By Stephanie DeCamp Posted January 3, 2020
Is it fair to compare Universal Directory (UD) vs Active Directory® (AD)? As more IT admins shift their infrastructure to the cloud, it’s only natural to compare on-prem solutions with new cloud offerings.
While they’re both a part of Identity and Access Management (IAM), AD and UD are often used (and combined) quite differently. And while both solutions are “directories,” they have many functions that distinguish them.
Which of those you’re prioritizing will ultimately decide whether Universal Directory or Active Directory — or even some other solution — will be the right one for your organization.
What to Consider
Active Directory established early on that directory services serve three critical purposes: authentication (AuthN), authorization (AuthZ), and management of systems. These are important to keep in mind as we explore what each directory can do, what will cost more, and what they can’t do.
Before going in, we’ve compiled this list of basic considerations, which should lay the groundwork for your own. When exploring directory services, you’ll want to ensure compatibility with:
- MacOS®, Windows®, and Linux® systems
- Cloud and on-prem servers (AWS®, GCP®, Azure®, internal data centers, etc.)
- Web and on-prem applications
- Physical and virtual file servers (Samba/NAS appliances, Box, G Drive™)
- WiFi and VPN networks through RADIUS
- Group Policy Objects, or GPO-like management capabilities
Okta® Universal Directory
Okta’s Universal Directory is a user database — sold as-a-Service — and the user management foundation for Okta’s single sign-on (SSO) platform. It can import Active Directory identities, or those from Workday and other human resource management systems. It can also coordinate attributes between these apps and compile them within its program.
Active Directory, on the other hand, is primarily an identity provider. It manages user authentication and authorization across 20 years’ worth of IT resources, including on-prem apps, networks, file servers, and systems. AD has historically served as an organization’s core directory, storing user identities and attributes and acting as the definitive source of authentication for Windows-based solutions.
Active Directory struggles to work natively outside of Windows systems and applications, a major disadvantage in today’s IT landscape. It also isn’t designed to easily connect to cloud applications, and requires the maintenance and upkeep of on-prem servers.
How AD and UD Can Work Together
While these two platforms can serve different purposes, they also provide a la carte options that can integrate with one another. As a result, an enterprise can mix and match different features to assemble an identity management approach. For example, AD can integrate with UD to access a wider array of cloud-based resources, and UD can integrate into AD for IdP authN and authZ. Depending on your needs however, this can get expensive and complex, while risking fragility with so many moving parts.
In general IT admins haven’t historically considered UD and AD as replacements for each other. In choosing one alone — no matter which — you may be giving up control of some aspect of your IAM. And that choice, between cloud-based resources or system-management security, is one no admin would relish making.
To learn more about directory services and which might be right for your enterprise, feel free to drop us a line. Our experts would be happy to discuss your organization’s needs and the best solutions for it. You can also check out our YouTube channel, which features many videos on this and other subjects.