Web application single sign-on (SSO) is an important category and a useful tool for IT organizations. This is especially true since the average small to mid-sized business uses 50+ SaaS products (Blissfully). However, as IT admins know, web app SSO only solves part of the problem in the modern office. Ideally, users would have a single sign-on not just to their apps, but also their systems, files, and networks. This has led to most organizations choosing solutions that go beyond SSO – endpoint-centric solutions that are based based in the cloud but more closely resemble a core identity provider (e.g., directory services).
The industry is moving beyond SSO, but are you ready to move with it? In order to understand the shifting IT environment, we need to step back through history.
When SSO was Only Apps
At its core, SSO is about identities and access. For years, identities were stored and managed on-premises, through tools such as OpenLDAP™ and Microsoft® Active Directory® (AD). Of course, with the world being virtually all Microsoft Windows®, AD quickly became the identity provider of choice.
But the IT world transformed throughout the 2000s as web-based applications started to flood the workplace. Active Directory wasn’t built to work with these cloud-based, non-Microsoft resources, so AD began to struggle. OpenLDAP had similar challenges with simplifying and securing app access. This created the opportunity for web application SSO providers to surface. They sat on top of AD and connected users to their web apps.
However, as we know, that hasn’t been enough. The IT landscape has continued to evolve. Mac and Linux machines are replacing Windows. Cloud servers from AWS are displacing on-prem data centers. Modern approaches to file storage such as NAS and Samba file servers are replacing Windows File Server. Traditional IDaaS solutions don’t connect users to these new tools. Rather, they merely extend AD identities to web-based applications.
Moving Beyond SSO
The bottom line: SSO shouldn’t mean a complicated set of group management tools that provide “unified” access to siloed groups of IT resources. Unless you have a single set of credentials for your systems, files, networks, and apps, then it’s not truly SSO. This is why modern IT teams are looking beyond SSO, to an approach that completely centralizes the user identity and the management of that user’s access to all critical resources.
Directory-as-a-Service® is Endpoint-Centric SSO
JumpCloud’s Directory-as-a-Service® is a cloud identity management solution that securely manages and connects users to all of their IT resources regardless of platform, protocol, provider, and location. We call the result True Single Sign-On™ because, when JumpCloud is implemented, users will be able to use one set of credentials to log in to all of their resources. This includes their system (Mac, Linux, and Windows), on-prem and remote servers (GCP, AWS), legacy and web-based applications, productivity platforms like G Suite™ and Office 365™, physical and virtual file storage (NAS devices, Dropbox etc.), and wired and wireless networks.
IT admins no longer have to settle for an on-prem directory service with a myriad of band-aid solutions. With JumpCloud Directory-as-a-Service, they can leverage one sophisticated, identity provider that provides them with management and visibility over their entire IT environment.
Find out more about moving beyond SSO by dropping us a note. We also encourage you to start testing our comprehensive IDaaS solution by signing up for a free account. Your first ten users are free forever and you’ll be able to test the whole platform.
This is a Security Bloggers Network syndicated blog post authored by Natalie Bluhm. Read the original post at: JumpCloud