Microsoft Azure Active Directory
From small businesses to large enterprises, organizations today require a solid foundation for their Identity and Access Management (IAM) services. These services are increasingly delivered as cloud services or IDaaS (Identity as a Service). Microsoft Azure Active Directory (Azure AD) provides Directory Services, Identity Federation, and Access Management from the cloud in a single integrated solution with extensive integration opportunities.
The IDaaS market has evolved over the past few years and is still growing, both in size and in the number of vendors. However, under the umbrella term of IDaaS, we find a variety of offerings. IDaaS, in general, provides Identity & Access Management capabilities as a service, ranging from Single Sign-On to full Identity Provisioning for both on-premise and cloud solutions. These solutions also vary in their support for different groups of users - such as employees, business partners, and customers - their support for mobile users, and their integration capabilities back to on-premise environments.
In order to more effectively manage identities, organizations implement access controls and govern access rights. This provides a consistent approach to support the processes and workflows involved, irrespective of the service being used while also being scalable to meet the challenges of digital transformation. It must also coexist and integrate with existing on-premise and cloud-based Identity and Access Management (IAM) processes and tools since it is not practical to rip and replace these.
Identity as a Service (IDaaS) provides a solution to these challenges by delivering traditional IAM services as a cloud service. IDaaS solutions offer cloud-ready integrations to extend an organization’s IAM controls to meet the security requirements of their SaaS portfolio. From a business perspective, IDaaS enables organizations to manage and control access to a diverse range of cloud services in a consistent manner, securely and with lower costs.
From a user perspective, IDaaS makes it easier to get access to the data and applications that they need from whatever device they are using and wherever they happen to be. By providing single sign-on, they don’t need to remember multiple account credentials. Common policies and administration help to limit risks from excessive privileges or outdated access rights to applications.
IDaaS vendors originate from different backgrounds, and their abilities to support different IDaaS use-cases can vary significantly. The capabilities served by most IDaaS vendors can broadly be grouped into three categories. Identity Administration - the capabilities required by organizations to administer the lifecycle of identities. Access Management – capabilities are ranging from authentication, authorization, single sign-on, and identity federation for both on-premises and SaaS applications delivered as a cloud service. Access Governance – capabilities for auditing and enforcing compliant access entitlement are the least mature and largely absent from the portfolio of most IDaaS vendors.
As well as replacing traditional on-premises deployments for workforce IAM, IDaaS is becoming an enabler of Consumer Identity and Access Management (CIAM) by offering the required availability and scalability. With IDaaS now dominating new IAM purchases, many use-cases across the industry verticals, and traditional IAM vendors are gearing up to deliver more cohesive IDaaS capabilities as part of their security services.
IDaaS offers a springboard for most organizations to start using foundational IAM elements delivered from the cloud and move the rest of the IAM functions as they find it appropriate and at a pace that matches the organizational security maturity and cloud strategy. The IDaaS market, with its ease of adoption and cloud-native integrations, is slowly overtaking the on-premises IAM market.