Unified access management is a new term in the identity management space that has recently drawn a lot of attention. Yet, some vendors and analysts seem to think this concept is limited to cloud and on-prem applications. We believe that true unified access management should include systems, applications, files, and networks – regardless of where they are located. We’ll set the record straight in this blog post. First, though, we should talk about the concept of unified access management from a high level.
What is Unified Access Management?
Unified access management is a marketing term that is being developed by analysts and vendors to express that the modern user identity is no longer only in the cloud or only on-prem – but rather an integration of both concepts. That’s a good definition. Yet, as mentioned, many vendors have been using this term loosely in regards to a new “unified” approach to access management for cloud and on-prem applications. First generation Identity-as-a-Service (IDaaS) solutions seem to be the source this misunderstanding – specifically, web application single sign-on (SSO) providers. If we step back and look at the role SSO solutions have traditionally played within IT networks, then it’s easy to see why.
Traditional SSO solutions were originally designed to work on top of a core identity provider (IdP) – primarily, on-prem implementations of Microsoft® Active Directory® (AD). AD has always struggled to manage access to web applications, among other things. These limitations opened the door for third party vendors to create add-on solutions that could extend AD identities to cloud applications.
IDaaS solutions thrived in this type of environment for many years. Interestingly, however, IT organizations all over the world have started to eliminate their on-prem identity management infrastructure in favor of cloud alternatives. This IT approach to IAM is forcing the web application SSO providers to now go back and add support for on-prem applications. The challenge then becomes that IDaaS solutions were never designed to be the core identity provider, but rather to complement an existing one. IDaaS solutions weren’t designed to support authentication protocols other (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/true-unified-access-management/