By Rajat Bhargava Posted December 11, 2014
While the benefits of shifting to Directory-as-a-Service® (DaaS) are compelling, the question becomes how do organizations leverage it? There are generally three use cases on how companies get started with a cloud Identity-as-a-Service platform:
1—Extend your existing directory to the cloud
Virtually all corporations, large and small, have some form of directory. This directory is typically Microsoft Active Directory (AD), LDAP, or Google Apps. While Google Apps is not really a directory, we’ll still count it. Whichever directory organizations have, they might feel the pain of managing user access to cloud servers, managing internal applications, or managing their Macs internally. However, there is a solution to this complex management environment. Specifically, companies can extend their existing directory to a cloud-based directory “mirror.” The internal identity provider mirror can manage user access to their cloud server infrastructure or to a third-party platform service such as AWS RDS. The Directory-as-a-Service platform also helps manage on-premises users and Windows, Mac, or Linux devices, Google Apps and/or Microsoft Office 365, and on-prem or cloud applications.
A cloud-based directory syncs with the existing AD, LDAP, or Google Apps directory, ensuring up-to-date information. Changes in the main directory are replicated, and companies receive seamless updates and higher security. For example, if an employee with access to a number of cloud-based servers left the company, he would be removed from the main directory and his access would be instantly (and automatically) terminated across all of the servers. In current practice, this is an orchestrated process performed by system administrators, ripe for errors and security concerns. Modern companies are taking the first step of leveraging a cloud-hosted identity provider by extending their existing directory to manage their IaaS, Mac and Linux systems, and other internal, LDAP-based apps.
2—Migrate to a unified, cloud-based, directory
Smart, modern organizations are completely shifting user, application, and device access and management to a cloud-based directory. More broadly many companies have moved a great deal of their on-premises ‘services’ (equipment and software applications alike) to cloud-based services. One of the last remaining services to make the shift to the cloud has been the directory service. With the introduction of cloud-based directory services, those last remaining on-prem servers can be decommissioned and the possibility of having a completely cloud-based organization becomes a closer reality.
In this scenario, organizations can import their existing Active Directory, Microsoft Office 365, or Google Apps directory into the cloud-based directory, preserving critical data and eliminating migration pain in the process. From then on, the Directory-as-a-Service solution becomes the authoritative directory. Authentication and authorization requests shift to the virtual identity provider. Admins then no longer have to manage the internal, on-premises, and legacy directory service. Further, the cloud identity management platform gives them management and policy control over users and devices.
3—Establish a new directory
Smaller companies that have operated without a directory – and there are many of these fast growing organizations – often turn to an Identity-as-a-Service solution for three reasons.
First, scale. When businesses hit a large enough number of users and devices the management access and rights across so many interconnections becomes too hard to do manually, especially with few resources available on staff (most of whom are busy dealing with ‘core’ business needs). The second case is security or controlling access. As organizations grow, not everybody needs access to everything, and if they are also subject to any regulatory standards, controlling access quickly becomes a problem. Finally, small organizations need simple processes for managing devices. Easily controlling and managing Windows devices has been a critical part of Active Directory and that requirement shows up as the number of employees and devices increases.
Whatever reason an organization chooses to adopt a directory service, they then place their users and assets in the identity management platform to create rights for who can access different servers and services. The benefits of this path for a small organization are eliminating the heavy lifting of creating and maintaining a directory service. These organizations also gain the scalability, availability, and security of a professionally managed directory service.
Modern organizations, large and small, are not limiting their adoption of the cloud. Cloud-based directory services solutions are a more cost-effective, secure, and scalable model, thus enabling both the business and its resources to focus on absolutely core needs and demands. Directory-as-a-Service is a core area for any IT admin to look at as they shift more of their infrastructure to the cloud.
Feel free to give our cloud identity management solution a try. Your first 10 users are free forever.