By Rajat Bhargava Posted May 17, 2016
Single Sign-On (SSO) used to mean what it sounded like: one login to access all resources.
Then the resources multiplied. Apps, devices, and cloud infrastructure joined the fray. Suddenly, supposedly SSO-ified enterprise was back to requiring multiple logins – usually one for on-premises, another for cloud apps, and still another for cloud-based server infrastructure.
But when SSO requires multiple logins from users, then it’s not true SSO.
The core of the problem is at the core identity store: the directory. Microsoft Active Directory has been the leading choice for enterprise, but has also been the leading deterrent to achieving Single Sign-On.
AD is ill-equipped to manage 21st century infrastructure. If you’re just using Windows devices and on-premises apps then, yes, AD can deliver SSO. But if you’re using different operating systems, Google Apps, or cloud infrastructure, then AD falls woefully short.
The good news is that innovations in the last few years have given IT the tools to take Single Sign-On back.
We’ll explain how.
First let’s define what we mean by “True SSO.”
True Single Sign-On means that a user requires only one set of credentials to access all resources that they need to access. That includes devices, applications, and networks — no matter what platform they’re located on or if they’re on-premises or on the cloud.
In other words, this is what IT has been seeking for years.
For the end user, it means simplicity, efficiency, and never having to wonder, “Which password did I use for this account again?”
For the IT department, it means achieving what they once thought was impossible in the decentralized offices of today: centralized control, better security, and minimized support time. In other words, true Single Sign-On is the “Holy Grail” for IT.
Why hasn’t this been done before now?
Well, it’s not like people haven’t been trying. The problem is that there are so many different platforms and protocols that would need to be supported by one identity management platform in order to authenticate access to all of today’s resources.
The breakthrough technology that is now allowing companies to employ ‘True Single Sign-On’ is Directory-as-a-Service (DaaS).
DaaS is the natural next step following Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS). DaaS brings the directory to the cloud.
A cloud-based directory means a directory that can manage resources both on the cloud and on-premises. DaaS does this by supporting a wide variety of protocols, including LDAP, SAML, and REST API. It works with a wide variety of devices and operating systems, including Windows, Linux, and Mac OSX.
With DaaS, Single Sign-On is finally possible.