Historically, the authentication process has been controlled by an on-prem identity provider. For most organizations, that has been Microsoft Active Directory®. But, as the IT landscape changes, IT organizations have been searching for an outsourced authentication platform.
First, we’ll take a brief look at the history of authentication, and then we’ll dive into the present IT world’s need for an outsourced authentication platform.
LDAP Launches Identity Management Platforms
The modern era of identity and access management kicked off with the advent of LDAP, the open source authentication protocol. Tim Howes and his colleagues at the University of Michigan created the LDAP authentication protocol to help connect users to directory resources. LDAP’s predecessor, the X.500, was too heavy for the infrastructure at the time, thus creating the need for a Lightweight Directory Access Protocol (LDAP).
LDAP paved the way for two major directory solutions in the identity management space: Microsoft Active Directory and OpenLDAP™. Both solutions focused on being the core identity provider for an organization. AD did that for Windows-based networks, while the open source OpenLDAP focused on more technical IT infrastructure such as Linux-based systems and applications. These solutions were based on-prem and also required significant effort from the IT organization including installation, configuration, and maintenance.
Constraints with Legacy Authentication Solutions
Since Active Directory was engineered by Microsoft, it should come as no surprise that the platform has always been focused on Windows systems and applications. But in the years since AD’s inception, the IT landscape has shifted away from 100% Windows environment to heterogeneous environments. In the process, AD has become a liability.
Modern IT organizations are leveraging Mac and Linux systems, cloud infrastructure from AWS and Google Cloud Platform, and a myriad of web applications such as Slack and GitHub. All of these fundamental changes to the IT infrastructure have had a significant impact on the process of authenticating users to their IT resources. IT organizations have been forced to either manually manage user access or add third party solutions on top of the existing Active Directory instance. Neither of these solutions are viable as organizations shift to the modern approaches to IT networks.
Manual management comes with a couple of hazards. First, it’s a massive time sink – especially if you’re constantly onboarding/offboarding or your organization has a large number of users. Second, manual management of IT resources significantly reduces your security efforts. The ability to enforce best practices when it comes to passwords, systems, applications, and your users is all hampered. In an age where your users’ identities are the keys to your digital kingdom, it’s more crucial than ever to be able to effectively manage what those identities can and cannot have access to and how they can authenticate to resources.
Manual management is a nerve-racking method for managing your modern IT environment in an Active Directory setup, so some IT admins turn to third party solutions. The problem is that third party solutions are expensive, and they don’t always work efficiently. Plus, when you really think about it, adding a third party solution on top of your Active Directory infrastructure is like trying to use duct tape to keep your foundation from cracking any further. The heart of the problem is the foundation itself, the legacy directory service. IT needs a new means for authentication.
Outsourced Authentication Meets Modern IT World
A new generation of outsourced authentication platform has emerged to solve the problem of connecting users to all of the IT resources they need. A core part of the solution is to create one identity that is leveraged to access a wide range of IT resources from systems, cloud infrastructure, web applications, file servers, and networks. Users only have to remember one username and password to authenticate to Mac, Linux, and Windows systems, cloud infrastructure, legacy and web-based applications, physical and virtual file servers, and wired and Wifi networks.
But the greatest benefit from an outsourced authentication solution is on the admin side. The IT team gains peace of mind knowing they have fine tuned control over their users’ identities, a boost in security across their infrastructure with features like MFA and password complexity management, and they don’t have to worry about server installation, configuration or maintenance because it’s all taken care of in the cloud.
Learn more about Outsourced Authentication with JumpCloud
Learn more about our cloud-based directory services by taking a look at Grab’s case study. They were able to centralize 3000+ user identities and reign in authentication to applications, Mac systems, G Suite, and RADIUS.
For any questions about our outsourced authentication platform, drop us a note. If you’re ready to start testing some of our features, sign up for a free account. All of our features are fully available and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud