By Greg Keller Posted October 30, 2015
For two decades the directory services space was simple, yet suddenly it’s complicated. Back then, there were really only two solutions to even consider: Microsoft® Active Directory® and OpenLDAP™. Microsoft’s Active Directory was the commercial solution of choice. With most networks being completely based on Microsoft Windows®, AD was an obvious choice. For organizations that had mixed environments with Unix or Linux® machines, they would often opt instead for the open source solution OpenLDAP. Now, with the advent of the cloud, the space has become more complicated. In this post, we’ll explore the difference between cloud-based directory services available on the market today, and which one may be the right choice for you.
There is some confusion in the Identity-as-a-Service (IDaaS) space regarding cloud-based directories. SSO providers Okta® and OneLogin™ both have a ‘directory’, but their directories are used for something different than traditional directory services, such as Active Directory and LDAP. The SSO providers leverage a directory to create a database of users rather than as an authentication, authorization, and management center for devices, on-premises applications, and networks. So, for the purposes of this post, we’ll leave those directories aside.
The two core cloud-based directory services that we’ll focus our attention on are Microsoft’s Azure® Active Directory and JumpCloud® Directory-as-a-Service®. There are distinct differences between the two solutions; Azure Active Directory is effectively an extension of Microsoft’s on-premises Active Directory solution, whereas JumpCloud Directory-as-a-Service is a purpose-built cloud-based directory.
The Difference Between Cloud-Based Directories
There are three key differences between these two directory services:
Cross platform authentication and device management. Azure AD is focused on extending the on-premises AD to the cloud, with a focus on Windows and Microsoft Azure authentication. Further, AD is created for Windows device management only. JumpCloud Directory-as-a-Service solution is aimed at organizations that leverage not only Windows machines, but Macs® and Linux devices as well. For organizations that are leveraging other operating system platforms, Azure AD won’t work well.
Multi-protocol support. Many organizations are utilizing applications that connect to directory services via LDAP. JumpCloud Directory-as-a-Service provides an LDAP endpoint as a service. User credentials can be authenticated via the LDAP protocol without having the organization standup its own LDAP infrastructure. This same approach extends to JumpCloud’s RADIUS-as-a-Service solution to integrate RADIUS authentication into a network. Azure AD’s focus is different, and providing turnkey LDAP and RADIUS endpoints is not a core part of that focus.
Cross IaaS provider support. If your organization leverages AWS® or Google Compute Engine Infrastructure-as-a-Service, connecting those servers to your cloud-based directory service can be challenging if you are using Azure AD. Linux servers are a core part of how organizations leverage IaaS, and connecting those remote servers back to Azure AD is painful. JumpCloud’s agnostic nature benefits organizations by connecting the central user directory to IaaS providers such as AWS, Azure, or Google Compute Engine, among others.
Beyond these three high-level differences, there are many other more. If you would like to learn more about how a cloud-based directory service can help you, drop us a note. We’d be happy to walk through JumpCloud’s Directory-as-a-Service and the other players in the market. If you would like to try the platform out for yourself and compare, please sign-up for a free account today.