Organizations worldwide are thinking about replacing Microsoft® Active Directory® (AD) with a cloud-based solution. Most IT admins know this is a tall order because of how intertwined it is with their infrastructure, which is especially true for large scale organizations. In fact, many of these larger enterprises have already chosen to simply supplement AD with cloud-based SSO solutions like Okta. So, as admins evaluate the options available to move their directory services to the cloud, some are wondering if Okta can replace AD.
Before making the decision, it’s worth discussing what core capabilities any directory service would need to effectively replace AD.
What to Look For in a Directory Service
The introduction of Microsoft Active Directory signaled that Windows® would continue to dominate the IT infrastructure market. IT departments implemented and maintained rooms of servers — and they designed them to operate best with Windows-based infrastructure.
However, with the demand for cloud-based and non-Windows innovations continuing to rise, hundreds of thousands of AD-managed organizations now struggle to connect users to web-based applications, hosted infrastructure, and macOS®/Linux® devices. In response, IT admins are looking for a way to bridge the security and functionality of AD to modern resources. Many others are looking toward moving off of AD entirely. In order to make an educated decision about whether to extend AD to these modern IT resources or to replace AD altogether, you’ll need to have a deep understanding of what capabilities a directory service provides.
Ultimately, this information, coupled with your awareness of an organization’s unique needs, can help determine what solution(s) fits the bill.
Cloud-Forward & Secure
IT is migrating to the cloud, and departments are increasingly leveraging web applications. Any replacement for Active Directory must fill the needs of IT departments by existing in the cloud, connecting users to all of their IT resources, and remaining highly secure.
With Active Directory, IT organizations are responsible for implementing and securing their own on-prem infrastructure. This is costly and time-consuming, and commonly leads to companies building upon an insecure, out-of-date foundation. Though Azure® AD can help extend on-prem AD to the cloud, it isn’t a standalone replacement for Active Directory.
While some prefer the sense of control that maintaining infrastructure in-house offers, IT departments often struggle to see value in it in light of the modern era of cloud-delivered services. With the associated maintenance and costs that housing servers on-prem presents, cloud-based solutions are often more appealing. The secure, maintenance free, cloud functionality these services offer could translate to less work for IT admins and more savings for their organization.
Cross-Platform System Management
Active Directory initially served a common need for synergy among organizations. Work was conducted in cubicles, on a Windows desktop, and IT admins used AD to control user authorization and authentication to Windows systems and applications.
Now that organizations are including divergent systems like macOS and Linux machines, AD struggles to keep up. Organizations with these varying systems labor over making their legacy directory service work without third-party identity bridge applications or add-ons.
Systems are the conduit to whatever IT resources your team needs. You’ll want to control user access tightly, as well as manage their security posture (think GPO-like capabilities, except across all platform types). For cross-platform organizations, any suitable replacement for AD will enable admins to manage and secure Windows, Mac, and Linux systems.
Modern IT organizations are using more service providers than ever. They’re creating environments in which users employ an entire host of apps, infrastructure, and services to meet their productivity needs. The following are some examples:
- AWS®/GCP™/Azure cloud servers
- G Suite™ and Office 365™ for productivity solutions
- Synology®, NAS, and Box™ for file storage
- Jira®, GitHub, Zoom, and more.
The services organizations use often go beyond those listed. As such, for organizations looking to replace Active Directory, seamless support for these services and thousands of others is a must.
The IT landscape has shifted in such a way that a wide range of authentication protocols are used within a single organization. Just supporting Kerberos for Windows solutions on-prem doesn’t address the entire problem.
To make a cloud-based directory service that can provision and authenticate access to a wide-range of modern IT resources, admins need support for legacy authentication protocols like LDAP and RADIUS, along with SAML, SSH, TOTP, and native macOS, Linux, and Windows authentication APIs, and much more.
Adam Osborne invented the first “portable” computer in 1981. WiFi arrived in the late 90s and made laptops popular in the workplace, cutting the physical tether between users and a network.
Active Directory is traditionally on-prem and requires a direct connection to a network. After the concept of a “wireless” workplace established itself as the norm, VPNs became indispensable for admins looking to secure users regardless of location. With a modern AD replacement, the location of users and their IT resources shouldn’t matter. What matters most is keeping the data in transit between the remote user’s system and the internet secure.
So, Can Okta Replace AD?
When searching for options for replacing AD, keep in mind the stipulations listed above. Find what needs your organization has that aren’t being met, or consider what features would be beneficial to add for your users.
For most organizations looking to replace their existing directory, switching to an entirely new infrastructure may not feel feasible. However, the overhaul may be well worth the benefits offered by a domainless directory service.
Okta’s web application single sign-on (SSO) platform allows users to leverage AD credentials for a number of web apps. However, you may want to extend user identities to a wide range of non-Windows domain bound resources such as AWS, macOS and Linux, WiFi/VPNs, and more. For a holistic identity provider, you’ll need to decide what solutions are right choice based on your needs. If you’re ready to replace Active Directory completely, and are looking beyond Windows or just web applications, check out JumpCloud’s cloud-based directory service. You can also drop us a line if your organization is unsure of what option would best address your needs.