By Greg Keller Posted April 22, 2015
The identity management space is brimming with different products and companies all touting their unique approaches to controlling identities. This includes directories, privileged account managers, directory extenders, single sign-on providers, and multi-factor authentication companies – not to mention the audit and compliance companies.
There’s so much going on, it’s confusing for the analysts and industry insiders. So of course it’s hard for your IT organization to keep up.
While there are any number of different problems to solve in an organization related to identities, we like to start with the core question. Where are your identities housed and what IT resources can they be connected to?
Next, you gain secure control a user’s access over user access. Then you can look to get fancy.
Directory Management is Complicated
Adding multi-factor authentication and employing governance solutions are both great next steps. But most organizations still find connecting users to the IT resources they need to be difficult and complex.
For decades, organizations have leveraged on-premises directories such as AD and LDAP. But in the face of massive shifts in the IT landscape (e.g. device variety, mobility the movement to the cloud, greater mobility and device options in the workforce), AD and LDAP have lagged behind.
Disruptive Technology has Transformed IT
The cloud has shifted on-premises applications and infrastructure to SaaS-based and IaaS-based solutions. Apple Macs have had strong penetration into the enterprise, displacing Windows devices, and are largely unmanaged. Google has widely disrupted the corporate email category, shifting organizations from Microsoft Exchange to their cloud-based service.
AD and OpenLDAP™ have been abysmal at adapting to meet these changing needs and opportunities in IT. Yet, many organizations are clinging to AD or OpenLDAP for their user authentication and authorization needs.
Forward-thinking organizations aren’t living within these limitations and are implementing next generation solutions. These IT organizations know that many of their applications will live outside their walls and be available via the web.
For web-based applications, Single Sign-on solutions are ideal. SSO embeds additional control for the IT organization right into the sign on process while simultaneously making it simple for end users to access all of the apps that they need to utilize.
But Single Sign-on solutions don’t focus on your devices, cloud infrastructure, or on-premise applications. For control over those IT assets, you’ll need to implement directory services.
As organizations use more types of devices and leverage off-premises server infrastructure (e.g. AWS and GCE), the old standby directories of AD and OpenLDAP don’t work all that well. For cutting-edge heterogeneous support and multi-provider IaaS support, Directory-as-a-Service solutions have emerged as excellent options.
These cloud-based directories are designed to work with different types of devices and applications regardless of their location. They even integrate seamlessly with most SSO solutions. (for a tutorial on how to integrate with one such solution, Bitium, click here). Now, for an IT admin to have control over a wide variety of applications, devices, and networks, they simply leverage Directory-as-a-Service and a Single Sign-on. A change in the core user directory is propagated to web applications via SSO. It then goes on to devices and on-premises applications via the DaaS.
SSO Plus Daas Equals True Control
Now instead of cobbling together solutions from the myriad categories of identity management, IT admins can simply pair up a DaaS and SSO solution and have complete control.
Of course, as organizations desire to add more capabilities many of those other identity management solutions are worthwhile to leverage, but it starts at the core with strong control over your identities. DaaS plus SSO offers that control, along with improved efficiency and ease of operation.
If you have questions about how to combine Directory-as-a-Service and Single Sign-on, drop us a note. We’d be happy to chat with you about the benefits of each. Or, you can try it out yourself by signing up for Directory-as-a-Service. Your first 10 users are free forever – no credit card required.