In the identity management world, there’s no doubt that web application SSO (single sign-on) has been one of the hottest sectors. In fact, AngelList identifies 16,600+ startups in the SaaS market, so it’s safe to say there are more web-based applications available than IT admins and users know what to do with. It also explains the uptick in activity in the web app SSO space. Certain IPOs, acquisitions, and announcements have made it clear that major players care about this market. The thing that’s interesting about this, though, is that SSO isn’t core identity management. Why does this matter? Well, the SSO market is only solving one part of a much larger problem that exists within the modern IT environment: a lack of identity management across all modern IT resources.
So, let’s take a look at what identity management has looked like in the past. Doing so will illuminate why web app SSO isn’t identity management, and why conventional SSO alone isn’t enough to centralize modern IT environments.
AD Sets the Precedent for Identity Management
The concept of identity management is really about owning a user’s identity and controlling access to a wide range of different IT resources. This role is often referred to as the identity provider, and historically, that has been owned by Microsoft® Active Directory®(AD). In an AD environment, a user’s identity would be connected to systems, networks, email, file storage, and applications. At the time, many of these IT resources were Microsoft solutions as well, and in a move to keep a firm hold on the enterprise market, AD was built to work best in this Microsoft ecosystem. As long as they stuck to this ecosystem, IT admins had powerful control and management over the identities within their environment.
The End of the World as IT Knows It
In the mid 2000’s, web-based applications emerged, and the AD setup started to crumble because Active Directory wasn’t built to integrate with applications that were delivered from the cloud. Many organizations began to suffer from shadow IT because end users wanted to use the most productive tools available. A Cisco survey revealed that IT departments believe their organizations to be using around 50 cloud services, when in reality it’s closer to 1,000.
When web app SSO providers surfaced, IT was relieved to gain back some control over identity management in their environment. Single sign-on has been a valuable asset to the organization. SSO has reduced friction for end users and provided IT admins with more control over web application access and identity security. But before we go further, let’s take a look at how SSO providers work. Doing so will demonstrate why SSO isn’t core identity management.
Why Web App SSO isn’t Comprehensive Identity Management
The way web application SSO solutions work is that they sit on top of AD and federate credentials to web applications. So, they can extend a user’s credentials to web apps, but web app SSO providers don’t necessarily own an identity. This is one reason why web app SSO isn’t the core identity provider, and also the reason why SSO providers can’t offer the same control and core identity management that Active Directory was once able to provide. Another component of identity management is being able to control access to a wide range of resources, and web app SSO lacks in this front too. Web app SSO providers offer user access to web-based applications, but many lack the ability to extend that access to systems, WiFi, or remote servers. Since web-app SSO providers are not able to host user identities or connect them to a wide range of resources, clearly web-app SSO isn’t a comprehensive identity management solution.
This is important because web-based applications haven’t been the only new resources to make their way into the modern office. Mac and Linux systems are on the rise, file storage and data centers are moving to the cloud, and most networks are now wireless. In the modern era of web applications, cloud infrastructure, mixed platform systems, on-prem and cloud storage, and WiFi, the traditional concept of SSO isn’t enough.
A new generation of cloud identity management is emerging that is True SSO™ – the process of using one secure identity to access virtually all of a user’s IT resources. For IT admins, the concept of True SSO is a significant step up and integrates a wide range of identity management solutions into one cloud platform.
True SSO with JumpCloud’s Directory-as-a-Service
The modern SSO solution is JumpCloud’s Directory-as-a-Service®, and it is connecting users to the IT resources they need. With one identity, users can authenticate to systems (Mac, Linux, and Windows), local and remote servers (AWS, GCP etc.), G Suite® and Office 365™, LDAP and SAML based applications, physical and virtual file storage, and wired and WiFi networks. IT finally has a solution that can provide them with centralized identity management over all the resources in their IT environment, and users can enjoy a streamlined process for accessing their resources.
If you have any questions about how conventional SSO isn’t identity management, please reach out to us. We’ll happily answer any questions you might have. You are also more than welcome to sign up for a free account. With full access and your first ten users free forever, you’ll be able to truly test the power of our True Single Sign-On™ solution.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud