The goal of IDaaS, as with a traditional identity and access management solution, is to determine that a user is who they claim to be and then grant access to applications once the user has been authorized. However, with current trends of a more mobile workforce and the proliferation of SaaS apps such as Salesforce.com, managing identities is much more complex and costly than it used to be.
Identity as a Service allows an organization to let a specialized third-party vendor manage the operational nuts and bolts of an identity and access management solution, saving administrative overhead for the organization because there is no longer a need to manage infrastructure, provide security, install and upgrade software, back up data, etc.
Types of IDaaS
From a user's point of view, IDaaS provides similar capabilities to an on-premises deployment of identity and access management, assuming the user has access to the IDaaS cloud solution. The biggest difference is that IDaaS is hosted in the cloud by a third-party provider, which allows users to securely access their account from anywhere via different devices. This is done through a combination of single sign-on, multi-factor authentication and directory solutions.
There are many different types of IDaaS solutions. Some IDaaS providers support only one piece of the puzzle (e.g., providing only a directory) while other IDaaS providers deliver a more comprehensive suite of functionality encompassing multiple pieces of the puzzle (e.g., combined SSO, MFA and directory).
In addition to these different configurations of IDaaS solutions, different categories of IDaaS cater to different end users.
Basic IDaaS usually supports SSO into SaaS apps and provides the aforementioned benefits, which tends to work well for small- and medium-sized businesses and those organizations that were "born in the cloud." Organizations of these type and size do not usually have their own on-premises IT infrastructure to worry about and they are usually large consumers of SaaS apps. Multi-factor authentication can be used for increased security, and a cloud directory stores user data and credentials. Thus, basic IDaaS solutions can provide all the functionality needed for these businesses.
Basic IDaaS solutions also tend to have more streamlined interfaces, often including set-up wizards so that administrators can more easily solve less complex administrative use cases.
Enterprise IDaaS is more robust due to the more complex IT environments that almost always exist in larger and older enterprises. Since larger enterprises have a variety of legacy apps, existing IAM tools and many different directories, an enterprise IDaaS solution should be able to bridge to existing directories and integrate with non-SaaS enterprise applications hosted on premises or in a private cloud. This is necessary because connecting to SaaS apps only still requires separate sign-ons for the other, on-premises apps--a partial SSO solution at best.
The connectors, bridges and integrations provided by IDaaS solutions for enterprises allows for a more comprehensive solution. This additional functionality comes hand in hand with more fine-grained administrative controls to better customize solutions to an enterprise's specific needs.
IDaaS: An IAM solution with the benefits of an as-a-service offering
IDaaS comes in many different flavors for different situations and helps organizations save money and time while taking advantage of specialized IT expertise. It enables users to securely and easily access needed apps on a variety of devices while on the go or at the office.
To learn more about how large enterprises can benefit from the cloud, read up on Ping Identity's Agile Identity Services.