Leanr more about JumpCloud's response to COVID-19 We’re prepared to help with your COVID-19 response. Learn more.

What’s a Real Cloud-Based Directory?



Updated on November 5, 2019

As the cloud directory services space heats up, a number of vendors will come out with claims that their solution is a cloud-based directory. But how do we separate the real deal from offerings that aren’t a complete solution, “poser” directories?

This topic gets at the heart of what a directory service is and how it works being delivered as a cloud-based solution. There are six major criteria of a cloud-based directory that IT admins should pay attention to:

Hosted in the Cloud 

Although it should be obvious that cloud-based directory should be hosted in the cloud, some vendors will try to tell you that their “cloud” directory requires an on-premises user store to sync with. A cloud-based directory should be stand alone in the cloud and have all of the functionality based from the cloud. Having an on-premises copy that syncs to the cloud is, well, an on-premises directory!

Machine Authentication 

A core part of directory services is the ability to authenticate devices. But there are a number of vendors in the space that believe that devices aren’t a critical aspect of directory services. Their thinking goes that as more organizations leverage the cloud, cloud applications (not devices) are what really matter.

While there is a significant movement to the cloud, it is important to remember that the devices that access those cloud-based resources are part of the chain. A compromise in one link can cascade to the Web-based applications. For that reason, machine authentication should occur for all major device platforms. Just authenticating Windows® devices does not make a cloud-based directory.

Machine Management 

Another essential part of on-premises directory services is machine management. This requires executing policies to secure the device. Microsoft® Active Directory® has done it for over 15 years and now cloud-based directories are doing it in the cloud for all platforms. Top cloud-based directories ensure tight policies and control over not just Windows devices, but Mac and Linux machines as well.

SaaS-based application integration 

Integrating with a whole category of solutions that manage access to SaaS-based applications is another critical element of a cloud-based directory. Because of this, several single sign-on providers have emerged over the last decade to manage a single point of access to Web applications. These SSO providers need credentials for each user and they can get those from a cloud-based directory service.

On-Premise Apps (LDAP) 

A cloud-based directory can’t only work in the cloud. Many organizations have legacy devices and applications that are located on-premises. Some of these applications will connect to a directory via LDAP. While there are many new authentication protocols in use on the Web, LDAP is still a staple protocol that any cloud-based directory service must support.

WiFi Integration 

As networks move to be wireless, there is a risk for organizations that weak security will cause a compromise. WiFi networks need to be supported through a directory service. Requiring users to authenticate with their corporate credentials is a significant step up over just an SSID and passphrase. A cloud-based directory needs to leverage RADIUS to connect back to an organization’s WiFi infrastructure.

Separating Posers from Real Cloud-Based Directories

IT organizations should look carefully at claims of being a cloud-based directory. Create a list of the core attributes that you need in your directory services and ensure that your solution can get you there. A cloud-based directory that forces you to purchase multiple directory products isn’t really a cloud directory!

Drop us a note if you have any questions around cloud-based directory services. We’d be happy to chat with you.


Recent Posts
Azure AD provides insight on your users and applications, but does that really tell you what’s happening in your entire organization?

BLOG

What Can Azure AD Tell You About Your Organization?

Azure AD provides insight on your users and applications, but does that really tell you what’s happening in your entire organization?

During a recession, many IT organizations find that the right identity and access management platform is invaluable.

BLOG

Value of Identity Management During a Recession

During a recession, many IT organizations find that the right identity and access management platform is invaluable.

As an MSP, you need to be able to manage Office 365 and G Suite across your clients’ organizations. With a cloud directory service, doing so is easy.

BLOG

Managing O365 and G Suite Across Client Organizations

As an MSP, you need to be able to manage Office 365 and G Suite across your clients’ organizations. With a cloud directory service, doing so is easy.