A cloud identity bridge describes exactly what you might think – a utility that extends user identities to bridge the gap between on-prem and cloud infrastructure. The latest iteration of this tool is JumpCloud’s AD Bridge. While JumpCloud’s unified cloud directory is able to act as a standalone directory, AD Bridge was created for organizations that want to continue using Microsoft® Active Directory® as their identity provider. AD Bridge allows these organizations to maintain Active Directory as the authoritative source of truth, while also extending selected users and systems to web-applications, cloud infrastructure, non-Windows systems (Macs and Linux), and even unbound Windows systems.
Why Extend Identities to the Cloud?
Hybrid infrastructure is the product of a world in transition from on-prem to cloud infrastructure. We’re at a point in history where traditional Windows on-prem infrastructure is becoming obsolete in favor of cloud replacements like SaaS applications (e.g. Salesforce, G Suite, GitHub, Slack), hosted infrastructure (e.g. AWS, GCP), non-Windows systems (e.g. Mac, Linux) – the list goes on.
Yet, while on-prem infrastructure is dying out, it’s not going down without a fight. Directory services are a foundational element of an organization’s infrastructure. While many startups are able to go full-cloud from the onset, unfortunately many well-established organizations are caught with one foot on-prem and one in the cloud. These organizations are ideal candidates for AD Bridge.
History of the Identity Bridge
When AD was first released in 2000, there was no need for a cloud identity bridge. In fact, the concept of the cloud hadn’t really been fully developed yet. It was a point in time when web applications were only just being introduced and not widely implemented. Instead, most organizations leveraged Windows legacy applications and Windows-centric IT infrastructure, all of which was on-prem.
As web applications gained traction, IT admins ran into difficulties using AD to manage non-Windows resources and web services. The need to better manage access to web apps created an opportunity for SSO providers, as they are now called, to create cloud identity bridges to extend AD credentials to manage these new cloud resources.
These solutions were layered on top of AD, and a wide array of SSO providers appeared to streamline access management for the myriad web-based apps suddenly considered essential to get work done. The trouble was IT admins had to then manage the SSO systems in addition to managing AD – adding complexity to an already complex solution. Furthermore, these SSO providers only provided access to apps – and not the wide array of non-Microsoft resources that AD struggled with, such as Mac and Linux systems. As a result, IT admins needed additional identity bridges to extend AD to these non-Windows systems.
IT admins quickly realized that managing everything would require multiple identity bridges, each of them siloed and with their own price tag. Some call this approach hybrid infrastructure, but that’s really just a fancy way to say, “whatever works.” This architecture is certainly not ideal, efficient, or elegant; but a lot of organizations simply aren’t able to “break up” with AD. If this sounds familiar, then JumpCloud’s comprehensive AD Bridge solution could be the cloud identity bridge you’re looking for.
Comprehensive Cloud Identity Bridge for Active Directory®
JumpCloud’s AD Bridge simplifies the process of extending your AD-managed identities to authenticate with hosted infrastructure and non-Windows resources not supported by AD directly. It works by synchronizing JumpCloud with your desired users and groups managed in AD to gain control over their access to networks, systems, data, and applications. Resources that are not directly bound to AD can now be managed using AD credentials. The result is that user identities are extended to all of the resources they need, both on-prem and in the cloud, while AD remains your master authority.
AD Bridge is different from conventional SSO add-ons since it connects so much more than just apps, but also systems running disparate operating systems like Mac and Linux devices. JumpCloud’s multi-protocol approach and robust system management capabilities eliminate the inefficiency of managing a variety of different “extenders” just to get AD to work with your infrastructure. Instead, AD Bridge empowers IT admins to leverage what is effectively a cloud-based Swiss army knife for extending Active Directory identities.
Benefits of AD Bridge include:
- Extend Active Directory to SaaS apps and cloud-based infrastructure.
- Eliminate identity silos; maintain AD as the master authority of authentication.
- Reduce the need for VPNs.
- Better management of Mac and Linux systems.
- More efficient onboarding and offboarding.
Is Our Cloud Identity Bridge For You?
Extending Active Directory isn’t for everyone. If you’re able to, we fully encourage you to leverage a cloud-based directory exclusively. That is the most future-proof approach and one that never requires you updating or maintaining on-prem hardware and software.
Yet, for many, the roots of their existing AD infrastructure grow too deep to cut them off completely. If your organization has invested in on-prem Active Directory infrastructure and leverages multiple cloud resources, web-applications, and/or disparate operating systems, then the JumpCloud AD Bridge is likely to be a good fit.
To learn more about how JumpCloud’s Active Directory Bridge can benefit your organization, drop us a note. You can also sign up for a free cloud identity management account and see for yourself. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud