Does the IAM capability: VLAN assignment make any sense to you? Is the functionality of dynamically assigning users and devices to a specific VLAN an IAM capability, or is it more of a networking function? These are great questions, and with the changing IT landscape, it is clear that different IT areas are overlapping. The ability to access different parts of IT infrastructures, via a single set of credentials, makes the distinction moot.
The Trouble with Traditional VLAN Set Up
In the traditional sense, dynamic VLAN assignment has existed as solely a networking function. This is largely because it was so difficult to implement. Network admins needed to create VLANs and segments within their network through physical switches and routers.
Then, a FreeRADIUS server would be connected to the network, as well as the identity provider (IdP). This was most often an OpenLDAP server or Microsoft® Active Directory®instance. Effectively, the RADIUS server was a middleware translating authentication requests from the network to the identity provider and then, when authenticated, placing the user on the network segment they were assigned to.
Ultimately, this process, while a significant step-up in security, provided many pain points for IT admins to suffer through on their way to actually implementing it. But, once it was set up, IT admins had some peace of mind regarding their network security.
VLAN Assignment Today
Nowadays, WiFi equipment is making it easier to create network segments. Now, with the introduction of cloud RADIUS and hosted identity provider services, the function of dynamic VLAN assignment becomes much easier. Instead of having to gather and configure all of the components, (switches, routers, a freeRADIUS server, identity provider, and more) there is very little infrastructure that the IT organization needs to deploy, manage, and secure.
Instead, IT admins simply point their WiFi network to the cloud identity management infrastructure and assign users to the proper VLAN segments. Then, the Directory-as-a-Service® takes care of the rest.
Wait, Directory-as-a-Service® and VLAN Assignment?
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/iam-capability-vlan-assignment/