By Zach DeMeyer Posted November 12, 2019
While “as-a-Service” offerings continue to flood the software market, some are wondering about what Identity-as-a-Service (IDaaS) means.
IDaaS Through the Years
If you were to look up the dictionary definition of IDaaS, it would look something like this: IDaaS is identity and access management (IAM) software delivered on a subscription basis, as-a-Service from the cloud. This definition is an intuitive one; an identity and the access it requires being served up in an easy-to-use, cloud-hosted fashion is a great boon for IT in the modern era.
The longest-standing definition of IDaaS, however, is essentially that of a web app single sign-on (SSO) solution. SSO tools federate on-prem identities to cloud applications. When the introduction of the cloud caused a shift in applications to the web, on-prem identity providers (IdPs), such as Active Directory® (AD), struggled to authenticate access to them. SSO tools filled this need by leveraging the SAML protocol, subsequently creating this widely-accepted definition of IDaaS in the process.
Diving Deeper into IDaaS
Although the SSO-centric definition is the most popular iteration of the meaning of IDaaS, it isn’t necessarily the most correct one. Using the holistic “dictionary” definition, IDaaS as a term can apply to several solutions around the IAM industry.
Obviously, SSO deserves to be a part of this list. Unfortunately, the reach of an identity expands much further than just access to web applications.
One such facet is systems. On-prem IdPs, namely AD, authenticate access to Windows® systems. AD struggles with system authentication outside of the Windows OS, especially in regard to macOS® and Linux® endpoints.
Organizations based around Active Directory with mixed-platform environments turn to identity bridges to fill this need. Identity bridges assimilate non-Windows systems into an AD domain, making life easier for admins who are trying to do so manually. In that regard, identity bridges function as an IDaaS solution as well, as they extend identities from AD into resources outside of the domain and can be leveraged from the cloud.
Taking a big step back, (Read more...)