You could say that the concept of outsourced True Single Sign-On™ is the “holy grail” for IT organizations. Connecting users to the IT resources they need with one set of credentials is a major step-up for end users and IT admins alike. Users gain a seamless, productive workflow, and IT admins gain the ability to manage their entire infrastructure from a single pane of glass – all while outsourcing the configuration, storage, and maintenance of the identity management solution. While this used to be wishful thinking, today outsourced True Single Sign-On can be your reality.
But we’re getting ahead of ourselves. First, we’ll take a look at the story behind single sign-on (SSO), why most single sign-on solutions are incomplete, and then we’ll walk you through how outsourced True Single Sign-On can significantly enhance your environment.
The Story with Single Sign-On
The idea of single sign-on isn’t new. Although it wasn’t always called SSO. The conventional model of user access regulated by the domain controller was effectively single sign-on. This model is typified by the homogeneous, Active Directory® infrastructures of the early 2000’s. Users would log into their Microsoft Windows devices, and subsequently have access to other Windows-based resources such as applications, file servers, and networks.
The reason that this was possible was Microsoft’s dominance in the enterprise space. Virtually all of an organization’s devices were Windows and their applications were built on top of Windows. The users and devices were located on-prem or connected to the core network via VPN. This was critical because the identity provider required direct access to the IT resources in order for them to authenticate effectively and securely. The result of this was that first SSO experience. In fact, this version of it better lives up to the name of “single sign on” than the generation of SSO solutions that would follow.
IDaaS Introduces Partial Single Sign-On
IDaaS solutions started to emerge in response to the changing IT landscape and these were the first generation of providers to describe themselves using the term Single Sign-On (SSO).
These platforms were developed in response to the changing IT landscape. Users had started working remotely and using Mac or Linux systems in droves. Meanwhile, infrastructure moved to the cloud, with high rates of AWS adoption. Nearly all networks were wireless and virtual storage options like Dropbox reduced the need for on-prem file servers. Finally, web-based applications soared in popularity, with apps like Salesforce no longer installed directly onto the hard drive of the system.
Identity-as-a-Service (IDaaS) solutions calling themselves SSO surfaced in response to the high quantity of these web-based apps users needed to access on a daily basis. These IDaaS solutions were built to work in conjunction with Active Directory and focused on connecting users to web resources. However, first generation SSO platforms only solved one part of the problem that comes with present modern office. IT admins still face the challenge of connecting users to Mac and Linux devices, cloud servers, Samba file servers and NAS appliances, and WiFi. It hasn’t been easy to replicate the single sign-on experience that once existed in an all on-prem, Microsoft world.
The Need for True Single Sign-On
When we talk about True Single Sign On, we’re referring to an IDaaS solution that provisions access to all IT resources with just one sign-on. That means a user can access their workstation, their web apps, file servers, and even the WiFi network all with the same unique, secure credentials. In this way, it harkens back to the early days of homogeneous Microsoft environments, when everything was neatly contained.
In today’s more complex IT environments, the idea of a True Single Sign-On environment is more appealing than ever because it it creates an optimized, friendly experience and increases security. Users would experience less hurdles while only having to remember one password. When users only have to remember one password, this also has a positive impact on security, since they are less likely to engage in risky password behavior. True Single Sign-On would also provide IT with a centralized environment. This helps in automating tasks, spotting anomalies, and enforcing company and security policies. The good news is that with innovations in the cloud identity management space, a new, outsourced True Single Sign-On solution has emerged to bring organizations this protected, frictionless experience.
Try Outsourced True Single Sign-On with DaaS
Called Directory-as-a-Service® (DaaS), this new SaaS identity provider enables end users to leverage their device credentials to access virtually all of their IT resources including systems, applications, file servers, and networks. You can eliminate your on-prem infrastructure, centralize users and IT resources, and maintain widespread visibility with our cloud-based directory services.
Find out about our customer’s experience with our outsourced True Single Sign-On solution by reading Grab’s case study. They were able to centralize 3000+ user identities and provide them with a True Single Sign-On experience to Mac systems, applications, RADIUS, and G Suite. If you have any questions about our cloud identity management platform, drop us a note. Ready to test some of our features? Sign up for a free account and enjoy full access to all of our features. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud