By Zach DeMeyer Posted February 15, 2019
IT admins are wondering whether OneLogin™ RADIUS can be the right option for them. OneLogin’s RADIUS offering is also often compared to Okta®’s approach. Of course, this makes a great deal of sense since Okta vs. OneLogin is the “heavyweight title fight” of the single sign-on (SSO) space. But, regardless of the ongoing SSO struggle for supremacy, is OneLogin RADIUS a viable option for IT organizations?
Effects of SSO
In general, web application SSO providers have done an excellent job at federating Microsoft® Active Directory® identities via SAML 2.0 to web applications. But, taking an identity and enabling access via a variety of other protocols, such as LDAP, RADIUS, SSH, and native OS (Windows®, macOS®, Linux®) APIs have been quite challenging. This breakdown, of course, makes a great deal of sense as SSO solutions like OneLogin were never set up to be a core directory service or identity provider (IdP) for an organization. They relied on Active Directory to do that for them.
For IT organizations, though, the challenge of freedom of choice is making it more difficult than ever to rely on the Active Directory + SSO approach. Resources such as cloud infrastructure from AWS®, G Suite™ and Office 365™, Mac and Linux systems, file servers (NAS appliance/Samba), WiFi, and more are available and used by companies everywhere. For instance, locking down WiFi via RADIUS turns out to be a great example of this challenge.
RADIUS and SSO
Before WiFi, IT admins could use Active Directory to authenticate user access to local networks. Once WiFi became prevalent, however, it became a challenge to authorize user access to networks. IT organizations could either implement their own RADIUS server instance, or utilize their SSO solutions they had already purchased.
In general, it is difficult to understand OneLogin and Okta’s approaches to cloud RADIUS services. They both initially launched their RADIUS solution many years ago, only to drop their focus on it and zero-in on their core web application authentication. It is unclear whether virtual RADIUS servers are a first class feature for either of these platforms.
Rethinking Network Access
The result for IT organizations is that they are rethinking their approach to network access, and identity and access management as a whole. The concept of True Single Sign-On™ starts to resonate where one identity for a user can connect them to virtually any IT resource. These resources include systems, applications, files, and networks, regardless of platform, protocol, provider, and location. For IT admins, True Single Sign-On means not only less work for their end users trying to access their resources, but less work for themselves, as they can use one centralized network and identity management tool.
Thankfully, such a True Single Sign-On solution exists on the market today, in the form of a next generation cloud directory service. Much like Active Directory, this Directory-as-a-Service® is an identity provider first, so it acts as a source of truth for the resources it authenticates to. As a cloud-based, vendor-neutral service, this solution has reimagined Active Directory for the modern era of IT management. Specifically, RADIUS-as-a-Service provides a centralized location to authenticate networks through the on board IdP.
Learn more about using JumpCloud® RADIUS-as-a-Service, a part of Directory-as-a-Service, as a world class True Single Sign-On network and identity management solution. Please contact us with your questions, or check out our blog. You can try Directory-as-a-Service absolutely free, with ten complimentary users to start you off.