JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Single Sign-On (SSO) and Federation



The concepts of single sign-on and federation are often used together, but they are distinct. They are discrete in most respects because of how the identity management landscape has evolved over the last decade and a half. That market evolution has largely occurred because of fundamental changes in the IT industry. Over fifteen years ago, web applications were just emerging and cloud infrastructure was still in its infancy, so much so that it was not even called cloud infrastructure. Other changes, such as the rise of Apple Macs and Linux platforms, had yet to occur. Additionally, the evolution of mobile devices hadn’t really begun; they were essentially just phones. As a result, the network was largely based on Microsoft Windows and behind the firewall.

How Federation is Similar to a Mix and Mingle

How did the concept of federation come about? It happened as organizations began to talk to each other through users accessing systems on different networks. Without the open Internet, those communications were mainly over private networks. Since communication was now over the public Internet, there needed to be a model of trust and identity. Early on, federation was a significant step toward organizations trusting each other and their users. Today, the concept of federation could easily extend to one organization leveraging SaaS applications from another. Applications and infrastructure that used to be hosted internally are now cloud based and provided by a third party.

Single Sign-On Seeks a Mate, Too

Single sign-on is a closely related concept, yet there are some differences. Single sign-on refers to the ability to use a single identity source or set of credentials to login to a wide variety of IT resources. Those IT resources have typically been web applications, since the web app SSO vendors have been the ones to promote this concept. SSO could actually extend much further than just web applications to include devices, systems, and networks. While the concept of federation is granting access between organizations, the concept of SSO is the access itself. It seems the same to the user, but it is slightly different to the IT organization.

Directory-as-a-Service® Unites Single Sign-On and Federation

In the cloud era, the two concepts are starting to merge and resemble each other. A True Single Sign-On™ system in a modern cloud-forward organization is leveraging a single set of credentials to access a wide variety of IT resources, including the user’s device, cloud servers, web applications, legacy on-prem applications, and WiFi networks. Interestingly, many of these IT resources are provided by third parties, so the concept of federation can be applied. The integration of these two concepts is practice in solutions such as Directory-as-a-Service (DaaS). In case you haven’t heard, DaaS is a cloud-based directory service that is connecting users to virtually all of their IT resources.

Find Your Perfect Directory Service Partner Today

If you would like to learn more about SSO and federation, drop us a note. We’d be happy to discuss with you how JumpCloud’s Directory-as-a-Service platform is leveraging those concepts to create a modern cloud directory service. Or, you should feel free to try JumpCloud’s Identity-as-a-Service platform for yourself. Your first 10 users are free forever.


Recent Posts
The MDM Custom Configuration Profile policy gives admins new device management controls that they can use fit to their organizations’ needs.

Blog

Deploying Custom Configuration Profiles to MDM-Enrolled macOS Systems using a JumpCloud Policy

The MDM Custom Configuration Profile policy gives admins new device management controls that they can use fit to their organizations’ needs.

OpenLDAP and Apache Directory Server are both popular solutions — but another alternative is cloud-hosted LDAP. Try JumpCloud free today.

Blog

Apache Directory Server vs. OpenLDAP

OpenLDAP and Apache Directory Server are both popular solutions — but another alternative is cloud-hosted LDAP. Try JumpCloud free today.

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

Blog

July ’20 Newsletter

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.