By Ryan Squires Posted April 8, 2019
Many IT organizations are trying to understand the single sign-on (SSO) market and the protocols involved. As a result, the SSO: SAML vs LDAP discussion takes on some significance. While SAML and LDAP are both authentication protocols, they are really quite different in their approach and each are used for different purposes. Keep reading to get an understanding of the specific purposes of these protocols and how they can benefit your organization.
On Your Marks, Get Set, SSO
Let’s start with where and why these two authentication protocols are used. In a sense, both of them are SSO protocols, but they’re utilized in very different ways. Perhaps that utilization stems from the fact that they were created at different times in IT history. LDAP was created in the early 1990s by Tim Howes and his colleagues at the University of Michigan. From those early days to now, it’s impressive to see that LDAP is still a widely used protocol used for authentication into a wide range of applications. That speaks to the flexibility and power of LDAP. Additionally, as a general rule of thumb, LDAP works well with Linux®-based applications such as OpenVPN™, Kubernetes, Docker, Jenkins, and thousands of others.
SAML, on the other hand, is generally used as an authentication protocol for web applications like Salesforce®, Slack, and GitHub. Created in the early 2000s, SAML is an assertion-based authentication protocol. While that explanation is an oversimplification, the protocol is effectively integrated with an identity provider (IdP), which asserts that the person is who they say they are. Next, a service provider (i.e. web application) admits the user to their platform after an XML-based authentication exchange. The process was created to be done securely over the internet rather than utilizing the traditional concept of the domain.
Web Applications and the Identity Provider
As web application use has dramatically increased, organizations have leveraged SAML-based web application single sign-on solutions in addition to their core directory service. A major difference that is easy to miss between the concepts of SSO and LDAP is that most common LDAP server implementations are driven to be the authoritative identity provider or source of truth for an identity. Most often with SAML implementations, it is not the case that the SAML service is the source of truth, but rather it often acts as a proxy for a directory service, converting that identity and authentication process into a SAML-based flow.
Combine Authentication Protocols
Because these protocols often authenticate vastly different types of IT resources, the question is less about SAML vs LDAP, but more about how to create a True Single Sign-On™ experience where one identity can connect users to whatever IT resources they need. But how?
JumpCloud® Directory-as-a-Service® makes use of the most flexible and powerful protocols and rolls them into one comprehensive directory service delivered from the cloud. That means you don’t need to set up and maintain on-prem LDAP servers any longer. Like LDAP, Directory-as-a-Service works as the core identity provider for organizations. But, because it is already integrated with SAML, there is no need to add-on solutions to enable access to web applications. In fact, JumpCloud employs several industry-leading protocols in addition to SAML and LDAP including RADIUS, SSH, and others.
Try JumpCloud Free Today
When it comes to SSO: SAML vs LDAP, you no longer have to try and decipher which one is best for you. Get the best of both worlds—risk free—from JumpCloud today when you sign up for a free account. As a free account holder, you get unlimited access to the Directory-as-a-Service product along with the ability to manage 10 users forever at no charge. If you need any information about how to set up or configure JumpCloud, pay a visit to our Knowledge Base or contact us today. Finally, our YouTube channel is a great source for tutorials, best practices, and whiteboard videos.