One Core Identity Provider

Written by Vince Lujan on February 12, 2018

Share This Article

In an age of complexity with IT networks, simplicity is a virtue. When it comes to directory services, that translates to having one core identity provider (IdP) to regulate access to all of your IT resources.

Finding one core identity provider to rule them all is the challenge. The good news is that a next generation cloud identity and access management (CIAM) platform has emerged that has revitalized the concept of the IdP for modern IT networks.

It’s called JumpCloud® Directory-as-a-Service®. Before we dive into the benefits of this cloud identity management platform, however, we should outline the characteristics of the traditional IdP. In doing so, the benefits of having one core identity provider will be revealed.

Legacy Identity Provider Characteristics

The origin of the identity provider dates back to the advent of the Lightweight Directory Access Protocol (LDAP). LDAP was developed in 1993 at the University of Michigan. Tim Howes, a JumpCloud advisor, was the lead developer. He told us they created LDAP to help secure decentralized IT.

The advent of LDAP subsequently led to the creation of the two most popular on-prem identity providers from the late 1990s. The first was the open source iteration of LDAP, which goes by the moniker OpenLDAP™. The other solution came from Microsoft® and combined LDAP with the Kerberos protocol to provide management capabilities for Windows®-based IT resources. It’s called Active Directory® (AD).

Of course, AD has been far more dominant in the enterprise than OpenLDAP over the years. In fact, the Microsoft directory services platform has remained the preferred IdP to date. The issue for modern IT organizations is that AD (and OpenLDAP) have been in decline since the mid-2000s.

The decline of the conventional identity provider began when web applications like Salesforce started to replace on-prem applications. Shortly thereafter, macOS and Linux devices gained a foothold in the enterprise. These new (at the time) solutions could not be bound to a domain controller. Consequently, direct management with AD and/or OpenLDAP was inconceivable.

The situation would only get worse for the legacy IdP with the rise of Infrastructure-as-a-Service providers like AWS or GCP. Now, there’s no going back to the on-prem network of the past. In fact, according to an SDI research report, 95% of users surveyed believe software-defined infrastructure is the future of the data center.

The Multiple IdP Problem

For years, modern IT admins were left with one option: cobble together multiple IdPs to manage all of the heterogeneous resources in use at their organization. This approach involves separate solutions for Mac/Linux management, along with siloed identity management across cloud-platforms (e.g. G Suite, AWS) and SSO for access to web apps. All of these solutions are effectively add-ons to the on-prem IdP (e.g. AD). They serve to extend on-prem identities to the IT resources that the on-prem IdP cannot.

The add-on approach has proven functional. However, IT admins have come to discover this approach is far from ideal. It comes down to the fact that modern IT admins don’t want to manage multiple IDaaS solutions on top of AD or OpenLDAP on-prem. Add to the fact that legacy IdPs are complicated and expensive to implement and maintain on-prem, and it becomes obvious why the concept of having one core identity provider in the cloud is so tantalizing.

The good news is that a next generation cloud IdP has come to market with the power to consolidate IT management with one core identity provider. This hosted directory service platform securely manages and connects users to IT resources, regardless of platform, provider, protocol, or location. We like to call it JumpCloud Directory-as-a-Service.

One Core Identity Provider

cloud identity

Think of JumpCloud Directory-as-a-Service as Active Directory and LDAP reimagined. In other words, the JumpCloud platform securely manages and connects users to their systems, applications, files, and networks. What sets JumpCloud apart is that Directory-as-a-Service goes above and beyond the capabilities of legacy IdPs to address the use cases that traditional directory services cannot.

For example, JumpCloud securely manages users and their systems (e.g., Linux, Mac, Windows), while simultaneously providing access to cloud and on-prem resources such as  Office 365, G Suite, AWS, Salesforce, Jira, and a lot more. The same login also connects users to networks and file shares using the RADIUS and SMB protocols, respectively.

The end result is that IT organizations can choose the best resources for the business, putting control back in the hands of IT. That is the power of having one core identity provider to rule them all.

Learn More About Next Generation IdPs

Ace Payroll is already enjoying the benefits of having one core identity provider. Paul Setti, East Coast IT Manager at Ace Payroll, told us they found JumpCloud because they wanted a simple, elegant solution to help manage their networks.

“There was only one option that gave us the level of flexibility we needed and was purely cloud-based,” Setti told us. “That was JumpCloud.” Check out the Ace Payroll case study for more.

Sign up for a Directory-as-a-Service account to discover the benefits of having one core identity provider today. Your first ten users are free forever to help you explore the full functionality of our platform at no cost. You can also contact the JumpCloud team, or schedule a demo for more information. We hope to hear from you soon!

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter