Single sign-on (SSO) solutions are a popular category within the identity and access management (IAM) sector. This is especially true when you look at the fact that SaaS adoption among small and medium sized businesses (SMBs) doubled in 2014, and has quadrupled since 2015 (Blissfully). According to the same report, SMBs use 50+ SaaS products on average, and IT admins have been adopting SSO solutions to help manage user access to these 50+ SaaS applications. However, single sign-on solutions can get extremely pricey, so it’s no wonder that IT organizations are searching for open-source single sign-on alternatives.
As mentioned above, the concept of SSO has been extremely valuable to IT admins. Single sign-on creates more security, increases productivity, and decreases user friction and frustration. While it is does its job well, web application SSO is only helping IT centralize user access to one pocket of resources. An open-source single sign-on platform might not even be the solution IT is really looking for. To understand this further, we need to step back and take a look at the problem web-app SSO was created to solve.
Web App SSO Met a Need
Before web-based applications surfaced, IT organizations were able to centralize user management solely using Microsoft® Active Directory®. This was possible because their networks were largely Windows® based and on-prem. Then IT lost some of this capability when web-based applications exploded onto the market. Users needed to access them, but AD didn’t let you connect to them with the same credentials. That led to less control, decreased security and increased friction for end users. A generation of web app SSO providers – often called IDaaS solutions – emerged to solve this gap. As they gained popularity, friction emerged both in terms of cost and capability, and thus, the interest in open-source single sign-on solutions.
The Issues with Creating an Open-Source SSO Solution
Unfortunately, web-app SSO doesn’t lend itself well to open-source. OpenLDAP™, FreeIPA, Samba, and other solutions in the IAM world are popular open-source alternatives to the Microsoft Active Directory identity provider. The challenge with SSO is that there are ‘connectors’ or plug-ins for each web application and somebody needs to write and manage those connectors. With some SSO providers having over 10,000 of them, you can see why the open-source category isn’t easily solving this need.
There is another issue with the SSO category. Web-based applications aren’t the only new, modern resource to cause trouble for Active Directory. Between the rise of Mac and Linux and cloud infrastructure, most IT admins are looking beyond the typical AD and IDaaS setup. They want a solution that can provide their users with a central identity that they can use to access virtually all of their IT resources including systems, applications, files, and networks. This approach is much broader than traditional IDaaS/SSO platforms and is more of a core cloud identity management platform. While open source single sign-on solutions might not be a strong alternative, there is a new generation of solution called JumpCloud® Directory-as-a-Service®.
A Better Approach than Open-Source Single Sign-On
This cloud identity provider is not only cost-effective, but also comprehensive by providing end users with with one identity that can be used to access all of their IT resources. Using our cloud-based directory service, IT admins can provide users with one set of credentials that they can use to access their system (Mac, Linux, and Windows), legacy applications like JIRA, web-based applications such as Salesforce, physical and virtual file storage (NAS devices, Dropbox), and wired and WiFi networks. Users enjoy frictionless access to all of their IT resources, and IT admins gain some peace of mind because their environment is securely managed.
If you would like to learn more about why you should consider a cloud identity provider over an open source single sign-on platform, drop us a note. We’d be happy to walk you through why our identity management approach is a much more comprehensive solution. Of course, you don’t have to take our word for it. Start testing our cloud-based directory service by signing up for a free account. You will be able to test all of our features, and your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud