In Blog, Cloud Infrastructure, Directory-as-a-Service (DaaS), Identity and Access Management (IAM), IT Admins, Security, Uncategorized

There are a wide variety of identity management solutions on the market today. Many of these solutions are vestiges of the past. Historically, networks were largely homogeneous, resulting in simple identity and access management platforms. Organizations merely had OpenLDAP or Microsoft Active Directory as their core user database; this served their needs well. As the IT infrastructure changed, so too did the need for a wide variety of solutions. What was done to satisfy this growing need? Vendors created a number of solutions that were built on top of the core user directory. Let’s take a closer look at these identity management solutions.

Examining the Categories of Identity Management Solutions  

Directory services

Directory-as-a-Service is the core user database where users are stored. The directory serves as the central point of control and authentication of IT resources. Historically, the directory was hosted on-premises, but modern implementations are using a cloud-hosted directory service that will accept LDAP, SAML, SSH, RADIUS, and other protocols.

Directory extensions

This category emerged as Macs and Linux devices became even more popular. Directory extensions effectively were built on top of Microsoft AD, enabling organizations to authenticate and manage Mac and Linux machines. In modern identity management solutions, the three major platforms – Windows, Mac, and Linux – are all centrally managed and treated as first-class citizens.

Web application single sign-on

Cloud applications presented IT admins with another vexing problem, how do you leverage a single set of credentials to access applications hosted in the cloud? This problem was solved by a cadre of web app SSO products. Built on the SAML protocol, these solutions would integrate with the core user directory and federate those credentials out to the web applications. Modern Identity-as-a-Service platforms tightly integrate web app SSO with directory services.

Privileged account management

A category with deep history in the network and server space, these solutions would create a systematic mechanism to access routers, switches, storage infrastructure, and servers. Of course, these high-value, critical systems had more tightly controlled access than less critical IT resources. This category has largely been absorbed by modern Directory-as-a-Service platforms.

Password managers

As the pressure mounted to thwart hackers by creating complex passwords, a new solution category emerged. The password manager is meant to simplify the lives of each user by creating a vault of their difficult-to-remember passwords. The user remembers one strong password and then is able to unlock all of their other passwords.

Multi-factor authentication

As security takes a front-and-center seat in IT, organizations are employing the capability to add another user authentication ‘factor’. This factor is generally a hidden layer in addition to the authentication that the user is aware of. Multi-factor applications are available on smartphones; integrations with devices and applications are also available.

Governance

With an increase in security breaches, more identity management infrastructures are also including auditing, logging, and governance capabilities. These functions are critical to knowing who accessed what, when, and how. This information supports compliance activities and is invaluable during a potential security incident.

Daas: The Identity Management Solution You Really Need

Today, these categories are still in place, but there is a new movement towards cloud-based identity management solutions. This category is often referred to as Identity-as-a-Service or Directory-as-a-Service.

These categories integrate a great deal of the identity stack. The reason is that a core user platform is needed to connect to a wide variety of solution types. These solutions can be located in the cloud or on-premises and consist of different platforms and protocols, but they only need one set of credentials. The ability to be a True Single Sign-On solution – not just for web applications – is a critical part of IDaaS and the next generation of identity management solutions.

If you would like to learn more about how Directory-as-a-Service is delivering on the promise of a True SSO platform, drop us a note. We’d be happy to walk you through the capabilities of the platform as well as offer you a free account. Your first 10 users are free forever.

Recent Posts