By Greg Keller Posted October 16, 2014
Directory services are the central core of an IT organization. They are the mechanism by which organizations authenticate, authorize, and manage users, devices, applications, and networks. They are essential to managing users and the IT resources that they need in a secure way. With directory services, IT admins control devices, policies, and settings. That way, the core business can run smoothly without security breaches or IT glitches.
However “directories” as we once knew them, are starting to take on a new form. Modern IT organizations are dealing with significant new trends, including a massive shift to the cloud for infrastructure and applications. Companies are simultaneously seeing an uptick of cross-platform software, a variety of user devices, and a mix of on-prem and cloud-based infrastructure. All of this is making identity management more complex.
Modern Identity Providers Need to Solve Modern Issues
To build a modern directory service, JumpCloud® took on a few central considerations. A modern identity provider must be cloud-based in order to leverage the benefits of the larger software-as-a-service trends. We’re talking about minimal management overhead, pay-as-you-go model, and resilient infrastructure. Further, a modern identity management platform would need to integrate with a variety of different user/device combinations, and with single sign-on providers to make it simple for employees to connect to Salesforce, Dropbox, and other web-based resources. In short, a modern directory service would need to manage a complex infrastructure, not only as a superset of AD and LDAP functionality but also as a re-imagination of what the word directory could mean in the cloud era.
And then, we built that. We call it Directory-as-a-Service®.
Specifically, our cloud-hosted directory service is built to manage these areas:
Organizations today are global even if they are small. They leverage developers in Estonia, a help desk in India, and manufacturing in China. Different groups will have different levels of access and control. However, they all need to be able to operate as a team and be productive. A unified directory service needs to be able to execute crisply in this environment. It needs to be able to manage these differing levels of access precisely and be able to control and audit to ensure that only the right access is given to the right people. A cloud-based directory needs to handle employees worldwide, contractors/consultants, temporary workers, and partners/vendors.
The days of a simple hardware environment are gone. With servers, desktops, laptops, tablets, and phones all providing leverage to employees that are increasingly mobile, it’s no wonder directories like AD and OpenLDAP struggle to bring everything together easily. Add to that the multiple major operating systems—Windows, OSX, Android, iOS, and others—and IT admins have an incredibly complex environment to manage and control. DaaS is able to authenticate, authorize, and manage all of the major device / OS combinations in use today. Primarily, that includes at least Windows, Mac, and Linux devices!
There are many types of applications.
- Web apps such as Salesforce, Dropbox, and Box.
- Internal apps like those created by your IT or development organization for internal use.
- SaaS-based infrastructure apps that assist your IT organization in management or infrastructure.
Regardless of what kind of app we’re talking about, each set of applications needs to be able to connect in some way to your core directory store for access, security, and control. For instance, general web apps for your entire employee base need to be connected via single sign-on solutions (often using the SAML protocol). And internal apps and infrastructure apps need to be connected via the LDAP protocol. An Identity-as-a-Service platform is able to help manage all of these different types of apps by supporting critical protocols such as LDAP and SAML.
Cloud identity management needs to be open and support major protocols. LDAP is the core for directories, but there are a number of other protocols that directories need to support. Kerberos is a critical protocol that Windows systems use to authenticate. Single sign-on solutions leverage OAuth, SAML, and others. Infrastructure devices might use RADIUS. A directory service should allow a variety of services to leverage its user store.
Modern directories are built to support businesses with all of their advanced infrastructures and cloud-based systems, whether that is SSO, integrated capabilities with existing LDAP or AD, or interfacing with the myriad devices that now populate the workplace. IT may not be the most glamorous thing in the cloud, but it’s central to the effectiveness of a business’s functionality.
Drop us a note to learn about what JumpCloud supports and how our modern, cloud-based directory can support your organization.