Identity-as-a-Service (IDaaS) platforms are expanding their repertoire. Instead of just focusing on web application single sign-on (SSO), which is what most IDaaS solutions do today, some are extending their IDaaS functions to include virtual LDAP capabilities.
A Brief History of IDaaS
IDaaS solutions emerged a little less than a decade ago and largely in response to a wide variety of web applications. Back then, organizations looked dramatically different than they do today. Most were primarily Microsoft Windows® based at the time and much of their infrastructure was located on-prem.
Microsoft built strong tools to help in this regard including solutions such as Active Directory® (AD) and SCCM. AD leveraged protocols such as Kerberos and LDAP to create what could be described as close to one of the first True Single Sign-On™ experiences. The user would login to their laptop or desktop when connected to the wired network and the AD domain controller would authenticate the user to whatever resources they were authorized to access. This worked brilliantly across homogeneous Windows environments. The benefits were that IT admins could more easily control and manage the IT infrastructure.
However, the introduction of web applications created a significant problem:
On-prem directory service solutions like AD and SCCM were never designed to support cloud services outside of their domain. As a result, a new category of solution emerged called IDaaS to solve the problem. IDaaS solutions were built on top of Active Directory and leveraged a protocol called SAML, which was the web application authentication protocol of choice. This enabled IDaaS solutions to federate AD identities securely to resources external to the domain. This approach worked well for a few years. Then the world started to change some more.
Systems started to proliferate and different operating systems started to become more popular. Mac and Linux usage started to dramatically increase as did mobile devices. On-prem applications that may have been authenticated via Kerberos or LDAP started to shift to the cloud, but many of these didn’t leverage SAML. This created a perfect storm for yet another new wave of more technically focused applications (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/identity-service-function-virtual-ldap/