{"id":3562,"date":"2021-03-04T09:00:00","date_gmt":"2021-03-04T14:00:00","guid":{"rendered":"http:\/\/www.jumpcloud.com\/blog\/?p=3562"},"modified":"2023-01-06T17:28:32","modified_gmt":"2023-01-06T22:28:32","slug":"what-is-authentication-as-a-service","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/what-is-authentication-as-a-service","title":{"rendered":"What is Authentication-as-a-(Micro)Service?"},"content":{"rendered":"\n
With the arrival of cloud-based services, many organizations are moving to the cloud. IaaS-, PaaS-, and SaaS-based services have changed and will continue to change the landscape of IT. For example, no longer do IT admins need to purchase hardware, software, and manage implementations on-premises. Rather, cloud-based services – and microservices – have allowed IT admins to leverage cloud services such as Authentication-as-a-Service<\/em>. <\/p>\n\n\n\n An authentication microservice can take different forms. There are mainly two different categories to consider:<\/p>\n\n\n\n The customer auth category has largely coalesced around the name CIAM or customer\/consumer identity and access management. The internal authentication service is sometimes referred to as Directory-as-a-Service or Identity-as-a-Service<\/a>, Auth-as-a-Service or even Auth-as-a-Microservice, and enables access to a variety of IT resources, including devices, applications, files, and networks.<\/p>\n\n\n\n For the purposes of this article, we will focus on internally focused authentication microservices. We will separately tackle the CIAM approach, as that is quite different from the authentication services required for internal employees and contractors to be productive and access their IT resources.<\/p>\n\n\n\n Authentication services have historically been delivered as an internal IT service, generally housed on-prem. IT admins would simply: <\/p>\n\n\n\n End users would then login to their IT resources on-prem, usually, and be authenticated into those systems, servers, applications, file servers, and networks. A core part of the IT job description was to ensure that users could access whatever they needed, so their authentication process needed to be reliable, available, and secure.<\/p>\n\n\n\n Over time, challenges emerged for IT organizations as the types of IT resources expanded. Authenticating to on-prem Windows-based IT resources was largely straightforward, but as end users leveraged Mac and Linux systems<\/a>, web applications, cloud infrastructure from AWS or GCP, WiFi and VPN networks, and more, the authentication process was not so simple. Many of these types of resources required different protocols, remote authentication methods, and differing levels of security.<\/p>\n\n\n\n One path for IT organizations was to build on top of their IdP infrastructure with third party add-ons such as web application single sign-on, RADIUS servers, directory extension tools, and more. Each of these different add-ons would enable IT to authenticate a category of IT resource – e.g., RADIUS is wonderful for networking equipment<\/a>. While this path worked very well for many years there were a number of drawbacks including integration time, cost, and difficulty in leveraging the cloud or remote infrastructure and users.<\/p>\n\n\n\n Over the last several years another path has emerged, which is to outsource authentication services to third parties. These providers are responsible for the infrastructure required to authenticate a user\u2019s access to an IT resource. There are a wide range of providers – some that leverage existing on-prem infrastructure from an organization to others that simply replace the internal authentication process with a cloud-based auth service. Modern IT organizations will have a plethora of options to consider and meet their requirements.<\/p>\n\n\n\n Some of these authentication-as-a-service requirements that admins can consider include:<\/p>\n\n\n\n In order for authentication services to be useful, they need to be cross-platform, multi-protocol, mixed provider, location agnostic, and focused on a broad range\/types of users. Organizations today have a diverse set of needs due to remote work, cloud transformation, and security and compliance requirements. One central authentication service needs to cover nearly all of what an organization needs, or it won’t provide IT admins with the resource and device management<\/a> capabilities they need.<\/p>\n\n\n\n At JumpCloud, we deliver authentication services under our directory-as-a-service<\/a> solution. If you would like to learn more about how JumpCloud can help your organization centrally control and manage authentication as a microservice, drop us a note<\/a>. We\u2019d be happy to talk with you about whether and how our platform can be helpful in your situation.<\/p>\n\n\n\nHow Can Authentication-as-a-Service Work?<\/strong><\/h2>\n\n\n\n
\n
A Brief History of Authentication <\/strong><\/h2>\n\n\n\n
\n
Tackling the Challenges of Expanded Authentication Needs<\/strong><\/h2>\n\n\n\n
\n
How JumpCloud Supports Authentication<\/strong><\/h2>\n\n\n\n