Fundamentals: Cloud ID Management
Cloud ID Management
Identity management is tricky business, and that’s especially the case for cloud and SaaS applications. Users often create their own logon credentials to business-related cloud applications. This can lead to a variety of problems, including the use of easy-to-crack passwords and the difficulty of cutting off access when users leave the company.
So how do you build an identity management framework for all your cloud applications? There are four choices, all of which involve Active Directory (or another LDAP-compliant directory). AD should be at the heart of your cloud ID management strategy. Leveraging AD to manage access to cloud apps addresses a number of security, risk and compliance issues. It also reduces the administrative burden of adding and removing users, facilities the deployment of single sign-on and lets you do interesting things with role-based authentication.
The four approaches you can use for managing access to the cloud are either full or partial Active Directory synchronization, federation or identity-as-a-service. Here’s how they work, and the upsides and downsides of each option. (S5981012)