How to Configure SSO with an LDAP Identity Provider - Security Boulevard

How to Configure SSO with an LDAP Identity Provider

To compensate for the complexity of the identity management market, most organizations try and choose point solutions and get them to work well together. This approach makes a great deal of sense based on how the IAM market has evolved, but is it really the best way forward? With the focus on single sign-on (SSO) for web applications, many IT organizations are trying to figure out how to connect that back to their core directory services. The specific challenge then becomes how to configure SSO with an LDAP identity provider.

How We Got Here

The short answer is that there are a number of resources available to connect leading web application SSO tools back to an LDAP identity provider. For example, JumpCloud can be the bridge between web application SSO solutions such as Oktasup>®, OneLogin™, and Google and a cloud LDAP identity provider.

In order to understand why this is interesting, it is important to go back in time to understand how the market has evolved. From the advent of the LDAP authentication protocol in 1993, a number of identity providers were created to work with it, including two leading ones: Microsoft Active Directory® and OpenLDAP.

Most organizations since have leveraged one of these two for their on-prem resources, and until fairly recently, these identity providers have sufficed. AD would win for Microsoftsup>® Windowssup>®-based environments, while OpenLDAP was more useful for technical situations with Linuxsup>® systems and applications. Between the two, before the impending rise of Macsup>® machines, most organizations could find plenty of adequate runway to secure their office environments.

Evolving Past On-Prem Limitations

As web applications started to become more popular however, identities that were stored within AD or LDAP needed to find a way extend out to those web applications. The result was a bridge solution called web application single sign-on, otherwise known as first-generation IDaaS. The core identity provider—either AD or OpenLDAP—would connect with the SSO solution and subsequently federate identities to the web applications that people needed.

Thus, the need to configure SSO with an (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by George Lattimore. Read the original post at:

George Lattimore

George is a writer at JumpCloud, a central source for authenticating, authorizing, and managing your IT infrastructure through the cloud. With a degree in Marketing and a graduate degree in progress in Public Communications and Technology, George enjoys learning how the IT landscape is adapting to a diversified field of technology.

george-lattimore has 95 posts and counting.See all posts by george-lattimore