By Ryan Squires Posted March 17, 2019

Is there a reason to pick SSO or LDAP? That really depends on the specific authentication needs of your environment, as LDAP is not a replacement for SSO, and vice versa. The problem is, that’s not how people have been thinking about these areas of identity and access management (IAM). This article seeks to demystify these sects of IAM once and for all and offer a solution to help you utilize both.

Web Applications Required SSO for Integration

Historically, SSO has been a tool to access web applications, and often these solutions would leverage the SAML authentication protocol. Many of these web applications weren’t designed with the option to authenticate against a directory service, such as OpenLDAP™ or Microsoft® Active Directory®, and they did not use the older LDAP protocol. The result was that if IT admins wanted to control access to web applications, they would need to purchase a web application single sign-on (SSO) solution and integrate it with AD or OpenLDAP. But, should an organization choose Active Directory, they’d often need another implementation to enable LDAP authentication because those resources were hosted in data centers. That’s where we begin to see LDAP solutions come from SSO providers – they are interested in integrating the ability to authenticate to any application, on-prem or web-based.

What is LDAP?

Before we get into how SSO solutions integrate with LDAP, we should also talk about the uses of LDAP. As a core authentication protocol for nearly three decades, it has been an important part of the identity and access management landscape. More recently, LDAP is heavily used with more technically focused DevOps tools and solutions, such as Kubernetes, Docker, Jenkins, OpenVPN™, and thousands of others. It is a critical protocol for many organizations.

Centralized Protocol Facilitation

Traditionally, SSO has been more focused on web applications like Salesforce®. LDAP, as mentioned above, is generally leveraged for more technical applications and situations. More recently, there has been a move to centralize the process of authentication to IT resources regardless of their platform, protocol, provider or location. In a sense, it shouldn’t matter to the end user or IT admin whether the particular resource is partial to SAML, RADIUS, LDAP, or another authentication protocol. What IT admins and end users alike require is the ability to access their IT resources without a lot of workarounds or pain points. It just needs to work.

Directory Services for the Cloud Era

For IT organizations and admins, a next generation directory services solution called JumpCloud® Directory-as-a-Service® has emerged to simplify your authentication requirements. Now, IT admins can create a True Single Sign-On™ experience for their users. With True Single Sign-On, users use one set of credentials for virtually all of their IT resources. For example, one username and password combination can enable access to a user’s system (Windows®, Mac®, Linux®), web applications via SAML, technical applications that authenticate by way of LDAP, networks through RADIUS, cloud infrastructure with SSH keys, and more.

In short, there is no need to pick between SSO or LDAP. Just pick cloud-based directory services from JumpCloud and roll your entire authentication needs into one sleek, centralized user/system administration portal. It’s SSO and LDAP integration in one, plus RADIUS, SSH, Samba, and more. And if you’re worried that shifting from Active Directory will impact your ability to manage systems, don’t be. Directory-as-a-Service features cross-platform GPO-like policies that enable IT admins to enforce system security settings remotely.

Sound Too Good to be True?

Sign up for a free JumpCloud Directory-as-a-Service account today and leave behind the argument of SSO or LDAP.  With a free account you can manage up to 10 users free, no matter the protocol each individual user requires. If you have any questions about how JumpCloud can benefit your organization, please don’t hesitate to contact one of our product experts. They’ll be happy to sort out the details of your particular situation. Additionally, our Knowledge Base and YouTube channel are excellent places to learn more about how to integrate your IT resources with JumpCloud.

Ryan Squires

Ryan Squires is a content writer at JumpCloud, a company dedicated to connecting users to the IT resources they need securely and efficiently. He has a degree in Journalism and Media Communication from Colorado State University.

Recent Posts