By Megan Anderson Posted December 19, 2019
Cloud directory services are a relatively new innovation. Organizations wove on-prem Active Directory® (AD) into the fibers of their core identities for decades, but as cloud computing proves to be more resourceful and effective, cloud-based directory services have been gaining momentum.
One option people might consider is Universal Directory (UD), which leverages information from an existing directory such as AD and extends identity attributes to various applications, but is there an alternative worth considering? First you need to establish exactly what you’re looking for.
The standards of what a directory service should be were primarily set by Active Directory, as it was virtually the sole enterprise-level directory service for nearly two decades. As the concept of the directory service has moved to the cloud, expectations for a quality directory have only expanded. Today, modern IT organizations expect their core directory service to be:
The age of on-prem servers is coming to a close. A modern directory is delivered from the cloud and often managed by a third party that does the heavy lifting of ensuring that the service is available, secure, and constantly innovating.
Capable of Integrating User Attributes and Information
Similar to Active Directory and LDAP’s capabilities, a cloud directory should aggregate information about a user and their role within an organization. Often this information can be used in a variety of contexts, including what access a person requires, what permissions they have, and many others.
Ability to grant AuthN/ AuthZ to All IT Resources
The core capability of any modern directory service is the ability to authenticate and authorize access. Most SSO options have done this just for web applications using SAML, but modern IT organizations need to delegate access to a wide range of other IT resources, including:
- MacOS®, Windows®, and Linux® systems
- AWS® and GCP cloud servers among others
- On-prem and web-based applications
- WiFi and VPN networks
- Physical and virtual file servers
Cross-platform System Management
AD’s strategic play for Windows system management through GPOs was transformative for IT admins. Now, with a heterogeneous environment, IT admins want similar capabilities for macOS and Linux systems as well. The best cloud directory will provide deep system management capabilities to ensure that the systems accessing applications, data, networks, and servers are secure and easily managed, no matter if they’re Windows, Mac or Linux.
Similarly, storing user data and credentials must be handled through intense security practices, including encryption, one-way hashing and salting of credentials, mutual TLS connections, secure vault storage of recovery keys, among many others. This goes in line with the directory being hosted on the cloud, as the cloud can offer superior security to on-prem solutions.
Match Directory Expectations to Needs
While an omnipotent directory would be ideal in any case, the needs of your organization determine what features need to be met and which are more “nice to have.”
For example, Universal Directory and most of its alternatives may supply a handful of features in the base product, but additional features such as multi-factor authentication (MFA), single sign-on (SSO), and user identity and access management must be purchased separately. Such features are considered to be standards in today’s IT scene, so when looking for an alternative to UD, the best solution would have them included at either a discounted or no additional cost.
While each organization’s needs are unique, the requirements above are generally a great place to start when considering a cloud directory services solution. If you’d like to learn more about which cloud directory service is right for your organization, drop us a note or visit our blog for more information.