SSO and LDAP Integration

sso and ldap integration

Why is SSO and LDAP integration interesting? Aren’t they sort of orthogonal concepts? In a perfect world, wouldn’t IT admins not care about protocols and simply enable their end users to login to whatever IT resources they need and want?

If so, perhaps it’s less about integration of LDAP and SSO and more about a single platform that takes a multiprotocol approach to IAM. That way, admins get to harness LDAP and SAML together, in a single tool. First, we’ll discuss where LDAP came from, how the industry changed with SAML, and then get to integration of LDAP and SSO through multiprotocol identity management.

LDAP and IAM

When it comes to identity and access management (IAM), no protocol has been more integral than the Lightweight Directory Access Protocol (LDAP). After its creation by Tim Howes and his colleagues at the University of Michigan, LDAP was widely used as the backbone of directory services, such as Microsoft® Active Directory® (AD). For a while, LDAP was synonymous with IAM, as directories like AD used the protocol to connect end users to practically all of their IT resources.

With the rise of the cloud came changes to the IAM market. Most notably, applications were becoming widely available as a service, hosted on the internet. The on-prem directory service could not federate access to these web apps like it could to other resources. So, vendors presented a new solution to fill this growing need: single sign-on (SSO) tools.

Enter SAML

With SSO, IT admins could utilize the SAML (Security Assertion Markup Language) protocol to bridge the gap between their AD instance and the cloud. Of course, this was a completely orthogonal approach to the use of LDAP in IAM. IT organizations needed to leverage these new SSO solutions as add-ons to Active Directory, using both SSO and LDAP to create an IAM experience similar to AD’s early days. This disparate relationship added strain to an admin’s IAM approach, on top of extra work and costs.

So, given the disconnect between on-prem and cloud identity management, the concept of SSO and LDAP integration (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/sso-ldap-integration/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 315 posts and counting.See all posts by zach-demeyer