Open Source Identity and Access Management

Written by Zach DeMeyer on November 14, 2018

Share This Article

Looking back on the year as we enter the homestretch of 2018, one thing is apparent. With 2018 on track to be one of the worst years for security breaches ever, strong identity and access management (IAM) needs to be at the top of any IT organization’s checklist. Those that are cost conscious are asking, are there any viable open source identity and access management solutions on the market?

An Uncertain Space

The answer is a bit nebulous, and is one that is ultimately dictated by a company’s needs. The vast majority of open source IAM solutions are dedicated to a specific purpose and exist on-premises, requiring the use of additional IT resources to properly function. In an age where SaaS-based IT management solutions are heading up the marketplace, many IT organizations balk at the idea of on-prem open source identity and access management solutions. Regardless, the question of viable open source IAM solutions is still one to be considered.

Directory Services Options

In order to understand the way that IT organizations are evaluating the open source identity management market, it makes sense to understand the top solutions in the space. Perhaps the most popular open source identity and access management solution is OpenLDAP™. The solution itself requires that the LDAP instance be run via on-prem servers. There are, however, a selection of OpenLDAP off-shoots, including the Directory 389, Apache Directory Services, and more. Other solutions, such as FreeIPA and Samba, are popular open source IAM alternatives.

Why Need an Alternative?

Many of these popular open source IAM solutions were created in response to an era where Microsoft® Active Directory® (AD or MAD) ruled the space. MAD’s supremacy at the time was due to the fact that the IT space was generally dominated by Windows® solutions. Many orgs, however, are not homogeneous, Windows-centric shops. As a result, many, if not virtually all, of these solutions picked up on these niches, and stuck to filling them. OpenLDAP and Free IPA focus on LDAP authentications for Linux®/Unix systems and applications. Samba serves as a file and print server for non-Windows platforms.

In general, open source solutions are met with a sense of trepidation. In their evaluation of the open source market, called Currents, Digital Ocean asked over 4,300 professionals in the development industry about open source solutions. Of those surveyed, 45% believe that open source solutions are too difficult to implement and 24% cite a lack of resources (i.e. servers) holding them back. Compared to today’s Software-as-a-Service (SaaS) model of delivery, it seems that paying a bit extra for a cloud hosted solution seems more popular than implementing a custom one that’s been open sourced.

The challenge for IT organizations becomes in how to leverage open source IAM solutions to their advantage. These solutions either assume that you already have an on-prem Microsoft Active Directory instance, or have the time and money (perhaps saved by choosing an open source IAM solution) to implement your own on-prem server instances. While a valid route to take a couple decades ago, such an approach seems virtually obsolete in the cloud era.

An Alternative to Open Source Identity and Access Management

Cloud IAM solution

With the shift to cloud hosted solutions, another approach to IAM is gaining favor among IT organizations. Called Directory-as-a-Service®, this SaaS-based identity provider isn’t open source, but offers similar functionality at a reasonable price. Directory-as-a-Service leverages the core authentication protocols that many of the open source IAM solutions do, such as LDAP, RADIUS, Samba, and SAML. What’s more, Directory-as-a-Service is an entirely serverless, cloud hosted solution, meaning it requires no implementation on-prem or any of the additional hassle of managing servers or creating open source instances.

Compared to JumpCloud® Directory-as-a-Service, open source identity and access management solutions hardly scratch the surface of what today’s best IAM tools should accomplish. You can learn more about what Directory-as-a-Service can do for your org by contacting us with questions or consulting our YouTube channel. The Directory-as-a-Service platform is completely free for your first ten users forever, so take advantage today by signing up here.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter