By Ryan Squires Posted February 22, 2019
The core foundation of Okta® is single sign-on (SSO). It’s how they how built their name in the IT market. And, despite Okta’s high price, they’re still a market leading solution. Years ago, when single sign-on was first introduced, the solution made a great deal of sense. IT networks started with the foundation of Windows®-based systems and applications, which were all located on-prem. These Windows-based IT resources were connected together via Microsoft® Active Directory® and the Windows domain controller. But, applications wouldn’t remain on-prem forever, and Okta stepped in to help facilitate access to web applications.
Active Directory and the Need for Okta SSO
As web applications started to gain popularity, a new generation of identity management appeared. Because Active Directory was slow to connect users to these off-prem, non-Windows resources, companies like Okta and their SSO solution emerged to fill the gap. These web app SSO solutions were effectively an add-on to Active Directory, and they worked by federating the core identity (provided by AD) to web applications. As IT organizations expand beyond with AWS®, macOS®, Linux®, and more, a new core identity provider is needed.
Add-Ons, Breakdowns, and New Thinking
The approach of AD plus Okta worked well for large-scale enterprises that could afford the per user costs, integration, and management requirements. The problem was, though, that it wasn’t just web applications that were making an appearance in IT environments. For example: data centers soon moved to hosted solutions from AWS®, Windows laptops and desktops were getting replaced by Linux and macOS systems, NAS / Samba devices as well as G Drive™ / Box™ replaced traditional file servers, and WiFi became ubiquitous replacing the wired networks of old. The Active Directory plus add-ons approach started to break down as more and more solutions were stacked on top of AD to accommodate innovative new technologies. It came down to a simple truth: there were simply too many one-offs and exceptions that created additional IT work and cost.
The breakdown of AD and the add-on approach forced IT organizations to step back and rethink their approach to identity and access management (IAM) overall. The concept of True Single Sign-On™ started to become much more interesting. Instead of having one identity for just Windows-based systems and web applications, IT admins wanted to connect their users to virtually all of their IT resources via a single identity. That means one identity for systems (Mac®, Windows, Linux), cloud or on-prem servers (AWS, GCP), web and on-prem applications via LDAP and SAML, physical and virtual file servers, and wired and WiFi networks via RADIUS. But how?
Emergence of a Cloud Directory
JumpCloud® Directory-as-a-Service® features that very ability. With True Single Sign-On™, users can connect to pretty much whatever they need regardless of platform, protocol, provider or location. For users, it results in a dramatic decrease in friction. Now, they only need to remember one identity. For IT admins, they can rest assured knowing that their users are not recycling weak passwords because Directory-as-a-Service has the ability to enforce password complexity requirements. Plus, identities are further fortified with the ability to protect access to vital applications, systems, and infrastructure with SSH keys and multi-factor authentication (MFA). In short, for the user it means a simplified authentication and authorization process, and for IT admins it means their users are protected from themselves.
Learn More About JumpCloud
If you’re eager to leave Okta single sign-on for the more full-featured True Single Sign-On approach from JumpCloud Directory-as-a-Service or complement it with a cloud identity provider, please sign up for a free JumpCloud account today. Or, if you would like to schedule a demo, don’t hesitate. In addition, you can go to our Knowledge Base for technical information or our YouTube channel for informative whiteboard videos, best practices, and previously-recorded webinars.