By Rajat Bhargava Posted October 29, 2014
The difference between DaaS and IDaaS isn’t just the ‘I’ at the beginning of IDaaS. However, before we can get to the similarities and differences between the two service areas, we need to define them.
Directory-as-a-Service® is a cloud-based directory that supports the authentication, authorization, and management of users and their device and IT applications. A core tenant of DaaS is that it is the single, secure directory store for an organization. It’s the authoritative source in the organization for managing users and the assets they require access to. While a directory service may help organizations be a single sign-on source, it is not necessarily so. A DaaS solution is able to leverage a number of protocols, such as LDAP, SAML, OAuth, and others to provide access control and management of devices and applications.
Identity-as-a-Service is an authentication infrastructure that is built, hosted, and managed by a third-party service provider. IDaaS can be thought of as single sign-on (SSO) for the cloud that is a pay-as-you-go service. It may or may not require specific on-premises software. Generally, IDaaS solutions are based on the SAML protocol and focus on SaaS-based applications.
Both services have strong similarities.
- Both are cloud-based services with pay-as-you-go models.
- Neither service requires on-premise software.
- Both are authenticating and authorizing users.
But despite their similarities, you cannot replace one system with the other. DaaS and IDaaS co-exist together because they cover significantly different pieces of the problem.
The most glaring difference between the two is that DaaS is the authoritative directory and has the ability to manage multiple device types, whereas IDaaS has the ability to simplify access to external, third-party SaaS applications. Under DaaS, the cloud-based directory takes on the task of being the authoritative source of truth for a user. In comparison, IDaaS solutions are generally mirrors of an organization’s existing directory – generally Active Directory and extend that to cloud-apps. A DaaS solution can potentially replace LDAP or Active Directory all together.
Another difference is how each system handles SSO. IDaaS solutions are aimed at creating single sign-on functionality for users with their Web-based applications, such as Salesforce, Dropbox, and others. DaaS is not generally focused on the external single sign-on problem; rather it solves internal single sign-on, via protocols like Kerberos. While some single sign-on may be a consequence of being the directory, the focus is on ensuring that there is a central, secure source of truth for a user. In fact, IDaaS solutions could sit on top of a DaaS solution and leverage the user store to subsequently deliver user access to critical Web applications.
A primary difference between DaaS and IDaaS lies in the capability for managing internal devices. DaaS solutions have the capability to manage internal devices, for example, Windows, Macs, and Linux machines alongside cloud-based infrastructure and perform tasks, maintenance, security hardening, and other chores on the device. IDaaS, on the other hand, focuses distinctly on the consolidation and management of privileged users and general employee sign on to applications.
Connection to IT Applications and Servers
Most internally facing IT applications and servers (both managed in data centers, on-premise, and in their managed clouds) leverage the LDAP protocol. As a result, they are required to be managed by DaaS solutions. In comparison, IDaaS solutions are primarily focused on external/third-party web apps that leverage SAML to create a secure authentication.
The Protocol Used
Another primary difference is the language that the server uses for the exchange of information and authentication. DaaS is centered on LDAP, whereas IDaaS is SAML. If the applications and devices you are looking to connect and manage are talking LDAP, take time to investigate DaaS. If they are based on SAML as most Web apps are, then you are in the IDaaS world. The market for solutions to manage access is complicated. Two of the most prolific areas over the next few years will be directories and single sign-on solutions.
DaaS and IDaaS are not the same, nor do they serve the same purpose. Companies must learn how to use the two systems in concert. That way, they’ll get the most secure and comprehensive leverage from the two systems. If utilized properly, businesses can benefit from decreased costs of hardware and maintenance, and increased quality of authentication, user management credentials, and user termination. The era of on-premise software for directory infrastructure is gone, and the days of cloud-based, responsive directories are here. For businesses that want to evolve and improve their internal system processes and infrastructure management, take a look at Directory-as-a-Service and IDaaS solutions.