By Katelyn McWilliams Posted December 25, 2018
With so many different identity and access management (IAM) tools and terms out there, sometimes the foundational elements are lost in all the noise. When we talk about IAM solutions, we are often talking about web application single sign-on (or SSO) solutions, multi-factor authentication (MFA), privileged identity management, identity governance…the list goes on. But today, we’re going to go back to the basics and ask: what is a directory?
What is a Directory?
Often called the identity provider (IdP), a directory (or directory service, more accurately), is the user store of identities and the central point for access control. The modern directory service dates back to the creation of LDAP in 1993 by JumpCloud® advisor, Tim Howes, and his colleagues at the University of Michigan. The creation of LDAP led to the invention of two of the original directory services platforms: OpenLDAP™ in 1997 and Microsoft® Active Directory® (also known as AD or MAD) in 1999.
The Directory Service Giant: AD
As time went on, Active Directory became the most popular on-prem directory service platform to date. AD was simply a component of Windows® Server. On-prem and Windows-centric, this identity provider worked well and was cost effective at the time given that most networks were entirely Windows-based already. In addition to this, Active Directory also offered what are known as Group Policy Objects (GPOs). A GPO is essentially a predefined script, command, or task execution template designed to manage Windows system policies, which revolutionized the way IT admins managed fleets of Windows-based systems.
This identity provider could connect users to IT resources like systems, files, applications, and networks. Because of the prevalence of Windows at the time, AD and the domain controller were undeniably valuable due to their nearly seamless integration with other Windows resources. Users would simply login to their Windows device and access whatever resources needed within the on-prem network. Everything was great in the traditional IT environment, users could access what they needed when they needed to. What could be better than managing everything from one pane of glass?
The Rise of the Cloud
As time went on, we began to see a shift in the IT landscape. With Windows now making up only 1 out of 5 devices in the modern office (Forbes), it is easy to see that the IT realm is in for a huge change. Web applications began to crop up, cloud servers from AWS® (Amazon Web Services) became more popular, Exchange was replaced by G Suite™ and Office 365™, and so on. The focus shifted from the foundational element, the directory service, to a hodge-podge of add-on solutions required to connect users to cloud-based and non-Windows solutions needed to do their jobs. These solutions basically sat on top of AD, and because of Active Directory’s relevance amongst most organizations, it was more interesting to talk about the tools used to federate Microsoft identities than a nearly ubiquitous solution.
The challenge with this approach became that the overall infrastructure, management time, and costs required to maintain this patchwork directory all increased dramatically. Further, because the directory was on-prem it struggled with cloud and web resources. The result was that IT organizations were left wondering if a better approach to the directory was possible.
What is a Next Generation Directory?
The ideal next generation approach to a directory service would be delivered from the cloud and be completely neutral. Rephrased, the desire leans towards a cloud directory that would connect users to all of their IT resources including systems (Windows, Mac®, and Linux®), web and on-prem applications through SAML and LDAP, and cloud and on-prem servers through AWS, GCE™ (Google Compute Engine, the Infrastructure-as-a-Service section of the Google Cloud Platform), or on-prem data centers. In addition to these, users must also be able to access physical and virtual file servers (Samba based, NAS appliances, cloud such as Box™ and Drive™) as well as wired and WiFi networks. Luckily, a modern directory service exists that dramatically changes the way we look at directories.
Cloud Directory Services with DaaS
JumpCloud® Directory-as-a-Service® is a next generation directory service that is revolutionizing the way we see the traditional IdP. Completely cloud-based and platform agnostic, JumpCloud leverages LDAP, SAML, and RADIUS protocols to connect users with their on-prem and cloud applications, networks, file servers, and more, regardless of their location or provider. JumpCloud also offers GPO-like functions, remote command execution, audit logging, and more for Mac, Linux, and Windows systems.
Interested in learning more? Contact the JumpCloud team or schedule a demo to learn how the next generation cloud directory service can revolutionize your IT landscape. You’re welcome to sign up for a free account and take advantage of the full functionality of the Directory-as-a-Service platform. Find us on YouTube for customer stories, product explanations, tutorials, and more!