{"id":13910,"date":"2018-04-02T15:00:26","date_gmt":"2018-04-02T21:00:26","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=13910"},"modified":"2024-11-14T18:14:23","modified_gmt":"2024-11-14T23:14:23","slug":"unified-access-management-for-on-prem-applications","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/unified-access-management-for-on-prem-applications","title":{"rendered":"Unified Access Management for On-Prem Applications"},"content":{"rendered":"\n

The last decade in the identity management world has created <\/span>a shift to the cloud<\/span><\/a>. In fact, solutions such as first generation Identity-as-a-Service (IDaaS) platforms (more commonly known as web application single sign-on) have changed the conversation to focus on cloud applications. That focus is now coming full circle as the conversation comes back to <\/span>unified access management<\/span><\/a> for on-prem applications.<\/span><\/p>\n\n\n\n

How is unified access management changing the identity management world? What kinds of problems is unified access management for on-prem applications solving for IT organizations? To answer these questions, we need to look at the <\/span>identity and access management<\/span><\/a> (IAM) space as a whole, starting with the beginning. <\/span><\/p>\n\n\n\n

Modern IAM, LDAP, and Active Directory<\/span><\/h2>\n\n\n
\n
\"virtual<\/figure><\/div>\n\n\n

The start of modern identity management really kicked off with the advent of the open source authentication protocol, <\/span>the Lightweight Directory Access Protocol (LDAP)<\/span><\/a>. This innovation enabled the creation of many other identity providers including <\/span>OpenLDAP\u2122 and Microsoft\u00ae  Active Directory\u00ae<\/span><\/a> (AD). <\/span><\/p>\n\n\n\n

Of course, AD would go on to become the monopoly in the space because <\/span>Windows<\/span>\u00ae<\/span> machines<\/span><\/a> and applications were the standard, and the entire network was on-prem. This led to Active Directory basically introducing the first concept of unified access because a person\u2019s Windows credentials would give them access to the network, their system, applications, and data.<\/span><\/p>\n\n\n\n

This worked well for a number of years, but started to break down with the <\/span>introduction of web applications<\/span><\/a>. These IT resources were hosted in the cloud and weren\u2019t necessarily Windows based. The result was that Active Directory struggled to connect to these off-prem, non-Windows IT resources.<\/span><\/p>\n\n\n\n

Web App SSO Emerges to Help AD<\/span><\/h2>\n\n\n
\n
\"\"<\/figure><\/div>\n\n\n

As a result, a generation of IAM solution called web app single sign-on (SSO) stepped in to solve this problem. These <\/span>identity-as-a-service platforms<\/span><\/a>, as the analysts called them, would integrate with Active Directory and federate AD identities to a user\u2019s web applications. This, too, worked well for a number of years. Active Directory managed everything on-prem, and the web application SSO platform handled web apps. Then, the on-prem network started to change and morph even more. Windows started to be replaced by Mac<\/span>\u00ae<\/span> and Linux<\/span>\u00ae<\/span> devices. Critical on-prem applications started to be based on Linux and use the browser as the front-end interface more often.<\/span><\/p>\n\n\n\n

IT organizations were stuck. Active Directory couldn\u2019t manage and connect to Mac and Linux systems or Linux-based applications. While <\/span>web app SSO<\/span><\/a> platforms did a great job with web apps, they didn\u2019t offer the ability to manage on-prem apps that authenticated with LDAP, Kerberos, other non-SAML protocols, or non-Windows systems. <\/span><\/p>\n\n\n\n

So, the first generation IDaaS vendors started to shift their focus to include on-prem apps as well. They called this <\/span>unified access management<\/span><\/a>. The challenge with this approach is that it doesn\u2019t cover all of an IT organization\u2019s on-prem resources ( i.e. Mac, Linux, Windows systems, Samba file servers or NAS appliances, and local and remote servers). Further, this so-called unified access management approach still required Active Directory on-prem which still meant that IT admins were managing at least two platforms.<\/span><\/p>\n\n\n\n

The concept of unified access management for on-prem applications, cloud apps, systems, cloud servers, file servers, networks, and more makes complete sense. Having <\/span>one identity<\/span><\/a> to securely connect a user to the IT resources they need regardless of location, platform, protocol, and provider is exactly what modern IT organizations are looking for.  The good news is that they don\u2019t have to look any further because <\/span>JumpCloud<\/span>\u00ae<\/span> Directory-as-a-Service<\/span><\/a>\u00ae<\/span> has recently emerged and comes standard with this kind of approach.   <\/span><\/p>\n\n\n\n

Beyond Unified Access Management for On-Prem Applications<\/span><\/h2>\n\n\n
\n
\"directory-as-a-service\"<\/figure><\/div>\n\n\n

Completely cloud-based<\/span><\/a>, JumpCloud is a modern, full-fledged directory service that integrates with the following IT resources:<\/span><\/p>\n\n\n\n