As the identity management space heats up, with new approaches, technologies, and marketing terms being thrown around, it is critical for IT organizations to be able to quickly determine the differences between solutions. Unified access management is a new term that is being developed by analysts and vendors alike to convey that the concept of the user identity isn’t just on-prem or in the cloud. Rather, it is an integration of those two concepts and much more. In this blog post, we’ll discuss the question, “What is unified access management?” But first, we should provide some context.
Intro to Identity & Access Management
Historically, the core of the identity management world has been delivered from the on-prem directory services platform known as Microsoft® Active Directory® (AD). Active Directory was introduced in 1999, at a time when IT networks were largely Windows® based and on-prem. So it made sense for IT admins to implement Microsoft solutions such as Windows-based systems for user endpoints, Office® for productivity applications, Exchange® for email, Windows Server® for the file server and domain controller, and Active Directory to manage it all. The end result was that an end user would simply log in to their system, and they would subsequently have access to virtually any Windows IT resource.
This approach worked well, just so long as the network was on-prem and Windows-based, but then web applications like Salesforce® and Google Apps™ appeared. These applications were not based on Windows, nor were they on-prem. Consequently, Active Directory struggled to connect users to this new type of IT resource. That’s when a generation of web application single sign-on providers emerged to solve this new identity and access management (IAM) problem.
Unified Access with Single Sign-On
Web app SSO platforms were some of the first examples of what would become the Identity-as-a-Service (IDaaS) category of identity management. IDaaS solutions generally worked by integrating with the on-prem Active Directory platform. Their purpose was to federate user identities to web applications and other IT resources that couldn’t be managed directly with AD. While effective, one consequence was that IT admins had to manage at least one solution on-prem and usually another in the cloud.
This is because the web application SSO solution really only focused on the SAML protocol, while on-prem apps often leveraged Kerberos, LDAP, or other authentication protocols. Fast forward to now, and web app SSO providers have realized that they are only solving one piece of the puzzle. As a result, they are now having to go back and try to support on-prem applications as well. This is what unified access management means to these first generation IDaaS organizations that are trying to reinvent themselves in a multi-platform, heterogeneous environment.
The challenge for these single sign-on providers is that they are not eliminating AD. To truly provide unified access management, the solution needs to become the core identity provider as well as the SSO solution. After all, first generation IDaaS solutions were essentially Active Directory add-ons that required existing on-prem identity management infrastructure to operate. Not surprisingly, IT admins can’t help but wonder what this new approach will mean for them. So to answer the question, “What is unified access management?”, it’s really just another partial solution to the overall identity management puzzle.
For modern IT organizations, the concept of unified identity management goes far beyond just SSO to applications, regardless of location (i.e., on-prem or cloud-based). In fact, modern IT organizations need the concept of unified access management to be more like True Single Sign-On™. True SSO means that end users can leverage their core identity to connect them to virtually all of their IT resources – including systems, applications, files, and networks – regardless of platform, protocol, provider, and location. The good news is that a next generation True SSO provider has emerged that fits the bill.
The Future of SSO: True Single Sign-On
Called JumpCloud® Directory-as-a-Service®, this next generation cloud directory services platform enables IT organizations to unify access management to virtually all of their IT resources. The same solution can also help IT organizations replace their on-prem identity provider, as well as their niche web applications SSO platform. The end result is that IT admins can leverage one core identity provider to connect users to on-prem and cloud applications – and everything else they need too. Sound too good to be true?
Learn More About Unified Access Management
Drop us a note if we can help answer any questions or point you in the right direction. You can also schedule a demo, or sign up for a free JumpCloud Directory-as-a-Service account to see the future of unified access management in action today. We offer ten free users to help you explore the full functionality of our cloud directory services platform for as long as you see fit – and we don’t even require a credit card to sign up. Join the JumpCloud family today!
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud