By Greg Keller Posted March 30, 2016
Identity-as-a-Service or IDaaS has been an important topic in the identity management space recently. In fact, over the last several years, many vendors have co-opted the term to describe their company’s abilities. Of course, like many terms in IT, IDaaS has become synonymous with a wide variety of different areas regarding identity management. For some vendors, IDaaS equals a web application single sign-on. For others it is a SaaS-based user store for the needs of their customers and their ability to offer the same to their own customers. For still others, IDaaS is equivalent to an extension of directory services to platforms and applications not supported by the core directory service.
Would the Real IDaaS Please Stand Up?
These various definitions of IDaaS are more or less correct, but not always. Ultimately, what the identity management industry has lost sight of is that the definition needs to mean something to the user / IT admin. It needs to resonate with the IT organization that is trying to implement these solutions for the benefit of automation, control, and security. With so many different approaches to IDaaS it seems that this term is more about a concept than a particular solution. Instead of narrowing the definition, we can expand it to be more inclusive and create a language which enables IT organizations to talk specifically about IDaaS.
A working definition of the term Identity-as-a-Service could be: Any solution connecting users through secure identities to IT resources delivered as an on-going service.
It seems as if that definition can include a wide variety of different approaches in the category. Critically important is that IDaaS allows for solutions to be delivered as a SaaS-based platform, managed service, or even a professional service. Of course, a broad definition of IDaaS will necessitate tighter sub-definitions or categories in order that IT admins can knowingly be talking about the same topics.
As such, the discussion of the IDaaS space can be broken down into the following sub-segments:
Directory Services– essentially the core user store of an organization’s users. These identities can be delivered to IT resources through a cloud-based platform which is often called Directory-as-a-Service® and is employed via multiple protocols. Delivered as a SaaS-based service, this category is at the forefront of any company’s identity management strategy.
Directory Extensions– on-premises directory services. Applications such as Microsoft Active Directory and OpenLDAP are limited in what support is offered. There is a whole cadre of solutions which are providing extensions to those directories in order to support Mac and Linux devices, applications, and mobile devices.
Web Application SSO – perhaps the segment most co-opting (and confusing) the term IdaaS, the web application SSO space is extending core user credentials to web applications.
Consumer Identity Database– another sub-segment of the IDaaS space. This option is mostly for consumer identities. Now more than ever, application vendors are turning to third party services to host their customer’s user credentials.
IDaaS has become a complex term, no doubt, however, it doesn’t need to be. Having a high-level definition that is inclusive leads to the creation of specific sub-segments. All of this enables IT organizations to quickly and easily talk about the space in a way that is more specific.
If you would like to learn more about the Identity-as-a-Service space and the different solutions we can provide, you can email us at email@example.com or give us a call at 720-240-5005. We’d be happy to discuss it with you.