By Kayla Coco-Stotts Posted January 5, 2020
In the battle for modern directory services, are Okta®’s Universal Directory (UD) and Microsoft®’s Azure® Active Directory® (AAD or Azure AD) worth considering? For most, though, UD and AAD aren’t used as the replacement to a true directory service, like Microsoft Active Directory. Regardless, given the activity in the identity and access management (IAM) space, it is worth understanding the comparison between Universal Directory vs Azure Active Directory.
UD and Azure AD weren’t intended as replacements for an organization’s on-prem AD, but rather a complement to the identity provider. Both cloud identity management services allow admins to extend AD identities to web applications through single sign-on (SSO). Below, we’ll compare features of both UD and Azure AD. We’ll also detail the components that define a service as a modern, cloud-based directory.
Universal Directory vs Azure Active Directory
Okta introduced Universal Directory as a way to build upon their established foundation of web application single sign-on services. Over time, Okta extended UD to serve as a repository for user information from a variety of sources, so that UD acts as the subsequent authority for a user’s data attributes. It’s also a core underlying feature for admins looking to leverage Okta’s SSO capabilities.
Azure AD is a cloud-based user management solution for Azure and Office 365™. Beyond Azure/O365 management, Microsoft also created it to provide IT admins with web application SSO from the cloud. Azure AD is designed to work as an extension of Active Directory, connecting users to various web applications, Azure infrastructure, and Office 365. In order to bridge on-prem AD to Azure AD, a component called Azure Active Directory Connect is required and then subsequently if Azure resources are needed to be accessed, Azure AD Domain Services is required as well.
Like Okta, Azure AD is a great resource for admins looking to extend user credentials to web applications, but it isn’t generally considered a standalone solution. As a result, IT departments layer Azure AD on top of their existing AD and associated connective technology described above. All of these solutions come with their own complexities and subscription fees.
UD vs AAD as Single Sign-On
These solutions are often quite useful when viewed from a different context. Universal Directory serves as a foundation for Okta’s web application single sign-on platform, and Azure AD is the user management solution for Azure as well as a web app SSO platform.
More than likely, when comparing these two solutions, IT admins are looking at their excellent web application single sign-on capabilities and comparing them.
UD vs AAD as Cloud Directory Services
If IT admins are considering these solutions as cloud directory services, then the comparisons can be quite different. For example, Azure AD serves as an extension to the on-prem Active Directory solution, which is considered a true directory service.
Regardless, IT admins would be wise to detail their critical requirements when choosing a cloud directory, whether that involves these two solutions or others. For most IT organizations, a cloud directory service is often viewed in the context of AD and building upon that foundation, except it exists in the cloud and is useful for modern IT environments.
For those looking to replace or update an instance of AD, IT admins actively seek out a solution that can connect users to all of their IT resources including the Windows-based resources that AD works well with. That often means that admins desire support for authentication and authorization to Windows, macOS®, and Linux® systems, cloud and on-prem server environments (e.g. AWS®), web and on-prem applications via LDAP and SAML, physical and virtual file servers (Samba file servers, Box, G Drive™, etc.), and WiFi and VPN access through RADIUS.
In addition to controlling access to these resources, modern cloud directory services should follow in the footsteps of Active Directory with GPO-like functions for not only Windows, but macOS and Linux as well.
IT organizations may have other critical requirements for their cloud directory service and evaluating all of the solutions against that expanded list is important for finding the best fit.
For admins who want the access and security of a modern, cloud-based directory service, the UD vs Azure AD comparison might be a bit confusing due to their areas of expertise. An alternative approach could be to check out JumpCloud®’s Directory-as-a-Service®. If you are looking for a modern cloud directory, feel free to reach out for a personalized demo.