With so many different identity and access management (IAM) tools and terms out there, sometimes the foundational elements are lost in all the noise. When we talk about IAM solutions, we are often talking about web application single sign-on (or SSO) solutions, multi-factor authentication (MFA), privileged identity management, identity governance…the list goes on. But today, we’re going to go back to the basics and ask: what is a directory?
What is a Directory?
Often called the identity provider (IdP), a directory (or directory service, more accurately), is the user store of identities and the central point for access control. The modern directory service dates back to the creation of LDAP in 1993 by JumpCloud® advisor, Tim Howes, and his colleagues at the University of Michigan. The creation of LDAP led to the invention of two of the original directory services platforms: OpenLDAP™ in 1997 and Microsoft® Active Directory® (also known as AD or MAD) in 1999.
The Directory Service Giant: AD
As time went on, Active Directory became the most popular on-prem directory service platform to date. AD was simply a component of Windows® Server. On-prem and Windows-centric, this identity provider worked well and was cost effective at the time given that most networks were entirely Windows-based already. In addition to this, Active Directory also offered what are known as Group Policy Objects (GPOs). A GPO is essentially a predefined script, command, or task execution template designed to manage Windows system policies, which revolutionized the way IT admins managed fleets of Windows-based systems.
This identity provider could connect users to IT resources like systems, files, applications, and networks. Because of the prevalence of Windows at the time, AD and the domain controller were undeniably valuable due to their nearly seamless integration with other Windows resources. Users would simply login to their Windows device and access whatever resources needed within the on-prem network. Everything was great in the traditional IT environment, users could access what they needed when they needed to. What could be better than managing everything from one pane of glass?