By Rajat Bhargava Posted October 14, 2015
With the arrival of cloud-based services, many organizations are moving to the cloud. SaaS-based services have changed and will continue to change the landscape of IT. For example, no longer do IT admins need to purchase hardware, software, and manage implementations on-premises. Rather, cloud-based services have allowed IT admins to leverage cloud services such as Authentication-as-a-Service. Sometimes referred to as Directory-as-a-Service® or Identity-as-a-Service, Auth-as-a-Service enables access to a variety of IT resources, including devices, applications, and networks.
Many Authentication-as-a-Service providers focus on a single approach to authentication. They likely only leverage multi-factor or use SAML, or they do it for a certain constituency. Yet, Authentication-as-a-Service should be a broad platform to enable authentication of virtually any user with any type of device, application, or network. That’s a tall order, and one that requires a broad, flexible platform. By definition, an Auth-as-a-Service solution should be delivered from the cloud and used as needed, from anywhere.
The 4 Components of Authentication-as-a-Service
Authentication-as-a-Service components should include the following:
- LDAP authentication – Perhaps the most widely used directory services protocol, LDAP was created in the mid-1990s and is embedded in some of the leading directory services solutions. LDAP is leveraged for devices (most often Linux®) and technical applications.
- SSH authentication – Being able to control authentication via SSH to Linux-based servers is an important piece of the authentication puzzle. Due to AWS® and Google Compute Engine being utilized as an organization’s infrastructure, control over user access to these critical devices is a core part of authentication services for any organization.
- SAML-based authentication – Widely used for web-based applications, SAML-based authentication is leveraged by a number of single sign-on providers in order to support authentication for web-based apps. More of an organization’s application infrastructure is being delivered by SaaS-based services. Controlling who can access these services is critical.
- REST APIs – For internally developed applications, teams leverage REST-based APIs to deliver authentication services. Instead of having to build your own user store, IT teams and developers can leverage a third party service to manage app users, no matter if they are internal or external users of an application.
In order for authentication services to be useful, they need to be cross-platform, multi-protocol, and focused on a broad range of users. Organizations today have a wide variety of user types and resources. One central authentication service needs to cover nearly all of what an organization needs, or it will fall short on helping IT admins control and manage access to the organization’s devices, applications, and networks.
At JumpCloud®, we deliver authentication services under our Directory-as-a-Service solution. If you would like to learn more about how Directory-as-a-Service can help your organization centrally control and manage authentication, drop us a note. We’d be happy to talk with you about whether and how our platform can be helpful in your situation.