As the cloud services are getting penetrated to various domains, Identity Access Management as a Service (IDaaS) becomes an extremely important service to provide and control access to different services and to several users.
So the intent of the blog is to list down why IDaaS is required and what is expected out of it.
Identity Access Management as a Service is again a cloud based service and it is expected to manage credentials of various applications and for several users in a single place. It can be visualized as an extension to LDAP. Below lists down the reasons for adapting IDaaS.
MANAGE ACCESS TO ON PREMISE & CLOUD APPLICATIONS
The enterprises or individuals now-a-days use several applications most of which are cloud based services while the some of the applications are hosted on premise. Managing the credentials & access to each of those services/applications has become hectic.
- Most of the services signed up by an individual have the same password. When password to a service is hacked which becomes easy for the hacker to access all the other services
- When the passwords differ across services, it becomes difficult to remember all of those credentials.
- Most of us enter a wrong password when logging to a rarely used service – agreed?
- After two or three attempts, the immediate step is to try forgot password option
- Imagine forgot password option is charged for each and every attempt, then the service provider will earn more out of it
- Weak & Shared passwords are a serious problem in the industry
- Enterprises use applications that are internally developed or hosted on premise which also adds to the number of services used
When the number of services grow, it becomes difficult to manage the credentials for all of them and so becomes a need for IDaaS.
When an employee leaves the organization then it becomes difficult to revoke the access provided to them. Since IDaaS is the single point of user & access management for all the services, revoking or granting access to users become very easy.
SINGLE SIGN ON (SSO)
Though the passwords are same across the services, it requires the user to login exclusively to each of them. Consider an example of login to a google service; user need not login to each of the google services if the user has already logged in to any one of them. Login to Gmail allows access to Drive.
When we have several services from different service providers, login to each of them becomes difficult. IDaaS not only manages the credentials but also enables SSO.
Also it is expected that the users can login from any type of client – desktop browsers, mobile apps, APIs etc. Providing a unified login mechanism for all the users through different clients also hectic which is also been addressed by IDaaS.
ENFORCE EXTENSIVE ACCESS CONTROL (SECURITY)
As enterprises use multiple cloud services, managing the roles for each of their employees is very tedious. IDaaS allows the enterprises to sign-up to different services and provide access to the employees through a single channel.
Accesses to the services vary across the users and IDaaS enables the access control at granular levels. This enforces enhanced security in turn.
Activity monitoring is another capability of the IDaaS which will be an added advantage to monitor the activities of the users and generate reports out of it.
Consider an enterprise has 1000 employees; Subscribing to a service requires access to be provided to all 1000 employees which means at-least 1000 entries to made and managed.
Consider another example of recruiting 100 more employees; each of them may have to be provided access to the services in cloud or hosted on premise.
Consider all the employees are logging in to Identity management service at the same time; it should scale to support all the employees’ request with high performance.
The above examples narrate the need to have a scalable Identity Management service serving x number of users and y number of services without any degradation in performance.
Though IDaaS are helpful in managing the credentials and access to cloud and on premise services, it is required to have the services enable the identity and access management through APIs.
- Say for example if someone has to integrate Facebook into their application then it requires FB provide the options to access its pages/services through APIs or through plug-ins
Also it is recommended to evaluate the IDaaS service provider meets the above mentioned requirements before subscribing to them. There could be some more features provided by the IDaaS providers but the above said could be considered mandatory.