Microsoft® Active Directory® and SSO

By Greg Keller Posted December 22, 2015

Microsoft AD and SSO

Most of the corporate world is using Microsoft® Active Directory® (MAD or AD) as their directory services solution. The product was created in 1999 and took off in the early 2000s. In fact, it has been argued that Microsoft’s AD is their largest market share product. Of course, very few people know about this because of the nature of the product; it is core infrastructure and lives within the Windows Server platform. Only IT admins really interact with this solution directly. Here’s the important thing to consider, though, how can Active Directory also serve as your single sign-on (SSO) solution? While Microsoft has made inroads along this path, next generation Directory-as-a-Service® solutions are building a True Single Sign-On™ platform.

Active Directory’s Popularity Was a Sign of the Times

AD sign of times (pic of old computer)

The reason that Microsoft Active Directory took off, of course, was that networks in the 90s and early 2000s were homogenous. They were almost entirely based on Microsoft Windows®. Desktops, laptops, servers, and their applications all leveraged Windows. So connecting a user to everything that they needed was pretty straightforward. It was possible to use the same set of credentials throughout the network that were used to login to the Windows domain login upon boot. Of course, the entire network was located on-premises, including servers and applications. The domain controller helped federate that identity to the devices and applications that were needed. In a sense, Microsoft created the original single sign-on solution with AD and the domain controller.

Cloud Computing Signaled a New Era

shift to cloud (pic of cloud with arrow pointing down)

All of that changed as the world started to move to the cloud. In the early and mid-2000s, applications and server infrastructure started to shift to the cloud. The economic benefits of having a central, multi-tenant platform were too great to ignore. Organizations could purchase the IT resources they needed on an as-needed basis, and the cloud providers could amortize their investments over a large number of customers. Nowhere was that more prevalent than in core applications such as email and productivity applications. Google Apps™ (now G Suite™) filled an important need; in just a short period of time they garnered six million organizations and sixty million users. Amazon Web Services® (AWS®) literally eliminated the on-premises data center and has become the backend infrastructure for millions of organizations. All of these IT resources, though, needed separate logins. It was extremely difficult, perhaps impossible, to connect the on-premises Active Directory to cloud applications and infrastructure.

Microsoft attempted to make advances to extend AD with solutions such as Active Directory Federation Services (ADFS) and Azure® Active Directory. Each one of these attempts challenged IT organizations in different ways. Some issues included cost, the lack of ability to connect to other providers, such as AWS and Google Cloud™, and the failure to service LDAP-based applications. ADFS and Azure AD turned out to be less-than-ideal solutions for integrating the directory services and SSO.

All Signs Point to True Single Sign-on

True Single Sign On

A new generation of technology called Directory-as-a-Service (DaaS) is providing a True SSO solution that integrates the directory with SSO to LDAP-based applications, web applications, on-prem systems, cloud servers, WiFi networks, G Suite, and more. DaaS serves as the core cloud-based identity management platform for organizations. If you would like to learn more about how Directory-as-a-Service is the leading alternative to the multiple solutions required with Microsoft Active Directory and web application SSO, drop us a note. We’d be happy to work with you. Or, feel free to give our Identity-as-a-Service (IDaaS) platform a try for yourself. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts