What to Know About AWS, LDAP, and SSO

The identity and access management (IAM) space is complicated. There’s conventional, on-prem directory services, cloud-based directory services, open source solutions like OpenLDAP™, and a cadre of SSO platforms. The number of combinations and approaches to IAM explode still further when you add in the complexity of Infrastructure-as-a-Service (IaaS), platforms such as AWS®. In this article, we’ll try to simplify the landscape and break down what you should know about AWS, LDAP, and SSO.

The Questions Facing Admins & Engineers

As more IT shops move their infrastructure to AWS and other cloud service providers, it is clear that there are some significant challenges related to identity and access management:

All of these are critical questions when considering how to integrate off-prem infrastructure with on-prem and your various users.

A Two-Part Model for Understanding AWS, LDAP, & SSO

In order to understand this problem, it’s probably best to break it up into two significant pieces. One is the back-end IAM infrastructure that can be used to connect users to their IT resources, and then the second would be how to make it easy for end users to securely log in to what they need.

For the first step – finding the right IAM infrastructure for both AWS and your IT resources – is a significant challenge. Historically, IT admins have leveraged Active Directory® on-prem, but extending that to AWS can be cumbersome. It is possible to use AWS Directory Services or stand-up your own LDAP server, but both of those create other problems, notably that there are now two identity providers which is challenging to manage and control. Ideally, there would be one IAM solution that would cut across on-prem, remote, and cloud-based resources regardless of platform, provider, and protocol.

The second facet of the problem is (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Nick Scheidies. Read the original post at: https://jumpcloud.com/blog/aws-ldap-sso/

Nick Scheidies

Nick Scheidies is a life-long of computer technology since he could first use a mouse and keyboard. In his role as Content Marketing Manager at JumpCloud, Nick has specialized in learning about identity security and cloud-based infrastructure for IT organizations.

nick has 25 posts and counting.See all posts by nick