User-Centric Directory Services; Bringing Active Directory into the Cloud Era

December 1st, 2014   /     /   Smarter Identity

After partaking in the U.S. Thanksgiving tradition and feeling a bit bloated, I started thinking about Active Directory and cloud applications.

If you’re thinking of creating a unified or federated Directory for your organization to support both your on-premise applications, and the multi-tenant SaaS applications you’re transitioning to, you’ll need to address how you pull everything together. We all know Microsoft Active Directory is the big gorilla on-prem, so if you’re planning to keep it you must have the best Active Directory integration between this on-prem user store and your cloud identity provider to bridge these environments.

In looking back at 15 years of AD history, we can all appreciate the level of change that has occurred. What we have today is the amalgamation of efforts from numerous administrators over time, who have all interpreted how best to rollout AD and manage these systems. Is there bloat and complexity (i.e. too many Groups) —- Yes. Is it time to evaluate those requirements that will best support your cloud initiatives —- Yes.

The questions arise:
- Is the structure of your Active Directory flexible enough to support today’s dynamic cloud application architectures?
- How are you going to map disparate data structures, custom attributes, and who knows what else, into a universal identity management solution?
- Would a more flexible middleware infrastructure or federated directory represent the path forward?

OneLogin has taken a user-centric approach, mapping Role and Group attributes to Users while still leveraging existing AD Groups in the process. This accelerates implementation and results in a cloud directory tuned to meet today’s SaaS requirements. Ultimately, we’ve flattened the data structure without losing context, which correlates to improved performance, scalability and capacity to support complex scenarios.

With OneLogin:
- Cloud apps are added to your company application list (from our list of over 4,000+ supported apps)
- Departmental administrators are added to Groups
- Cloud apps are mapped to Roles
- Users are imported from AD
- Users are mapped to Roles by their AD Groups i.e. you preserve groups, add flexibility and increase performance
- Users can then begin signing into their apps.

OneLogin provides the next-generation cloud directory that essentially extends your Active Directory investments across all your end user applications and devices, and streamlines the provisioning and onboarding process. For more details on OneLogin’s Active Directory Connector, read here.

About the Author

Chip Epps joined OneLogin in 2014 to help advance cloud security initiatives and the evolution of identity and access management. Having worked previously at Symantec, Trend Micro, and Websense he focused on securing virtual data centers and implementing SaaS-based compliance solutions. Prior to a career in security, Chip worked at Peregrine Systems (now HP), promoting ITSM and service management within a dynamic IT environment.

View all posts by Chip Epps