IDaaS: Identity as a service, what does it mean?

Seem like we have Everything as a Service now (Software, Platform, Infrastructure…), so what does one of the more recent ones, ‘Identity as a Service’, mean? Well the ‘as a Service’ tail means that something that you used to build, run, support and maintain in-house is now provided as a utility, in the same way you get electricity, water and phone service. Or for new companies it means starting with these as utilities in the first place. Why has this become popular? Because of the predictable cost and quality of service. Really it makes perfect sense, no company would ever think about producing its own electricity, but every company seems to have its own in house software department; ultimately that can’t last. One can even imagine a future where IT departments no longer exist.

So what does IDaaS mean? Rather than discussing in the abstract lets imagine a new, ‘born in the cloud’, business. They need: –

  • A Sales support
  • Marketing support
  • Benefits management
  • Payroll
  • Employee expense management
  • Accounting

All of these services are available on the Internet. But there is one piece missing; it rapidly becomes impossible to keep track of all the different user names and passwords that all the employees need to access these services. When a new hire arrives we have to create many accounts for them, when they change roles we have to change their roles in the applications and when they leave we have to disable their accounts. We need an identity system.

What would this identity system look like? It would be one place where an admin (our sole IT person) would go to add, modify and remove user accounts. When a new sales person starts they get added to the system, then placed in the ‘sales’ group. Now they will have access to the sales system as well as the expense, benefits and payroll system. And of course we don’t want to run it ourselves (we don’t own any servers or racks to put them in) – hence ‘Identity as a Service.’
Another interesting use case for IDaaS is controlling logons and policies for laptops, tablets, smart phones etc. In this case we want to make people log into those device in some way so that access to the applications and data on them is centrally controlled. Our born in the cloud enterprise will want their IDaaS provider to provide this feature too.

So what are the pieces of an IDaaS.

  • A database of users, passwords, groups
  • Services allowing users to login, maintain their accounts, reset their passwords etc. And manager to manage them.
  • A ‘glue’ system for connecting all the services we use to that database
  • More ‘glue’ to automatically manage users inside the services
  • Yet more ‘glue’ to connect this identity system to the device that my users use

I have covered some of these in prior posts.

Different vendors cover different parts of this list of requirements. Given that I work for a company that does IDaaS you would expect me to mention that we cover a large portion of this space; and in fact we do.

  • Our Centrify User Service provides the user identity database
  • Our end user portal provides the self service management
  • Our management web portal provides the management and monitoring tools
  • We provide Saas integration into lots and lots of applications
  • We will shortly ship user provisioning for Office 365 , to be closely followed by provisioning for other major applications
  • And we provide device integration for Mac, iOS, Android and Windows 8

I hope this posting has helped clarify IDaaS and the things you need to look for in a solution.