Why SSO Isn’t Enough

Written by Vince Lujan on January 2, 2018

Share This Article

Single Sign-On (SSO) solutions have been a major focus for IT admins ever since web applications were first introduced in the mid-2000’s. However, there is a growing sentiment in IT circles that traditional SSO solutions aren’t enough to effectively manage modern IT networks. To understand why SSO isn’t enough, at least as far as IT admins are concerned, we need to step back and analyze how the market has evolved. In doing so, we can also reveal the benefits of a next generation True SSO® solution called Directory-as-a-Service®.

Life Before Web Applications

IT networks looked a lot different around the turn of the century. There were no web applications, no cloud computing solutions, even WiFi was still in its infancy as a business resource. Instead, IT networks were on-prem and predominantly built from Microsoft® IT solutions.

For example, the vast majority of users leveraged Windows-based systems. They used Microsoft Office® as their productivity suite. Microsoft Exchange® was for email. SCCM (previously SMS) was for Windows servers. All of it was managed with Active Directory® and all of it required a lot of on-prem hardware to make it work.

While this type of homogeneous IT environment may sound antiquated by modern standards, it did offer a number of benefits for users and IT admins alike. For example, one huge advantage was the ability to leverage a core Microsoft user identity to authenticate user access to a comprehensive array of Windows-based IT resources. It also made management a breeze for IT admins with one central management platform that could control the breadth of an organization’s IT infrastructure.

However, web applications emerged in the early 2000’s and started to change the user access landscape. The challenge was that authentication to web applications didn’t work in the same way as legacy applications. For example, web applications were not on-prem and could not be directly bound to a domain controller. Nor were they Microsoft products in most cases. A consequence of this approach was that AD, which was designed to manage Microsoft IT resources on-prem, began to stumble.

Traditional SSO isn’t Enough in Today’s Modern IT World

Active Directory fails in the cloud

A generation of web application SSO solutions were created to mitigate the challenges of extending AD identities to the cloud. These types of solutions were layered on top of AD and connected users to web apps. The add-on approach worked well, until organizations realized it was far more cost effective and convenient to move their IT infrastructure to the cloud. This realization signaled the decline of the Microsoft monopoly of on-prem IT resources and a marketwide shift to the cloud.

Today, AD and most on-prem IT solutions are holding on for dear life in a market that continuously offers new innovation in cloud technology. This marketwide preference has created a significant issue that the combination of AD on-prem plus web app SSO is unable to solve. As a result, IT admins have been searching for alternatives to the AD and SSO approach.

The Future of Web Application Single Sign-On (SSO)

jumpcloud true single sign-on

This new reality of IT management has created a vision of a single, True SSO solution that connects users to the IT resources they need regardless of location, platform, protocol, and provider. In a sense, a True SSO solution becomes the single identity provider that leverages one secure identity to access virtually any IT resource.

True Single Sign-On access to virtually any IT resource is what JumpCloud is all about. Think of the Directory-as-a-Service platform as AD and LDAP reimagined for the cloud. This modern IDaaS platform empowers IT admins to manage not only SSO access to web applications, but services from IaaS providers (e.g. AWS, GCP, IBM), productivity platforms (G Suite, Office 365), systems and servers (Windows, Mac, Linux), cloud applications (Zendesk, Box, Salesforce, Github), on-prem applications (Jenkins, Docker, OpenVPN), RADIUS authentication for wired and WiFi networks, Samba and NAS appliances (Synology, FreeNAS, QNAP), and a lot more.

The result has a similar feel to the SSO experience AD provided back when everything was on-prem and Windows-based. The key differences are that, for one, Directory-as-a-Service does not require any on-prem infrastructure other than a wireless access point to operate. Directory-as-a-Service also does not require any add-on SSO solutions, and management is not limited to a Windows-centric IT environment. The best part is that IT admins can relax and simply use the service, only paying for what they use, while JumpCloud takes care of the heavy lifting.

Learn More About True SSO with Directory-as-a-Service

With such a variety of IT resources currently available, most of which is coming from the cloud, it’s easy to see why traditional SSO isn’t enough anymore. Fortunately, Directory-as-a-Service has emerged to provide a True Single Sign-On experience from a comprehensive and holistic management platform from the cloud.

Watch the following video for a glimpse into how True Single Sign On with SAML and LDAP can benefit your organization.

Contact the JumpCloud team for more information about why traditional SSO isn’t enough. You can also sign up for a Directory-as-a-Service account today and discover how True Single Sign-On can benefit your organization. Your first ten users are free forever to help you explore the full functionality of our platform at no cost. We don’t even require a credit card to sign up!

Continue Learning with our Newsletter