Windows® Identity Bridge

Written by Vince Lujan on September 7, 2017

Share This Article

Microsoft Windows® has been the most dominant operating system in the enterprise market for almost two decades. Windows has been so widespread, that Microsoft has been able to offer a wide variety of Windows based solutions to support it. Think of things like Windows domain controllers for authentication, Exchange for email, Office 365 for productivity, and Active Directory® for managing identities to name a few and you will start to see just how big the Microsoft ecosystem really is.

While Windows has enjoyed being the standard for many years, the IT landscape has been starting to change. Linux and macOS are breaking into the market and creating new standards for server orchestration and computing solutions, respectively. Organizations are adopting non-Windows and cloud resources at an ever increasing rate. Perhaps the biggest surprise is the shift away from Active Directory, which has been the longest standing identity management platform to date.

However, Windows is deeply engrained in the infrastructure for a lot of organizations. So much so that many organizations cannot imagine breaking up with Microsoft any time soon. The challenge then for these types of organizations becomes how to extend Windows identities to non-Windows resources. In these cases, a Windows identity bridge may be able to help.

Why is a Windows Identity Bridge Necessary?

Windows identity bridges are the product of a world in transition to the cloud. If you look back to the late 1990’s, you will see a primarily Windows landscape. Everyone had a Windows system, they were tied into a Windows domain, and their Windows identities were managed by a Windows directory service – Active Directory. Active Directory was released in 1999 and was specifically designed to manage Windows identities and resources, which made a lot of sense in an IT world dominated by Microsoft.

Things started to change in the mid-2000’s with the introduction of Software-as-a-Service (SaaS) based solutions. At the same time, IT admins started to notice more macOS and Linux solutions appearing in their environments, wired networks were replaced with WiFi, and cloud replacements for on-prem components were favored.

The issue was that Active Directory was the only game in town when it came to directory services. AD was never designed to support resources that fell outside of its domain, and especially not non-Windows resources. This opened up room for third party vendors to provide management solutions for non-Windows systems in an AD environment. The result was an identity bridge that federated Windows or more accurately Active Directory-based identities to non-Windows resources.

Modern Windows Identity Bridge Applications

Today, there are many third party Windows identity bridges available – some for extending AD to Macs, others for Linux, single sign-on (SSO) solutions for web-applications, and of course on-prem resources via LDAP. The trouble is that most of them only solve part of the problem. Often times admins need multiple Windows identity bridges to manage their various resources. All of these add-ons must then be managed in addition to managing AD. The result is a very complex “solution” for extending AD identities.

Directory-as-a-Service features Windows Identity Bridge

One interesting solution in the cloud identity and access management (IAM) space is changing all of that. Directory-as-a-Service® is the first comprehensive cloud directory service that focuses on solving specific problems like connecting AD to Macs, Linux, AWS, G Suite, and so on.

The benefit to admins is that Active Directory can remain the authoritative IdP, but they can also leverage a complete cloud directory service for extending those Windows-centric identities to all of their resources. Directory-as-a-Service takes it a step further by providing cross platform GPO-like capabilities. Group Policy Objects (GPOs) have been Microsoft’s bread and butter, and is why a lot of IT organizations stick with AD. With Directory-as-a-Service, group policy like functions can finally be applied to non-Windows systems through JumpCloud’s unique Policies feature.

The result is a more complete identity management solution. Of course, the most complete solution would be to leverage one cloud identity provider. For organizations that cannot eliminate Microsoft quite yet, JumpCloud AD Integration is the next best thing.

If you would like to know more about Windows identity bridges and how Directory-as-a-Service can help, drop us a note. Either that or sign up for a free cloud directory account today and see for yourself. Your first ten users are free forever.

Continue Learning with our Newsletter