Okta (previous coverage here) is today joining other cloud-based SSO offerings and releasing an edition designed to integrate single sign on into Active Directory to bridge the authentication gap between on-premise and cloud software. The move is a tacit admission of the fact that, for better or worse, most enterprises rely on Microsoft’s Active Directory to control access to on-premise applications. Traditionally, to integrate a cloud application with Active Directory, IT had to build a custom solution, the new breed of cloud-based SSO product such as Horizon from VMware or OneLogin are changing this and allowing SSO across on-premise and cloud apps consistent with their existing directory service.
In today’s enterprise, it’s standard for employees to access a range of both online and on-premise services from multiple devices. As such, safeguarding their identities is critical. Employee usernames and passwords for all of these services can easily become the weak link to company’s security defenses. If usernames and passwords are compromised, many measures that corporations are literally spending millions and millions of dollars to secure become useless.
In terms of functionality, Directory Integration allows IT to integrate cloud apps to the company’s on-premise directory. There are more than 1,000 cloud apps that come pre-integrated in the Okta Application Network so most use cases should be provided for. The video below shows how the Active Directory integration works;
Of course Okta isn’t alone providing for Active Director integration, OneLogin already supports AD as well, in their case they support;
- Active Directory – real-time user sync, authentication
- LDAP – periodic user sync, authentication
- Google Apps – periodic user sync, authentication
- SaaS apps – use apps like Workday and Salesforce as your directory, periodic user sync