The holy grail in identity and access management is to give every user one set of secure credentials to access all of his or her IT resources. The problem has exploded for both users and IT administrators with the advent of web applications, cloud infrastructure, and more devices.
Some corporate services are tied together, requiring only one password. But many are not tied together, and they require separate credentials. Add in the myriad of personal services – all of which have their own separate logins – and you have a complex, messy situation for each user. This complex management of identity and user access is compounded for IT organizations since they are deeply concerned about security. Their top priority is to ensure that their corporate IT resources aren’t subject to the risks of consumer applications.
IT organizations are trying a wide variety of solutions for identity and access management. There are the single sign-on providers that create one set of credentials to leverage the many Web-based applications. Legacy directories such as Microsoft Active Directory and OpenLDAP aim to make internal network single sign-on. Unfortunately, both of these solutions leave out a number of IT resources.
Often Infrastructure-as-a-Service servers are left out. Many internal applications aren’t leveraging SAML and can’t be connected to the SSO solution, and the organization unfortunately may not have a directory. As a result, users are expected to manage multiple accounts both internally and externally. IT admins are left to contend with a number of separate user stores that lack consistency.
SIMPLIFYING PASSWORD MANAGEMENT
Fortunately for companies and IT admins, there is a way to solve this problem.
It starts with having a central, core identity store that securely stores an organization’s identities. But even that isn’t enough. That central directory service needs to be able to federate that identity to any IT resource that the organization needs. Of course that is easier said than done. Devices, applications, and networks leverage different protocols and standards to log in users. Some use LDAP, while others use SAML, SSH, or RADIUS. A modern directory service must be able to handle all of these different protocols and approaches to user authentication and authorization with only one set of credentials.
JumpCloud’s Directory-as-a-Service solution is building a cloud-based directory service infrastructure that can centrally control access to IT resources. Users simply use one set of credentials to access whatever they need. JumpCloud’s cloud-based identity source federates to other infrastructure components such as cloud servers, SSO solutions, WiFi controllers, and others. JumpCloud, fitting within the Identity-as-a-Service category, supports a number of different protocols and is location agnostic. Users have full password management and SSH key management capabilities through an end user portal. Passwords and SSH keys can be updated and rotated without IT intervention.
JumpCloud delivers a smart and secure password management solution to IT organizations that is their central control point for all IT access. If you’re struggling with password management issues, drop us a note or try JumpCloud’s Directory-as-a-Service platform for free.