Open Source Identity Management

Written by Vince Lujan on May 5, 2018

Share This Article

Are there viable, open source identity management solutions for IT organizations? Many IT admins are familiar with the usual open source IAM solutions such as OpenLDAP, Samba, and FreeIPA, to name a few, but are there others that could be helpful? Let’s take a quick look at the identity management space to find out.

Traditional Identity Management

Active Directory Microsoft

Microsoft® Active Directory® (AD) has been the most successful identity management solution (on a market share basis) for almost two decades. AD is an on-prem directory services platform designed to manage Windows® user identities and their systems. Naturally, AD is effectively the only identity management tool necessary to manage Windows-based IT networks.

The challenge with AD has always been that Microsoft doesn’t make it easy to support alternative platforms such as macOS® or Linux®. In fact, it’s basically impossible to completely manage non-Windows platforms with the native capabilities of AD alone – Microsoft made sure of that. Consequently, IT organizations that leverage Mac or Linux-based resources, web applications, cloud infrastructure, and anything else that isn’t Windows-based have been forced to seek alternate identity management solutions. One option has been to leverage open source identity management platforms.

Open Source Identity Management

While there are a wide range of open source identity management solutions, very few of them are comprehensive enough to be a replacement to core implementations like AD or web application single sign-on (SSO) platforms. OpenLDAP, for instance, is perhaps the leading open source identity management platform. And while it can come close to delivering similar capabilities that are native to the AD platform, it takes highly skilled and dedicated personnel to achieve, maintain, and especially to secure.

Identity management is a wide category requiring a great deal of consistent focus and investment, which can be difficult for open source projects. This is largely the reason that Active Directory has remained the on-prem, legacy identity provider of choice for so many years. However, while there may not be a wide range of open source IAM platforms that can compare to AD, the interesting part of the identity management space is that there are a number of open source authentication protocols that are shared throughout the space – even by Microsoft.

It makes a lot of sense that the protocols would be open, but the solutions would not be. Many of these protocols have been promulgated by the vendors themselves (e.g. SAML, SCIM, and others). Most open source identity management solutions have focused on a particular use case such as LDAP authentication, file and print services for Linux, or even the ability for Linux systems to join AD domains. Perhaps, the approach for IT admins interested in an open source identity management platform should really be focused on a solution that can leverage a wide range of open protocols rather than just being an open source implementation.

Open Source Identity Management Alternative

Fortunately, in the identity management space, there is an interesting alternative to Active Directory that leverages a wide range of open authentication protocols and APIs. The same solution is also delivered as a SaaS solution and, while not open source, this commercial platform is cost-effective and has the power to solve the identity management challenge at most organizations. With a new generation of SaaS-based solutions that off-load the heavy lifting of implementing and managing an IT solution, the benefits of this commercial solution may outweigh the flexibility of open source – if, the solution can still be open with APIs and protocols, of course.

If this holistic, open source, protocol-driven approach sounds like it may suit your organization, we invite you to check out the JumpCloud® Directory-as-a-Service® platform. Sign up for a free account and explore the full functionality of the JumpCloud platform today. Your first ten users are free forever to help you discover the power of our open source identity management alternative at no cost to you or your organization. Don’t hesitate to contact JumpCloud if you have any questions, or schedule a demo to learn more.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter