Old Dog, New Tricks: Modernizing Identity for On-Prem Apps

Fun fact: in 2006, Forrester Research estimated that 90% of CRM sales were on-premises instances.1.

That means ninety percent of CRM users had to deal with more than just a messy customer database – they had to deal with the hosting, the humans, and the hardware necessary to host the application.

In 2006, Salesforce.com’s trailing twelve month revenue wasn’t anything to scoff at – it was nearing half-a-billion dollars. Today, of course, that figure is more like $14B – and they’re still growing at 25%+ YoY.

David Bowie - Master of Changes Master of Ch-Ch-Ch-Ch-Changes, David Bowie.
By Photographer: Photobra|Adam BielawskiDerivative work: Y2kcrazyjoker4 – David-Bowie_Chicago_2002-08-08_photoby_Adam-Bielawski.jpg, CC BY-SA 3.0, 


But change is constant, as Heraclitus wisely explained 2,500 years ago: “No man ever steps in the same river twice, for it’s not the same river and he’s not the same man.”

Often, replacing aging on-premises applications with Software-as-a-Service alternatives makes sense. Think Oracle CRM vs. Salesforce.com. Go find a head of marketing that wants to replace their Salesforce instance with Oracle CRM. I’ll wait.

Sometimes, there isn’t a suitable cloud alternative to an on-prem app. Or the change management of replacing an on-prem app with a cloud app is not worth tackling quite yet. Or incredibly complex internal workflows are dependent on these on-prem apps. Think Oracle eBusiness Suite. Or Peoplesoft. Or an on-prem instance of JIRA or Confluence.

Some of these apps aren’t going away any time soon. And that’s okay.

If You Can’t Take Your Apps to the Cloud…

Now, if you can’t take some of these apps to the cloud, what if you can take the cloud to them?

This philosophy is gaining traction, as seen in developments like Amazon Outposts, where users can run AWS infrastructure on-premises with an integrated hardware rack that runs native AWS or VMware environments to connect to Amazon’s public cloud.

The problem with some legacy apps, despite their robust functionality and wait-long-enough-and-the-old-becomes-new retro user interfaces (who doesn’t have a soft spot in their heart for Windows 98 era graphics?), is that they simply don’t cut the 2019 mustard in a few key areas:

  • Difficult or impossible to use contemporary authentication: Talk to anyone that has configured Single Sign-On (SSO) for a few of these legacy apps, and you’re sure to hear some painful war stories. When it comes to modern authentication functionality, ranging from federation, to SSO, to MFA, you either need a team of experts, a great deal of luck, and/or to be in the favor of the IT gods.

  • Outdated security: The inflexibility of many legacy web access management solutions’ infrastructures prevents organizations from keeping up with modern security needs and associated technologies. For example, many organizations implemented RSA SecurID years ago, and as a result, are unable to integrate more modern security solutions like Google Authenticator, security event streaming, or Adaptive Authentication.

  • Vulnerability due to complexity: The infrastructures of legacy SSO solutions are also so complex that IT admins are often reluctant to make changes to them after deployment. IT admins who make alterations outside of the boundaries of the initial deployment run the risk of breaking the system or inadvertently creating security holes.

There’s Got to be a Better Way!

Of course, there are access management offerings purpose-built to address hybrid Identity and Access Management needs, centralizing Identify and Access Management (IAM) for cloud and on-prem apps.

But, maybe you’re not quite ready for that project. After all, in the world of IT and security, there are always competing priorities, resource constraints, and the whim of the business that requires strategic shifts.

What if you could tackle a key on-prem application first? An app that was widely used, full of sensitive data, not going anywhere any time soon, and not exactly modern in its authentication flexibility – and bring the benefits of modern identity and access management to it?

Old Dog needs to learn new tricksThis on-prem dog is ready to learn some cloud tricks.
By Bensbro – Own work, CC BY-SA 4.0,

Modern Identity for Legacy Apps: Old Dog, New Tricks

With our new app security offerings, you have the opportunity to identify an individual application – cloud or on-prem – that you want to protect with OneLogin Multi-Factor Authentication.

Rapid Deployment

Deployments are measured in minutes, not months with templatized solutions to integrate with common on-prem apps like Oracle eBusiness Suite, Peoplesoft, Atlassian Confluence, and JIRA.

Bring your own directory: OneLogin MFA integrates with all user directories for simple configuration. Use the OneLogin cloud directory or connect to your existing directories and HR systems. OneLogin works with Active Directory, Azure AD, LDAP, Workday, Namely, UKG, Okta, and more.

Leading-Edge Security

Extend modern authentication capabilities to on-prem apps, including meaningful security that won’t slow you down in the form of Adaptive Authentication – risk analysis powered by machine-learning and customizable access policies.

Simple Management

Simple user administration. Administrate from anywhere with our responsive, web-based admin portal. Built-in automation, best practices, and training are provided — no servers or CS degrees required.

Brave New World: Login to EBS with Face ID?!

Modernizing authentication for legacy on-prem apps unlocks a brave new world of possibilities.

Who would have predicted back in 2007 that one day you would have the option to authenticate to Oracle eBusiness Suite with your face?! Leveraging modern functionality like identity federation and WebAuthN means you can do precisely that. And we’re just getting started…

Sounds Great – Where Can I Learn More?

Learn more about how OneLogin is modernizing identity and security for legacy on-premises apps as well as SaaS apps.

1 CRM market to grow steadily, Forrester study says, SearchCRM.com, Nov. 1 2006

About the Author

Michael Gleason

Michael Gleason currently serves as OneLogin’s Director of Product Marketing. With a background in taking inventive IT & security offerings to market, Michael has held strategic go-to-market roles within the Cisco Cloud Security Group, CloudLock (acquired by Cisco), and SSH Communications Security.

Related Articles