Why is SSO and LDAP integration interesting? Aren’t they sort of orthogonal concepts? In a perfect world, wouldn’t IT admins not care about protocols and simply enable their end users to login to whatever IT resources they need and want?
If so, perhaps it’s less about integration of LDAP and SSO and more about a single platform that takes a multiprotocol approach to IAM. That way, admins get to harness LDAP and SAML together, in a single tool. First, we’ll discuss where LDAP came from, how the industry changed with SAML, and then get to integration of LDAP and SSO through multiprotocol identity management.
LDAP and IAM
When it comes to identity and access management (IAM), no protocol has been more integral than the Lightweight Directory Access Protocol (LDAP). After its creation by Tim Howes and his colleagues at the University of Michigan, LDAP was widely used as the backbone of directory services, such as Microsoft® Active Directory® (AD). For a while, LDAP was synonymous with IAM, as directories like AD used the protocol to connect end users to practically all of their IT resources.
With the rise of the cloud came changes to the IAM market. Most notably, applications were becoming widely available as a service, hosted on the internet. The on-prem directory service could not federate access to these web apps like it could to other resources. So, vendors presented a new solution to fill this growing need: single sign-on (SSO) tools.
With SSO, IT admins could utilize the SAML (Security Assertion Markup Language) protocol to bridge the gap between their AD instance and the cloud. Of course, this was a completely orthogonal approach to the use of LDAP in IAM. IT organizations needed to leverage these new SSO solutions as add-ons to Active Directory, using both SSO and LDAP to create an IAM experience similar to AD’s early days. This disparate relationship added strain to an admin’s IAM approach, on top of extra work and costs.
So, given the disconnect between on-prem and cloud identity management, the concept of SSO and LDAP integration started to gain steam. When actually connecting SSO solutions to AD, admins used LDAP to establish the connection. But, there wasn’t a centralized solution on the market that aptly federated identities with both.
A Single Platform for LDAP and SAML SSO
Thankfully, there is a next generation approach that is integrating SAML, LDAP, and more into one centralized directory. Called Directory-as-a-Service®, this cloud identity provider has integrated centralized user management, virtual LDAP, cloud RADIUS, MFA, system management, and more into one solution. By integrating LDAP and SAML SSO, admins and end users alike can experience True Single Sign-On™.`