Is Universal Directory a Replacement for AD? - Security Boulevard

Is Universal Directory a Replacement for AD?

By Cassa Niedringhaus Posted November 27, 2019

Is Okta® Universal Directory (UD) a replacement for Microsoft® Active Directory®? The latter has been a fixture in the IT landscape for almost two decades now, and replacing it requires forethought and planning.

Whether UD can work for your organization is ultimately up to you and your individual requirements, which will vary based on organization type and industry. Still, there are certain fundamental capabilities a core directory service should offer if it’s up to the task of fully replacing Active Directory. We’ll focus on those capabilities in this post as a baseline for evaluation, to which you can then add industry- and environment-specific factors.

Active Directory has historically done three things well inside on-prem, Windows®-based networks: authenticate, authorize, and manage users and systems. In a traditional domain, end users could enter their credentials into a Windows laptop or desktop and access whatever they needed on the Windows network. Today, non-Windows and cloud offerings challenge AD’s model, and it would be advantageous for its replacement to connect all major operating systems and cloud resources.

To replace Active Directory in modern environments, IT admins should look for the following capabilities and features in a new directory service: 

  • Cloud-hosted and secure
  • Support for systems, applications, files, and networks
  • Authentication
  • Authorization
  • Management

Cloud-Hosted and Secure

Active Directory isn’t delivered via Software-as-a-Service, but most IT organizations are moving to cloud offerings in which they can shift the heavy lifting of running the service to a responsible third party. In fact, a RightScale report highlighted that the vast majority of enterprises have a multi-cloud strategy.

A cloud approach to directory services allows IT admins to avoid the hassle of configuring and maintaining on-prem infrastructure (and getting locked into Client Access Licenses). It also allows them to take an agile and contemporary approach to connecting users to their resources. 

However, IT admins often feel that internal control offers more security, so a third-party provider needs to prove its mettle on the security front, including submitting to third-party assessments and implementing strong data and network (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Cassa Niedringhaus. Read the original post at: