Can Your Business Operate without a User Directory Service?
It used to be that once a business reached a certain size, it was absolutely necessary to implement a user directory. But technological advances (especially on the cloud) have given IT department’s new options when it comes to directory services.
Now more than ever, it is possible to operate a business of considerable size without a user directory. But is it advisable? If so, what is the best way to operate without a directory?
We’ll give you our answer below, along with the top reasons businesses don’t implement a directory and the most common ways they manage to get by without one. For the uninitiated, we’ll briefly explain the conventional role of a directory.
Definition of a User Directory
A directory confirms a user’s identity (authenticates), controls user access (authorizes), and manages their devices. A directory service gives users and employees access to the IT resources they need, including Web services, applications, and devices.
Conventionally, Microsoft Active Directory (AD) and OpenLDAP have been the leading directory services.
Top Reasons Businesses Don’t Have a Directory
Directory services are at the center of an organization’s network. So why would a business ever want to bypass this essential piece of infrastructure?
If your business has just a few employees, then it’s likely too small to necessitate directory services. Most of these IT admins manage the connections in their head because there are just a few users.
But this approach isn’t very scalable. Once an organization grows over about five users, managing access to IT resources becomes a job for a directory.
No On-Premises Infrastructure
Directory services historically have been placed on-premises. So organizations that are native to cloud or cloud exclusive usually lack the ability to manage directories. Without the ability to host and manage the servers and software, an organization puts itself at risk for security breaches and ineffectual user management.
Just about all IT resources—devices, cloud infrastructure, Web-based applications, and internal applications—need to be tethered to a directory. This makes it complicated to manage OS platforms, networking, security, and protocol support. OpenLDAP requires highly technical knowledge to manage and maintain it. AD is easier to install, but managing all of it is still a full-time job for IT.
Right or not, some businesses forgo directory services because the level of effort required of them doesn’t match up with the perceived benefits.
Can’t Support Modern IT Infrastructure
It used to be all the computers in an office were Microsoft desktops. Those were simpler times. Today, there are Macs, Linux, and mobile devices in addition to Windows. With the advent of the cloud, more IT infrastructure exists off-premises—including SaaS-based applications such as Salesforce, Box, and G Suite.
AD and LDAP haven’t been able to adapt to the ever-changing IT landscape. The result is that some businesses forgo directories because conventional directories simply don’t do a good job of managing their 21st century infrastructure.
Hardware and software costs are just the beginning. The real cost of directory services is the continuous management, which requires the time and attention of staff. So while fledgling organizations often want to implement directory services, finding the resources to pay for them is an entirely different matter.
How Companies Function Without a Directory
When there’s a will, there’s a way. IT admins and third-party providers get pretty creative in order to operate without a directory. But some approaches work better than others.
This is probably the most common alternative to a user directory. IT admins hand-provision and deprovision users on applications and devices. Spreadsheets are usually involved. If you have just a handful of users, platforms, and applications, this can work – but it’s never going to be the most efficient or secure.
Configuration Management Tools
Chef, Salt, Puppet, or Ansible (as well as many others) are centralized management tools that can provide user management for cloud infrastructure up to about 30 devs / ops people. These tools allow IT admins to provision users via a central set of scripts. Since they primarily function on production systems, they are not often used in development, test, or desktop environments.
Unfortunately, these tools work through the use of scripting. So each change requires more coding. That’s okay, until exceptions are needed. Then the headaches begin for the IT staff team. Speaking of headaches, don’t forget third-party audits, which require fine-grained access control. Configuration management tools do not handle these types of requirements well.
G Suite Directory
Google’s corporate Gmail application has become the standby for small and medium-sized companies. Users have access to many Google services and they can also use these credentials for a select few other Web-based services (through OAuth). But it’s an intentionally limited system, starting with the fact that G Suite directory does not extend to a user’s devices, on-premise applications, and cloud infrastructure.
For companies that don’t need a significant amount of IT infrastructure and control, Google’s directory can be a decent alternative. But for those companies that need more than just Gmail and other Google offerings, G Suite Directory won’t cut it.
Organizations are shifting to SaaS-based applications on the Web. That makes managing access to these SaaS-based apps a key part of IT’s role. Single Sign-On (SSO) solutions efficiently control access to Web-based applications.
Generally, SSO solutions require an existing directory such as AD or LDAP. Otherwise, the SSO solution acts as a directory for the SaaS-based applications. But it does not act as a central user directory for all IT resources, including on-premise applications, a user’s compute device, and cloud server infrastructure.
The Complete Solution to a “No Directory Situation”
None of the approaches listed above creates a central user directory. Instead, these solutions create many different “directories” – spreadsheets, scripts, and silo’d systems that ultimately translate into more work, heightened risk, and diminished control.
Before you bite the bullet and implement a central directory, remember that conventional directories have their challenges and limitations as well. Innovative companies have increasingly been opting for a modern solution to directory services – Directory-as-a-Service®, or DaaS.
DaaS alleviates the challenges that organizations face with a directory. As a hosted directory service, IT admins don’t have to implement or manage an infrastructure. Backups, upgrades, security, networking, and maintenance are all taken care of by the service. This makes it great for small to medium sized enterprises who don’t want to invest a ton of time and expertise.
Unlike the other approaches listed above, DaaS can act as the central directory for nearly all IT resources. A wide variety of devices, applications, and cloud/Web infrastructure are included under that umbrella. This is thanks to DaaS’s multiple authentication protocols, including a device’s native authentication, LDAP, RADIUS, and SAML. The SaaS-based central directory can control desktops, laptops, and servers whether on-premises or in the cloud. Applications are covered too. Whether internal or web-based, the LDAP and SAML authentication also allows DaaS control over access to applications. In short, a DaaS solution supports the modern and ever-changing IT infrastructure.
You’re probably thinking, “This must be expensive.” But DaaS solutions are often more affordable than having it done in house. There is no additional staff and there are no separate hardware, software, and implementation costs. A good DaaS will scale with a company, so that they only pay for what they use. A simple, monthly subscription covers everything an organization needs for their directory services.