Single sign-on has been around for a while. However, the concept of single sign-on has morphed over the years to be less about one identity connecting your users to everything that they need, and more about exceptions outside of the Microsoft Active Directory® world. Now, there is a new concept of virtual True Single Sign-On™ that is embracing the philosophy of having one identity for access to all critical IT resources – and one centralized place for admins to manage that access.
Evolution of SSO
The approach with SSO has really mimicked what has been going on in the IT landscape. The idea of SSO wasn’t even really talked about in the early 2000s when Active Directory emerged, but it was there. Microsoft’s idea of connecting you to your IT resources was two-fold: one, they needed to all be Windows-based, and two, they needed to be on-prem. Users would log in to their Windows device, and via the domain controller have access to whatever on-prem Windows resources they were authorized for. While we didn’t call it SSO, the process fit the definition of SSO: one set of credentials to access everything.
This model dominated the enterprise – for a while. Back in 2000, Microsoft owned 97% of the market share of devices [Forbes]. Just that number alone speaks volumes to the control Microsoft had. Unfortunately for Microsoft though, the IT landscape started to shift. Web applications started to become more popular. Cloud infrastructure rose to be the preferred choice for server infrastructure. On top of that, Mac and Linux devices began to overtake Windows machines on-prem. All of these changes had a major impact on the industry. In fact, by 2010, Microsoft only owned 20% of the device market [Forbes]. This was the death knell for the “Original SSO” – and it opened the door for a wave of solutions that sought to add on to Active Directory to complete the SSO picture.
The Second Edition of SSO
Of course, the plethora of new cloud-based IT resources and non-Windows devices were outside of the scope of Microsoft’s IAM solution (Active Directory). So a generation of web application single sign-on solutions emerged. Some of these were on-prem solutions and some were cloud-based, but all of them relied on extending Active Directory identities to web applications. These SSO solutions were built to patch the hole in the AD solution.
Unfortunately, this approach only solved one part of the problem. IT admins still struggled with cloud infrastructure at AWS, Mac / Linux systems, control over WiFi, storage systems such as Samba file servers and NAS appliances, and much more. The approach wasn’t a True Single Sign-On methodology that created one identity for virtually all IT resources. Instead, it focused on supplying access to one area (e.g. SaaS apps). This forced IT admins to look into even more tools to fill in the holes of Active Directory. But having to use multiple platforms just to achieve single-sign on is completely against the spirit of SSO, which is about unifying and simplifying.
Virtual True Single Sign-On
Fortunately, a modern approach to virtual True Single Sign-On has emerged with Directory-as-a-Service®. Instead of just connecting users to Windows solutions or web applications, this next generation IDaaS platform is connecting users to the IT resources they need regardless of platform, protocol, provider, and location. This means that one set of credentials can connect a user to your systems (Windows, Mac, Linux), web and on-prem applications (SAML, LDAP), cloud servers (AWS, GCE), data storage (Samba, NAS), WiFi via RADIUS, and more. All of your IT resources are easily accessible with one identity, providing a True SSO solution.
If you would like to learn more about virtual true single sign-on, reach out to us. We would love to answer any questions on how the process works, and how you can achieve the true SSO functionality all from the cloud. Alternatively, you can also sign up for a free account of the cloud-based directory. Your first 10 users are free forever, with no credit card required, so there’s no reason not to give it a shot.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud