For many organizations, file servers are an important part of the IT infrastructure. Even so, on-prem file servers don’t get as much attention as their cloud-based counterparts (e.g. Dropbox, Google Drive, and iCloud). But, if you’re an IT admin implementing a file server, you know you have it for a reason – and that file servers can be an irreplaceable component of an organization’s infrastructure. That said, file server management and authentication can be arduous and inefficient. So let’s look at how we can streamline file server authentication and essentially achieve SSO for file servers.
We will begin by considering the conventional methods of file server access management and then move on to how changes in the world of IT have impacted this experience. Finally, we’ll discuss how to bring file servers into your larger SSO and identity management strategy.
SSO for File Servers began with Active Directory
If you look back to when the IT landscape was far simpler, you’ll see that single sign-on into file servers came naturally. Authentication to the file server happened along with access to everything else – including a user’s system, their applications, servers, and the network. Of course, at the time the identity provider was Microsoft Active Directory® and the entire environment was Windows-based and on-prem. So in addition to access to systems, applications, and networks, a user’s Windows login also got them access to their Windows file server through the domain controller. This was powerful. Nobody needed to call this SSO, but the concept of SSO was inherent in the approach.
SSO Solutions Focused on Web-Based Apps
As more and more IT resources shifted to the cloud, a new IAM challenge arose: the Windows login or Active Directory infrastructure no longer connected users to all of their IT resources. Most SaaS applications and AWS infrastructure were (and still are) outside of the purview of the on-prem, legacy Active Directory instance. The result was that a new generation of web application SSO solutions appeared on the market.
While these initial SSO tools connected to web applications, they skipped cloud servers, Samba file servers, NAS storage devices, Macs, and Linux devices among many other IT resources. While a band-aid for the immediate problem with web apps, the first generation of SSO solution didn’t address the root of the issue. Users could access their apps and this access could be more securely managed by admins, but IT was still stuck with multiple siloed solutions that took additional time and money to manage.
In order to truly achieve SSO across a heterogeneous infrastructure, an innovative approach is needed – one that can provide a single set of credentials to gain access to systems, apps, networks, and file servers. An approach like this actually exists, and Directory-as-a-Service® is leading the charge.
SSO for File Servers with a Cloud Hosted Directory Service
As a cloud hosted directory service, the concept of Directory-as-a-Service is to become a True SSO solution for an entire organization. Part of the approach is to offer SSO for file servers – Samba file servers and NAS appliances such as Synology, QNAP, and FreeNAS among others. A user’s login to their Windows, Mac, or Linux device is also their access to their directories and files stored on these on-prem Samba-based file servers. End users gain quick and secure access to the data that they need, while IT admins can centrally control access to virtually all of an end user’s IT resources.
For more information on centralizing access to Samba-based file servers, consider watching the whiteboard video below. If you have any questions about SSO for file servers or would like to learn more about a cloud based directory, we hope you’ll drop us a note. We also encourage you to start testing our seamless authentication to Samba-based file servers by signing up for a free account. You’ll be able to explore all of our features, and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post. Read the original at: JumpCloud 2017-11-11.