By Ryan Squires Posted August 8, 2018
A quick Okta® review reveals that the company is one of the leading web application single sign-on (also called SSO) solutions available. Okta pioneered the first generation Identity-as-a-Service (IDaaS) category, which is essentially web app SSO in the cloud. While there existed a generation of on-prem SSO players in the wild before Okta, those SSO providers did not make the leap to deliver web application SSO from the cloud. So, while users of both on-prem legacy applications via LDAP (e.g., Jira and Git) and Microsoft® Active Directory® experienced the simplicity of the concept of SSO for some IT resources, they were left out in the cold when it came to SSO for web applications which utilize SAML.
Okta: Bridging The Gap Between On-Prem and Web Apps
The management of web application access can provide a significant challenge for many organizations. Those employing Microsoft Active Directory (MAD or AD) on-prem experience a gap with regard to federating identities to web applications because MAD wasn’t built to support this kind of IT resource. As a result, Okta emerged to fill in the gap between an on-prem Active Directory implementation and web applications in the cloud. Over time, Okta and other IDaaS providers added on different enhancements, such as application level multifactor authentication (also called MFA, Two Factor Authentication, and 2FA) to increase security.
The key thing to note with this setup, though, is that most organizations leverage a web application SSO solution, with Active Directory as their core identity provider. Organizations are generally unable to solely utilize SSO providers because while they do not require a core identity provider, they can’t function as a directory service themselves, and they primarily only manage user access to web-based applications.
Problematically, organizations that just utilize an SSO provider will lack a true central, authoritative source that can manage identities across their on-prem and cloud IT resources. This includes infrastructure like WiFi and wired Internet through RADIUS or NAS storage devices from Synology, QNAP, and FreeNAS and cloud resources like servers hosted in AWS® or Google Cloud Platform™. Perhaps most critically, generally, web app SSO solutions struggle to tightly manage Windows, Mac, and Linux systems with respect to users and the devices themselves. Clearly, single sign-on without an identity provider can lead to trouble. A recent Stack Analysis highlights this fundamental difference between SSO and cloud-based directory services; the key difference being that SSO solutions generally leave organizations to manage an on-prem Microsoft AD implementation.
Look Before You Leap
Still, some organizations make the mistake of leaping to a web application SSO solution prior to building their identity management foundation with a directory service. That means these organizations are unable to control critical pieces of their infrastructure from a centralized, secure location. This mistake leaves them vulnerable to identity sprawl—or many user IDs and passwords for individual users which can lead to compromised assets. Without a more comprehensive identity management solution, those multiple credentials can be a menace to IT admins who need to be able to disable access to systems like Windows®, Mac® and Linux® laptops and desktops, web applications (G Suite™, Salesforce®) local servers and file servers (Samba) should an individual leave the company or become disgruntled.
A New Way Forward
As more IT organizations leverage web applications, AWS® cloud infrastructure, Mac and Linux platforms, Samba and NAS file servers, WiFi and other modern IT components, it is more critical than ever to create a solid identity management foundation with a neutral cloud identity provider while providing single sign-on access to on-prem and cloud infrastructure. Luckily, this is where JumpCloud® Directory-as-a-Service®comes in.
A cloud-based directory service such as JumpCloud Directory-as-a-Service can integrate all of these disparate yet crucial aspects of your infrastructure in one window pane, making it easy to securely manage user access to systems, local and cloud servers, on-prem and web-based applications, physical and virtual file storage, and wired and WiFi networks. JumpCloud even makes it easy for individuals to self-service tasks like password changes. Look towards JumpCloud Directory-as-a-Service to be your True Single Sign-On™ partner, allowing you to log into more than just web applications, it allows users one single password to log into an organization’s entire IT infrastructure.
So, after an Okta review and examination of the web-app SSO industry as a whole, you should really consider the next generation of single sign-on for your organization, as exemplified by JumpCloud Directory-as-a-Service. You’ll be able to connect to the things already in the office as well as manage identities across web applications from a single interface. Feel free to try our service for free today—no credit card required. The first 10 users are free and always will be, which makes JumpCloud Directory-as-a-Service a great tool for startups. Give us a call or drop a line if you have any questions.