How to Integrate Identity as a Third-Party Service

21 Comments / BLOG, CYBER SECURITY / By

There are many third-party vendors that offer identity services that complement your existing identity store. For example, Ping Identity provides an identity platform that you can integrate with your on-premises directory (such as Active Directory) and your public cloud services (such as Microsoft Azure or Amazon AWS). Third-party identity services can help manage identities both on premises and in the cloud:

 

  • On premises. To work with your existing solutions and help manage identities on premises, identity services often put servers, appliances or services on your internal network. This ensures a seamless integration and provides additional features, such as single sign-on. For example, you might integrate your Active Directory domain with a third-party identity provider and thereby enable certain users to authenticate through the third-party identity provider for SSO.

 

    • Cloud. Organizations that want to take advantage of software-as-a-service (SaaS) and other cloud-based applications need to also manage identities in the cloud. Some of them choose identity federation — they federate their on-premises authentication system directly with the cloud providers. But there is another option: using a cloud-based identity service, such as Microsoft Azure Active Directory or Amazon AWS Identity and Access Management. There are some pros with using a cloud-based identity service:
        • You can have identity management without managing the associated infrastructure.
        • You can quickly start using a cloud-based identity service, typically within just a few minutes.
        • Cloud-based identity services are relatively inexpensive.
        • Cloud-based identity services offer services worldwide, often in more places and at a bigger scale than most organizations can.

 

    • The cloud provider often offers features not commonly found in on-premises environments. For example, a cloud provider can automatically detect suspicious sign-ins attempts, such as those from a different type of operating system than normal or from a different location than usual, because they have a large amount of data and can use artificial intelligence to spot suspicious logins.
        • For services in the cloud, authentication is local, which often results in better performance than sending all authentication requests back to an on-premises identity service.
          You also need to be aware of the potential downsides:

          • You lose control of the identity infrastructure. Because identity is a critical foundational service, some high-security organizations have policies that require complete control over the entire identity service. There is a risk in using an identity service in a public cloud, although the public cloud can sometimes be as secure or more secure than many corporate environments.
          • You might not be able to use only the cloud-based identity service. Many companies have legacy apps and services that require an on-premises identity. Having to manage an on-premises identity infrastructure and a cloud-based identity system requires more time and effort than just managing an on-premises environment.

 

    • If you want to use all the features of a cloud identity service, the costs rise. On-premises identity infrastructures are not expensive compared to many other foundational services such as storage or networking.

 

    • There might be a large effort required to use a cloud-based identity service. For example, you need to figure out new operational processes. You need to capture the auditing and log data and often bring it back to your on-premises environment for analysis. You might have to update, upgrade or deploy new software and services. For example, if you have an existing multi-factor authentication solution, it might not work seamlessly with your cloud-based identity service.

 

    • Federated. Federation enables your organization to use their existing identities (such as those used to access your internal corporate systems) to access systems and resources outside of the company network. For example, if you use a cloud-based HR application on the internet, you can configure federation to enable employees to sign into the application with their corporate credentials. You can federate with vendors or partners. Federating between two organizations involves an agreement and software to enable your identities to become portable (and thus usable based on who you federate with). Federation typically provides the best user experience because users don’t have to remember additional passwords or manage additional identities.
      Other key facts about third-party identity services include:

        • Often, you still need an on-premises directory service.
        • Many third-party identity services started off as solutions for web-based applications. They have since to cover other use cases but still can’t be used for many day-to-day authentication scenarios. For example, most of them can’t authenticate users to their corporate laptops.
        • Third-party identity services often offer single sign-on, multi-factor authentication and meta-directory services (pulling data from multiple directories into a single third-party directory).
        • Many of the offerings are cloud-based, with a minimal on-premises footprint.
        • Third-party identity services typically support SAML, OpenID Connect, WS-Federation, OAuth and WS-Trust.

 

Learn More:

21 thoughts on “How to Integrate Identity as a Third-Party Service”

  1. john wick

    Way cool! Some extremely valid points! I appreciate you penning this post plus the rest of the website is very good. Editha Elihu Christean

    Reply
  3. 720p

    It as not that I want to replicate your web page, but I really like the layout. Could you tell me which theme are you using? Or was it especially designed? Adora Rickie Marjory

    Reply
  4. watch

    Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. Robbie Cris Kline

    Reply
  5. netflix

    Fine way of telling, and pleasant piece of writing to take data about my presentation focus, which i am going to convey in university. Henka Wendall Martinson

    Reply
  8. yabanci

    Hi to all, how is all, I think every one is getting more from this website, and your views are good for new visitors. Scarlett Westley Honig Kelli Cam Renfred

    Reply
  10. Delora Motorcycle Oil

    I beloved as much as you will obtain carried out proper here. The comic strip is tasteful, your authored subject matter stylish. however, you command get bought an edginess over that you want be turning in the following. unwell surely come further beforehand again since precisely the similar nearly a lot frequently within case you shield this hike.

    Reply
  11. Dominick- Laminator

    I used to be recommended this website through my cousin. I’m not certain whether this publish is written through him as nobody else realize such special approximately my difficulty. You are wonderful! Thank you!|

    Reply
  12. Dylan

    An outstanding share! I have just forwarded this onto a colleague who was doing a little research on this. And he actually bought me lunch because I discovered it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanks for spending time to discuss this subject here on your web page.|

    Reply
  13. Ashely

    Hello there, just became aware of your blog through Google, and found that it’s truly informative. I am going to watch out for brussels. I will be grateful if you continue this in future. Lots of people will be benefited from your writing. Cheers!

    Reply
  14. Mercedez

    The next time I read a blog, Hopefully it doesn’t fail me as much as this one. After all, I know it was my choice to read, however I actually thought you would probably have something interesting to say. All I hear is a bunch of crying about something that you could fix if you were not too busy seeking attention.

    Reply
  15. Maryann- Ultrasonic Repeller

    You must take part in a competition for among the most effective blogs online. I will recommend this website!

    Reply
  16. Wai- India

    Your style is so unique in comparison to other people I’ve read stuff from. Many thanks for posting when you have the opportunity, Guess I’ll just book mark this web site.

    Reply
  17. Taylor

    Hello there! This post couldn’t be written any better! Reading through this post reminds me of my good old room mate! He always kept talking about this. I will forward this post to him. Fairly certain he will have a good read. Many thanks for sharing!

    Reply
  18. Tim Pest Control

    It’s actually a cool and helpful piece of information. I’m glad that you shared this useful information with us. Please stay us informed like this. Thanks for sharing.

    Reply
  19. Angel Laminator

    A fascinating discussion is worth comment. I do believe that you ought to write more on this topic, it might not be a taboo subject but usually people don’t talk about such topics. To the next! Cheers!!

    Reply
  20. Chante Chiropractic

    Aw, this was an extremely nice post. Spending some time and actual effort to make a good article… but what can I say… I hesitate a whole lot and don’t manage to get nearly anything done.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!