The conventional approach to identity management has become too complicated. These days there are so many moving parts and partial solutions that it can be overwhelming for IT organizations to stitch together something that works. That is why the concept of having One Directory to Rule Them All® is so appealing for IT admins.
It is easy to list the advantages of having One Directory to Rule Them All, especially when you consider that the alternative is typically a hodgepodge of add-on solutions layered on top of antiquated on-prem identity providers like Microsoft® Active Directory® (AD). So let’s discuss how we’ve reached this current state of decentralized identity management and why IT organizations need One Directory to Rule Them All.
Traditional Identity Management
The concept of the directory service has been around for decades. At first, in the era of Identity-as-a-Service (IDaaS) and cloud identity and access management (CIAM), the idea of a directory service seems antiquated.
In fact, the most common directory services are antiquated. Most IT admins think of either AD or OpenLDAP™ when they hear the term ‘directory service’. AD and OpenLDAP were both developed in a different era of IT. This era was characterized by on-prem IT networks and predominantly homogeneous system environments (e.g., Windows®). While both of these solutions have been great for these types of environments, IT networks haven’t worked that way in a long time.
For example, cross platform system environments (e.g., Windows, Mac, and Linux) are common today. As are web applications like Salesforce, cloud infrastructure like AWS, and more. While the changes brought about by these new innovations and solutions have been largely positive, the challenge is that IT management tools are still firmly grounded on-prem with AD and OpenLDAP.
IT admins are well aware of this challenge and have been since the mid-2000’s. In fact, an entire generation of Identity-as-a-Service (a.k.a. web application SSO) solutions were created to mitigate the limitations of legacy IdPs. Web app SSO solutions are effectively add-ons to the on-prem IdP. Their purpose (Read more...)