Virtual Identity Bridge

Written by Vince Lujan on August 9, 2019

Share This Article

Most IT organizations today leverage a virtual identity bridge in one form or another to manage user access to their IT resources in the cloud. The cloud resources that often require an identity bridge of some sort can include web applications, cloud-based productivity platforms, Infrastructure-as-a-Service (IaaS) providers, and many others.

IT resources such as these often require a virtual identity bridge because traditional directory services solutions (i.e., Microsoft® Active Directory® (AD)) struggle to support heterogeneous cloud environments. Fortunately, a new generation of cloud directory services solution is providing a True Single Sign-On experience that does not suffer the pitfalls of legacy directory services solutions. 

What’s Wrong with Traditional Directory Services?

There used to be nothing wrong with traditional directory services solutions. Back when IT environments were predominantly on-prem and Windows®-based, IT admins could leverage a traditional directory service (usually Active Directory) to effectively manage their entire environment. 

Of course, this was primarily because all of the systems, applications, files, and networks of the day generally all shared a Microsoft foundation via Windows. As a result, IT admins didn’t really need virtual identity bridges because they could leverage a single Microsoft solution (generally through AD) to connect users to all of their on-prem, Windows-based IT resources. 

Building Virtual Identity Bridges

However, the IT landscape started to change in the early 2000s as a wide variety of non-Windows-based IT resources emerged from the cloud. As previously noted, web applications (e.g., Salesforce®, DropBox®, GitHub®), cloud-based productivity platforms (G Suite, Office 365), Infrastructure-as-a-Service providers (AWS®, Azure®, GCP, IBM), and many others were difficult (if not impossible) to manage directly with traditional directory services platforms. 

Of course, that’s when first generation identity bridges emerged to fill the gap left by traditional identity provider (IdP) platforms. 

Virtual identity bridges such as web application single sign-on (SSO), privileged identity management (PIM), Google Cloud Directory Sync (GCDS, formerly known as GADS), Azure AD Connect, and many more could be layered on top of a traditional directory service with the purpose of extending legacy user identities to IT resources that were not natively supported. In doing so, IT organizations could continue to leverage traditional identities, but with added support for a wider range of IT resources.

Burning Traditional Identity Bridges

While effective at extending traditional identities to cloud resources, the trouble with this layered approach has been that IT organizations then require a wide array of virtual identity bridges (and everything required to support them) as more non-Windows or cloud-based IT resources emerge. Not only does this approach add significant cost and complexity, but it also further entrenches the IT organization on-prem with legacy tools. Traditional identity bridges are not designed to be the core IdP, but rather, to point to an existing one. 

Instead of continuing to layer add-ons on top of their legacy IdP, today, IT admins are realizing that the ideal path forward is with a new generation of cloud directory services that does not require an array of add-on solutions or anything on-prem. Essentially, what they are looking for is a True Single Sign-On experience. With True Single Sign-On, IT organizations can securely manage and connect users to virtually any IT resource from a single pane of glass. 

True Single Sign-On Solution

True Single Sign-On is one of the driving concepts behind the JumpCloud® Directory-as-a-Service® platform. Directory-as-a-Service is the first completely cloud-based identity provider that consolidates what was once an entire ecosystem of disparate identity and access management (IAM) solutions into one comprehensive platform. 

As a result, IT organizations can once again leverage a single IAM solution to connect users to all of the resources they need, but this time it’s without anything on-prem and without the Windows-centric focus. Thus, enabling IT organizations to eliminate AD and most (if not all) of their point solutions in favor of a comprehensive cloud directory services alternative that supports virtually any IT resource. 

What If I Still Need AD? 

While Directory-as-a-Service is a standalone IAM solution, JumpCloud also offers flexibility for organizations that are not ready to eliminate Active Directory completely from their environment. The JumpCloud AD Integration utility works by installing a lightweight agent on both the Active Directory domain controller and any system needing management. 

This allows Directory-as-a-Service to synchronize with the AD instance with the purpose of federating AD identities and syncing passwords to non-Windows systems even when they are not directly bound to Active Directory. The result is that organizations can retain the legacy Active Directory platform as their authoritative identity provider if they must, while gaining management capabilities for the modern era. For this use case, JumpCloud effectively becomes the only virtual identity bridge required. 

Learn More About JumpCloud

Contact JumpCloud to learn more about virtual identity bridges, and to see how the Directory-as-a-Service platform benefit your organization, sign up for a free account. You can also request a personalized demo or watch a recorded platform overview here

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter