By Greg Keller Posted November 13, 2015
A variety of definitions exist for Identity-as-a-Service. In fact, we presume there are as many different definitions for Identity-as-a-Service as there are IdaaS vendors. And that’s a lot! This has lead to confusion among customers as well as making it difficult for IT organizations to communicate internally using one cohesive voice. Rather than trying to pinpoint one specific definition for Identity-as-a-Service, it may just be better to think of IdaaS as a high-level market category with specific subsections. Of course, what matters most is an IT organization defines IdaaS to suit their unique environmental needs.
Identity Management Delivered as a Service
With that in mind, the best inclusive definition for Identity-as-a-Service may be any identity management approach delivered as a service. Generally, the service will be as a SaaS-based solution, the solution will be software, and it will be delivered from the cloud. However, all of these specifics may not work for each organization. For example, a consulting firm is managing a software identity solution for their customer, is that IdaaS? Yes, it very well could be. While all SaaS IdaaS vendors may not agree with that, the priority is always to establish the right definition for each customer.
If you think about IdaaS as identity management delivered as a service, there are a number of subcategories to this overall market. While there may be more, we can break down the categories into three distinct areas:
- Directory-as-a-Service – The core directory service delivered as a cloud-based service is Directory-as-a-Service. This platform focuses on being the central database of user identities which are subsequently connected to devices, applications, and networks. This category of solutions is considered IdaaS because it houses the authoritative credentials and delivers as a cloud-based service.
- Single Sign-on – These IdaaS vendors focus on providing one single login to all of the cloud applications that an organization needs. There are a number of providers in this space and they connect users to thousands of web applications. The SSO providers ingest the authoritative credentials from a directory service and turn around and federate them to the web applications. Many of the providers in this space are delivering from the cloud, but some are also on-premises software solutions.
- Directory Bridges – There are a number of organizations that bridge core identities, which are often housed in Microsoft Active Directory, out to other IT resources such as Macs, Linux servers, and mobile devices. At times the bridge can live within the cloud to ensure that it can connect to a resource virtually anywhere else in the world. These solutions are considered IdaaS, too.
Challenges with Defining Identity-as-a-Service
Given the diverse definitions associated with Identity-as-a-Service, it does not have one industry-wide meaning. Since the players in this space have used the term for many different approaches to the market, it may be best to consider IdaaS an overarching category with a number of subspecialties.
Let us know what you think. Is IdaaS overused or is there one all-encompassing definition that you think works?