If web application single sign-on (SSO) solutions—also known as Identity-as-a-Service platforms—are so popular, why is an alternative even necessary? It’s a great question, but the intent of the question is much broader for most IT admins. An alternative to an Identity-as-a-Service solution is really more about creating an integrated approach to identity management rather than just an alternative to web app SSO.
The Way it Was
Before we can address modern identity management, let’s dive into the way it was done in the past. Traditionally, IT organizations leveraged an on-prem identity provider (IdP), such as Microsoft® Active Directory® (AD), to act as the arbiter of user identities. With an IT market dominated by Windows®-based tools, identity management was relatively simple, given that AD could control Windows environments with ease.
The IT landscape has shifted dramatically over the last decade. The rapid advance of innovation in the market is causing IT admins to struggle with their approach to identity management and security. Namely, applications that used to be on-prem have shifted to the cloud. The on-prem AD was not suited to tackle the job all alone. That’s when/why IDaaS hit the scene. If you consider AD to be like a flat tire, usable but not ideal, then IDaaS/SSO solutions act as a sort of patch. Piling SSO tools on Active Directory could essentially patch the holes left by web apps.
That architecture, unfortunately, just isn’t enough in a constantly changing IT world. With cloud servers from AWS®, Mac® and Linux® machines, WiFi security, and more, even with IDaaS tools attached, AD just cannot cut the mustard of the modern era. Due to these shortcomings of the AD+SSO architecture, considering an alternative to Identity-as-a-Service is starting to make a lot more sense.
The Rubber Hits the Road
As any smart car owner knows, you can’t responsibly drive around with a patched up tire. It’s just not safe; you need to get a new tire. IT admins continue to consider their next generation identity management approach, and as they do, it seems like admins (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/alternative-to-identity-as-a-service/