What is an Open Directory?

It is an exciting time to be in the working world. Every year employees get to discard more mundane tasks and use more of their time on the creative, interesting work that is much more valuable to the company and more valuable to their professional development in the long run. And really, it’s all thanks to innovative new technology. The trouble is, IT admins have found it difficult to securely integrate many of the new tools available into their environment without it costing a steep price in time, money, productivity, and control. Many have realized the core issue lies with their closed, homogeneous directory service. As a result, they are searching for something new. In their search, they’ve come across this new concept called an open directory service. You might be thinking, “Isn’t that just Apple’s version of a directory service?” While Apple® Open Directory does exist, that’s not what we’re referring to in this case. So, what is an open directory?

Quite simply, an open directory service is an identity provider built with the heterogeneous workplace in mind. We’ll walk through why this is monumental, but to fully grasp the value of an open identity provider, we need to step back and look at why IT organizations are interested in an open directory service. That story begins with getting to know the long time leading on-prem directory service—Microsoft® Active Directory®. Many IT organizations are intrigued by such an approach and are very interested in the business case for the open directory. To be clear, their interest is not in Apple® Open Directory, which happens to go by the same name. Rather, the open directory that is outlined in this post is a directory service that is flexible instead of homogeneous. This concept will be discussed in greater detail here shortly, as well why an adaptive directory is a game changer.

First, though, let’s take a step back and look at how changes in the IT landscape have led to the predicament many IT admins find themselves in today.

The Story Behind Microsoft Active Directory

Microsoft Active Directory (AD) was created in 1999, and ever since its release, it has dominated the identity management market. At the time of AD’s release, most organizations were already using Windows®-based IT resources like Windows systems, Outlook® for email,  Microsoft Office® for productivity software, and more. Another aspect to point out is that a majority of IT resources in the past existed solely as on-prem resources. In order to access, let’s say files on a Windows File Server, you had to be inside the four walls of the office to do so. At this time, this was also okay because the norm was to work in an office, and people didn’t usually work remotely.

Microsoft enjoyed the profits they were gaining from dominating the workplace, so they used the release of Active Directory to perpetuate their hold on the enterprise: they built AD so that it centralized user and system management across other Microsoft assets. Active Directory worked really well, and consequently, most organizations had no qualms about solely adopting Microsoft IT resources and managing user access to them via Active Directory.

Well, this was all flipped on its head when web-based applications flooded the market, end users gained a newfound appreciation for Mac® and Linux® systems, cloud infrastructure emerged and matured, and the remote/gig economy took off. Active Directory struggled to adapt to this new working world because all of these new tools and behaviors defied the all-Windows, on-prem model. But not using these new tools wasn’t really an option because of their value in transforming how work was accomplished. As a result, IT admins have been forced to adopt add-on solutions like identity bridges, web application single sign-on platforms, multi-factor authentication solutions, and more. Not only did this further entrench organizations on-prem, it also added significant cost, required more infrastructure, and created more hassle for IT admins and end users. That’s why IT organizations are interested in moving away from a homogeneous directory service like AD. Okay, so what does an open directory look like?

How to Determine What is an Open Directory

The identity and access management (IAM) market is crowded with a lot of solutions, so wondering what qualifies as an open directory is actually a really smart question. To help you determine which IAM solutions are a true open directory service, we’ve put together a list of qualifications to help you figure out which IAM platforms can solve your identity management needs.

Functionality Requirements

Full-fledged Directory Service

First, a true open directory service will incorporate the components of a traditional directory service that IT admins have come to depend on. A full-fledged open directory will enable IT admins to provision and deprovision users from all of their IT resources, from a single pane of glass. Additionally, it will allow them to set different levels of permissions on resources. For example, they should be able to determine who has administrative access on a laptop, and who doesn’t. All of these functions empower them to keep their environment secure and well controlled.

Cloud Forward

Next, when determining if a solution is an open directory service, it’s important that the solution embraces the cloud, and enables you to leverage the cloud in a secure and efficient manner. Additionally, a survey by Rightscale found that 38% of organizations plan to make shifting to the cloud their top priority in the next year. So, a nimble directory service should also be able to run completely in the cloud, and require zero on-prem identity management infrastructure.

Flexible Administration

Lastly, an open directory service should offer IT organizations flexibility in how they can manage their environment. In addition to providing an intuitive user interface, a nimble identity provider should offer the ability to use APIs, scripts, and the command line to automate bulk tasks.

Adaptability Requirements

Multi-protocol

Take a moment to think think about what employees use in your IT environment to get their work done. Are they using LDAP-based resources or just those that rely on SAML? Probably not. More than likely they are also harnessing Samba-based file servers, RADIUS networks, and a great deal more. So, instead of narrowing in on one or two protocols, an adaptive directory service will support a variety of those that are commonly used like LDAP, RADIUS, SSH, and much more.

Mixed Provider

Along the same lines as the last point, using IT resources from a single provider is unlikely these days. For example, many organizations use Office 365™ and G Suite™. Others have a need to leverage AWS® and Google Compute Engine™. An open directory aims to support all providers, so that you can simply chose the solutions that deliver the most value to your organization.  

Cross Platform

A nimble identity provider will offer support for Windows, Mac, and Linux systems. After all, Macs are being adopted by the thousands in the workplace, Linux runs 90% of the public cloud workload, and Windows still owns about 68% of the desktop market in the U.S. So, a directory service that supports all three platforms is necessary. Ideally, an open identity provider also provides deep system management capabilities like the ability to enforce system policies and execute commands.

Location Agnostic

In the cloud, on-prem, or remote, your users and resources can be anywhere and the identity provider should still be able to provide sysadmins with effective control and management over those resources. With hiring managers predicting that more than one-third of employees will work remotely in the next 10 years, having an identity provider be location agnostic is crucial.

A directory service with all of these characteristics will provide you with confidence in taking on the future, and you’ll experience increases in productivity and security, all the while reducing costs. Let’s take a closer look at these benefits that come with an open directory.

The Benefits of an Open Directory

The identity and access management (IAM) market is crowded with a lot of solutions, so wondering what qualifies as an open directory is actually a really smart question. To help you determine which IAM solutions are a true open directory service, we’ve put together a list of qualifications to help you figure out which IAM platforms can solve your identity management needs.

It’s Future-Proof

What’s awesome about a directory service that is cross platform, multi-protocol, mixed provider, and location agnostic is that you’ll be able to use whatever tools that make the most sense for your organization—not only today, but also in the future. The technology world moves fast, so just because one set of applications and systems works well now, doesn’t mean they will two years later. One report even found that the typical mid-sized organization changed 39% of their web-based applications alone within just the last year. An adaptive identity provider flexes with the times, allowing IT organizations to always make sure they’re providing their users with the tools that empower them to Make Work Happen™ without losing control and sacrificing security.

Time is Better Spent

A byproduct of providing end users with the IT resources they want to use is that they are able to work better and faster. For example, one survey found that 68% of participants claimed that the ability to select their device of choice makes them more productive in the workplace. Other cloud IT resources have been shown to reduce the number of emails and meetings needed everyday. Plus, when all of the tools users need are integrated into a directory service, end users also have frictionless access to it all. That’s because they gain one set of credentials to authenticate to everything.

End users aren’t the only ones who experience an increase in efficiency and productivity. IT admins do as well. An open directory service makes it possible for sysadmins to manage their entire IT environment from a single pane of glass. They no longer have to sign into their web app SSO provider, the identity bridge, and so on to make a user change. Instead, they just have to sign into one solution, make their necessary changes, and then those changes disseminate across all the necessary resources. Plus, with flexible administration, it’s just as easy and fast to make changes in bulk just as it is to make them for a single user. Lastly, because an open directory service is completely cloud based, sysadmins don’t have to use their time to configure, maintain, and manage it. All of these aspects mean they can spend a majority of their week on tackling projects that bring the company value as opposed to using ample time on user management tasks.

Costs Shrink

The characteristics of an open directory also enable organizations to reduce costs. First, a cloud-forward directory service simplifies what organizations need to have on-prem. Beyond the gear necessary for WiFi and file storage (if you need it on-prem), companies can feel free to eliminate everything else related to their identity management infrastructure. By doing so, you eliminate the cost of purchasing and maintaining the hardware, and then also the costs associated with energy, redundancy, resiliency, and upgrades. Remember all those add-ons that IT admins required for Active Directory like identity bridges and web app SSO providers? You can get rid of those too and enjoy paying for just one identity management solution. Lastly, the flexible administration that a nimble directory service offers makes it possible to scale a company without needing more IT staff.

Security is Fortified

Finally, with data breaches on the rise in cost and frequency, strengthening security is top of mind for many IT professionals as they consider a new IAM solution. Fortunately, an open directory service is built to help fortify security from the inside out. From guarding identities with MFA and complex passwords to protecting networks with VLAN attributes and individualized access control, IT admins can ensure their environment is safeguarded with fine-tuned precision and control. Additionally, the open directory itself takes security very seriously and takes many steps to ensure your company’s identities are well-protected and managed. Some of these include the following: regular assessments and independent audits, background checks for every employee, quarterly security awareness training, and strong infrastructure security measures.

Future-proof, increased productivity, reduced costs, and stronger security are just some of the ways an open directory service can provide value to your organization. If you’re ready to take the next step, the good news is JumpCloud® Directory-as-a-Service® is the leading open directory service. It’s cloud-forward, cross-platform, multi-protocol, location agnostic, and supports a mix of providers.

Learn More About the Leading Open Directory Service

So far, over 75,000 organizations have implemented JumpCloud and experienced many of the benefits described in this article. You can read snippets of their stories in the business case for JumpCloud. Ready to see how JumpCloud works? Register for our introductory webinar, or contact us about scheduling a demo. If you would like to talk to a human about JumpCloud, drop us a note. One of our product experts will happily get back to you and help you however they can.

About Jumpcloud

JumpCloud Directory-as-a-Service is Active Directory and LDAP reimagined. JumpCloud securely manages and connects your users to their systems, applications, files, and networks. Try JumpCloud now, or contact us at 855.212.3122.