directory, siloed identities, and more, it’s easy to see why many IT organizations are starting to look for a managed single sign-on provider.

Fortunately, a new IDaaS platform called JumpCloud Directory-as-a-Service® is focused on being a managed SSO platform that connects users with one set of credentials to virtually any IT resource they need. Think of this modern cloud identity approach as True Single Sign-On™ . A user identity is securely managed and connected to IT resources, including systems (Windows, Mac, Linux), cloud and on-prem servers (e.g. AWS, GCP, Azure, on-prem data centers), web and on-prem applications via SAML and LDAP, file servers such as Samba file servers and NAS appliances, and wired and WiFi networks through RADIUS. It is truly managed single sign-on for the whole IT network.

If you want to see the cloud-based directory for yourself, it’s as easy as signing up for a free account. We offer 10 users free forever, with no credit card required. It’s as simple as that. To learn more about managed single sign-on, make sure you reach out to the JumpCloud team. We’d be happy to answer any questions that you have, and can even set up a live demo of the product for you. Then, you can ask questions while learning about JumpCloud Directory-as-a-Service first hand. Check out the directory of the future today!

Continue Learning with our Newsletter