Web application single sign-on (SSO) has been an extremely popular category in the identity and access management space. But, as the identity management space changes and evolves, the question is what is the future of the web app SSO market?
In order for us to understand where the market is going, we need to understand where it came from.
First there was LDAP
The identity management space used to be quite simple a long time ago. The market really kicked off with the advent of the LDAP protocol. That spawned the creation of OpenLDAP™ and Microsoft Active Directory®, the core identity providers for an organization. Of course, AD would go on to become a monopoly in the space. This was no surprise given that Microsoft Windows was the most dominant platform.
As web applications started to emerge, connecting core identities to them was challenging. Web applications weren’t a part of the overall network infrastructure and weren’t based on Windows. In fact, they were accessed via the browser which changed the whole flow of the authentication process. Microsoft had leveraged Kerberos as the authentication protocol of choice for their domain controller. Web application access didn’t coalesce around a protocol until SAML was created. SAML was meant to be the authentication protocol for web applications and while it hasn’t been wildly successful, it is used by many top web applications.
Web App SSO is an Antiquated Approach
As a result, a generation of web application SSO solutions came on the market. These solutions relied on Active Directory as the core identity provider and then federated the identity to the web application either through just using the password on the site or through a SAML-based authentication.These web application SSO solutions have done quite well and some of the IT vendors in the space have either gone public or been acquired. For IT admins, though, web application SSO and Active Directory are an antiquated approach to the overall modern IT identity management problem.
Instead of two or more IAM solutions, IT organizations are searching for the core identity provider that can not (Read more...)