Article: Identity as a Service (IDaaS)
What is IDaas?
Enterprises are embracing cloud and mobile technologies. As they do, they’re moving beyond traditional network boundaries and the capabilities of their legacy identity and access management (IAM) solutions.
Identity as a service (IDaaS) are SaaS-based IAM offerings that allow organizations to use single sign-on (SSO using SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications.
Gartner defines IDaaS as, “a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers core identity governance and administration (IGA), access and intelligence functions to target systems on customers' premises and in the cloud.”
Gartner states that the core aspects of IDaaS are:
- IGA: Provisioning of users to cloud applications and password reset functionality.
- Access: User authentication, SSO and authorization supporting federation standards such as SAML.
- Intelligence: Identity access log monitoring and reporting.
IDaaS for the digital enterprise
Basic IDaaS is the support of SaaS apps. It has proven to be effective for the small and medium business market, especially for “born in the cloud” organizations. But for IDaaS to be effective in the digital enterprise, it needs to have a broader application. Most enterprises have complex IT environments that include a mix of on-premises, IaaS, PaaS, and SaaS applications. In addition, enterprises typically use IDaaS to extend their existing IAM infrastructure. As a result, enterprise IDaaS providers must deploy solutions that can:
- Bridge to existing user directories (like AD) for authentication.
- Integrate with existing web access management (WAM) products to comply with access policy.
- Integrate with a diverse mix of non-SaaS enterprise applications in their data centers or hosted in a third-party data center such as AWS and Microsoft Azure.
- Provide access management for web, mobile and API environments.
IAM Best Practices for
Securing the Digital Enterprise
Enterprise IDaaS requirements
Five key capabilities are required to make enterprise IDaaS solutions possible:
Single Sign-on (SSO): With single sign-on employees, partners and customers obtain easy, fast and secure access to all SaaS, mobile and enterprise applications with a single authentication using corporate credentials.
Multi-factor Authentication (MFA): MFA typically includes adaptive authentication methods—options to step up as risk increases based on situational changes, user behavior or application sensitivity.
Access Security: Access security is policy-based access management for applications and APIs to enhance security beyond SSO.
Directory: While most enterprises prefer to integrate IDaaS with their existing user stores, they may use a cloud directory, especially to support customers and/or partners.
Provisioning: Through SCIM support and integration with on-premises provisioning, user data is synced with web and enterprise applications.