What is Identity As a Service (IDaaS)?
Enterprises are embracing cloud and mobile technologies. As they do, they’re moving beyond traditional network boundaries and the capabilities of their legacy identity and access management (IAM) solutions.
Identity as a service (IDaaS) is a SaaS-based IAM offering that allows organizations to use single sign-on (SSO using SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications.
Gartner defines IDaaS as, “a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers core identity governance and administration (IGA), access and intelligence functions to target systems on customers' premises and in the cloud.”
Gartner states that the core aspects of IDaaS are:
- IGA: Provisioning of users to cloud applications and password reset functionality.
- Access: User authentication, SSO and authorization supporting federation standards such as SAML.
- Intelligence: Identity access log monitoring and reporting.
IDaaS for the digital enterprise
Basic IDaaS is the support of SaaS apps. It has proven to be effective for the small and medium business market, especially for “born in the cloud” organizations. But for IDaaS to be effective in the digital enterprise, it needs to have a broader application. Most enterprises have complex IT environments that include a mix of on-premises, IaaS, PaaS, and SaaS applications. In addition, enterprises typically use IDaaS to extend their existing IAM infrastructure. As a result, enterprise IDaaS providers must deploy solutions that can:
- Bridge to existing user directories (like AD) for authentication.
- Integrate with existing web access management (WAM) products to comply with access policy.
- Integrate with a diverse mix of non-SaaS enterprise applications in their data centers or hosted in a third-party data center such as AWS and Microsoft Azure.
- Provide access management for web, mobile and API environments.
-
white paper
API-first IDaaS for Development Teams
Another way enterprises can leverage IDaaS is through API-first developer platforms. Often used for customer identity and access management (CIAM), these platforms expose all IDaaS capabilities through APIs. This approach allows enterprises to give their development teams a common IDaaS platform that makes it easy for them to embed identity services into their applications. It’s also important to ensure these platforms can meet broader enterprise requirements across all of their applications with:
A focus on security and reliability.
Support for common identity standards (OAuth, OpenID Connect, SAML).
Integrations that allow for coexistence with their on-premises identity infrastructure.
The ability to model their existing identity architecture in the IDaaS platform.
Enterprise IDaaS requirements
Five key capabilities are required to make enterprise IDaaS solutions possible:
Single Sign-on (SSO): With single sign-on employees, partners and customers obtain easy, fast and secure access to all SaaS, mobile and enterprise applications with a single authentication using corporate credentials.
Multi-factor Authentication (MFA): MFA typically includes adaptive authentication methods—options to step up as risk increases based on situational changes, user behavior or application sensitivity.
Access Security: Access security is policy-based access management for applications and APIs to enhance security beyond SSO.
Directory: While most enterprises prefer to integrate IDaaS with their existing user stores, they may use a cloud directory, especially to support customers and/or partners.
Provisioning: Through SCIM support and integration with on-premises provisioning, user data is synced with web and enterprise applications.
