A virtual identity provider (IdP) refers to the software and hardware that is responsible for authenticating user identities and authorizing user access to IT resources. Modern virtual IdPs can also include identity management capabilities for systems, True Single Sign-On™, WiFi authentication via RADIUS, and more. However, the core function of a virtual identity provider is to securely manage virtual identities and federate them to IT resources from a centralized identity management platform.
Microsoft Active Directory® (AD) and OpenLDAP are the most popular examples of a modern IdP. Yet, for many IT admins, these antiquated solutions no longer meet their needs or expectations. As more organizations and resources shift to the cloud, they need a modern approach to virtual identity management to match their modern infrastructure.
What an Identity Provider Was
The concept of an IdP has been around since the introduction of the X.500 protocol in the 1980’s. However, the prototype for modern directory services really came to fruition with the introduction of the Lightweight Directory Access Protocol (LDAP) in the early 1990’s created by our advisor, Tim Howes, and his colleagues at the University of Michigan. LDAP quickly became the internet standard for directory services, and subsequently spawned modern solutions like OpenLDAP and Active Directory.
At the time, Microsoft was dominating the IT market. They offered solutions for just about every major organizational need (productivity software, email, web browser, file serving, and much more). As a result, it wasn’t uncommon for the entirety of an organization’s IT infrastructure to be Windows-based. Implementing a powerful tool to control Microsoft resources (i.e. Active Directory) was a no brainer. Active Directory quickly gained the majority of the market share for directory services, which has largely continued to this day.
However, the IT ecosystem has evolved at an ever-faster rate since AD’s heyday. Perhaps the most notable change in recent years has been the widespread transition to cloud infrastructure. It started in the mid-2000’s with a few popular web applications (e.g. Salesforce, Dropbox, Desk). Now, it encompasses the vast majority of IT. The benefits have been tremendous – but it hasn’t come without side effects. Active Directory and OpenLDAP have been so specialized in on-prem environments that they have been slow to adapt to new cloud innovations. The result is an opportunity for a new virtual IdP solution to step in and provide a better alternative for the modern cloud-forward IT world.
What a Virtual Identity Provider is Today
Directory-as-a-Service® (DaaS) is an example of a particularly powerful cloud-based virtual identity provider. Envisioned as a modern alternative to both Active Directory and OpenLDAP, this IDaaS solution was created in an effort to mitigate issues with traditional directory services and unite an organization’s IT infrastructure under one centralized management platform in the cloud.
Directory-as-a-Service offers a comprehensive array of management capabilities for everything from the core virtual identity to managing devices (e.g. Windows, Mac, Linux), web applications, cloud infrastructure (e.g. AWS, GCP, O365), and legacy applications and solutions via LDAP. DaaS is also a boon to security by including features like multi-factor authentication at a system and application level, True Single Sign-On, RADIUS-as-a-Service, password management, and audit compliance to name a few.
Why Try a Virtual IdP?
Additional benefits of implementing a cloud-based virtual IdP include a streamlined approach to managing virtual identities and IT resources regardless of platform, vendor, protocol, or location. Admins can push company policies with cross platform GPO-like capabilities to configure settings on a system or group level. Users can also utilize self-service features to reset passwords and manage SSH keys. Directory-as-a-Service can even sync with Active Directory via the AD Bridge, included in DaaS, so that admins can keep AD as their core on-prem IdP while gaining all of the management capabilities previously mentioned and more. These are but a few examples of the advantages offered by Directory-as-a-Service.
Contact a member of our team today to learn more about virtual identity providers and how Directory-as-a-Service can benefit your organization. You can also sign up for a free cloud directory account and demo the full functionality of our IDaaS product. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud