IDaaS Basics: Identity Management Service

By Cassa Niedringhaus Posted December 2, 2019

Today, just about anything is delivered “as-a-Service” — including identities. The as-a-Service model allows service providers to deliver myriad utilities to consumers and organizations as outsourced solutions, but we’ll examine the basics of Identity-as-a-Service (IDaaS) through a cloud identity management service.

With identities delivered as-a-Service, IT admins can grant one authoritative identity to each employee and centrally control those identities, thereby locking down their organizations’ security.

Identity-as-a-Service Defined

Through modern IDaaS, each employee has one authoritative identity they use to access most if not all company resources, regardless of vendor or platform. The same identity (i.e. username/password, SSH keys, MFA tokens, etc.) grants them access not only to their laptops or workstations but also to the office WiFi via RADIUS, applications (i.e. Salesforce®, GitHub, etc.), and file servers. Think of the identity as the gateway to company resources. 

Identities are not stored in multiple, independent silos but instead are stored in a central directory and provisioned to resources through an IDaaS platform.

However, this was not always the case. IDaaS previously referred to web application single sign-on solutions (SSO), which are not the comprehensive identity management solutions that exist in the IDaaS sphere today. Historically, first generation IDaaS solutions were built on top of the core identity provider, which lived on-prem.

The comprehensive Identity-as-a-Service solutions that exist today are key to organizational security.

Core Identity: Key to Cyber Security 

In most offices during the past two decades, IT admins provisioned user access through Microsoft® Active Directory® (AD). Users’ core credentials gave them access to their workstations, through which they accessed Microsoft-based, on-prem networks, servers, and applications.

Now, however, users need to access a vast array of non-Microsoft and cloud-based resources to do their jobs efficiently. The rapid expansion of these resources prompted some users to circumvent traditional IT processes to create their own, non-sanctioned accounts separate from their core AD identities, and the resulting shadow IT is a cyber security risk for enterprises.

If an employee replicates credentials for professional and non-sanctioned or personal (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Cassa Niedringhaus. Read the original post at: