ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    What do you use as an identity provider?

    Scheduled Pinned Locked Moved IT Discussion
    26 Posts 8 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1337
      last edited by 1337

      What do you use as an identity provider for all different logins the users have?

      I mean if the users have 20 different web apps, they don't really want to login with different usernames, passwords, OTP etc for every one of them. But perhaps that is what most people do?

      If you use an identity provider are users using that to logging on their workstation as well? Also VPNs perhaps if that is in use?

      I'm trying to figure out what options are commonly deployed, if any.

      1 Reply Last reply Reply Quote 1
      • V
        VoIP_n00b
        last edited by VoIP_n00b

        JumpCloud’s SSO goes beyond application access to provide a single identity that can access any IT resource, from applications to devices, networks and more. Backed by a robust Directory Platform, you can onboard, offboard, and manage the lifecycle of every user with a single set of credentials. With one identity per user, you can easily provision and deprovision user access to devices (MacOS, Windows, and Linux), on-premise applications, networks and VPN, and servers from a single, secure console.

        https://jumpcloud.com/platform/single-sign-on

        1 nadnerBN 2 Replies Last reply Reply Quote 0
        • 1
          1337 @VoIP_n00b
          last edited by

          @VoIP_n00b said in What do you use as an identity provider?:

          JumpCloud’s SSO goes beyond application access to provide a single identity that can access any IT resource, from applications to devices, networks and more. Backed by a robust Directory Platform, you can onboard, offboard, and manage the lifecycle of every user with a single set of credentials. With one identity per user, you can easily provision and deprovision user access to devices (MacOS, Windows, and Linux), on-premise applications, networks and VPN, and servers from a single, secure console.

          https://jumpcloud.com/platform/single-sign-on

          Thanks. Are you using it as well?

          Have you integrated JumpCloud with M365 or Google Workspace or whatever you might use?

          DashrenderD 1 Reply Last reply Reply Quote 0
          • nadnerBN
            nadnerB @VoIP_n00b
            last edited by

            @VoIP_n00b said in What do you use as an identity provider?:

            JumpCloud’s SSO goes beyond application access to provide a single identity that can access any IT resource, from applications to devices, networks and more. Backed by a robust Directory Platform, you can onboard, offboard, and manage the lifecycle of every user with a single set of credentials. With one identity per user, you can easily provision and deprovision user access to devices (MacOS, Windows, and Linux), on-premise applications, networks and VPN, and servers from a single, secure console.

            https://jumpcloud.com/platform/single-sign-on

            There is so much marketing fluff speak in that.
            Did you just copy and paste from the propaganda page?

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • nadnerBN
              nadnerB
              last edited by

              Azure AD is one worth considering.
              Everyone seems to offer some level of integration.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @1337
                last edited by

                @Pete-S said in What do you use as an identity provider?:

                @VoIP_n00b said in What do you use as an identity provider?:

                JumpCloud’s SSO goes beyond application access to provide a single identity that can access any IT resource, from applications to devices, networks and more. Backed by a robust Directory Platform, you can onboard, offboard, and manage the lifecycle of every user with a single set of credentials. With one identity per user, you can easily provision and deprovision user access to devices (MacOS, Windows, and Linux), on-premise applications, networks and VPN, and servers from a single, secure console.

                https://jumpcloud.com/platform/single-sign-on

                Thanks. Are you using it as well?

                Have you integrated JumpCloud with M365 or Google Workspace or whatever you might use?

                If you have azure AD or Google Workspace, why bother with Jumpcloud?

                1 1 Reply Last reply Reply Quote 0
                • 1
                  1337 @Dashrender
                  last edited by 1337

                  @Dashrender said in What do you use as an identity provider?:

                  @Pete-S said in What do you use as an identity provider?:

                  @VoIP_n00b said in What do you use as an identity provider?:

                  JumpCloud’s SSO goes beyond application access to provide a single identity that can access any IT resource, from applications to devices, networks and more. Backed by a robust Directory Platform, you can onboard, offboard, and manage the lifecycle of every user with a single set of credentials. With one identity per user, you can easily provision and deprovision user access to devices (MacOS, Windows, and Linux), on-premise applications, networks and VPN, and servers from a single, secure console.

                  https://jumpcloud.com/platform/single-sign-on

                  Thanks. Are you using it as well?

                  Have you integrated JumpCloud with M365 or Google Workspace or whatever you might use?

                  If you have azure AD or Google Workspace, why bother with Jumpcloud?

                  You mean if you paid for M365 then you're already using Azure AD as your identity provider in which case JumpCloud serves no purpose?

                  I'm not 100% clear what capabilities each system have but I would guess that dedicated identity platforms such as JumpCloud, Okta, Onelogin etc are more mature, sophisticated and has more features.

                  I don't know if Azure AD would make sense as a standalone service, without users being on M365 or having Windows infrastructure in general.

                  DashrenderD scottalanmillerS 3 Replies Last reply Reply Quote 2
                  • DashrenderD
                    Dashrender @1337
                    last edited by

                    @Pete-S said in What do you use as an identity provider?:

                    I don't know if Azure AD would make sense as a standalone service, without users being on M365 or having Windows infrastructure in general.

                    I'll agree with you there - which is why I said - IF you have M365 or Google Workspace already....

                    If you don't, yeah, I likely wouldn't look to them as a basis for an identity provider, but if you already have them.... As I've done zero research - I have no clue what OKTA or DUO, etc bring to the table.

                    1 1 Reply Last reply Reply Quote 0
                    • 1
                      1337 @Dashrender
                      last edited by

                      @Dashrender said in What do you use as an identity provider?:

                      @Pete-S said in What do you use as an identity provider?:

                      I don't know if Azure AD would make sense as a standalone service, without users being on M365 or having Windows infrastructure in general.

                      I'll agree with you there - which is why I said - IF you have M365 or Google Workspace already....

                      If you don't, yeah, I likely wouldn't look to them as a basis for an identity provider, but if you already have them.... As I've done zero research - I have no clue what OKTA or DUO, etc bring to the table.

                      What do you guys do at your place?

                      jt1001001J DashrenderD 2 Replies Last reply Reply Quote 0
                      • jt1001001J
                        jt1001001 @1337
                        last edited by

                        @Pete-S Old job we used Azuer AD exclusively because we were already in that space; no need for a'Third party" provider. We did review Okta as it integrated with on premise AD, and liked it but why spend extra $$ since we had to get E5 licenses already for other reasons. If you have a lower license teir Okta may make sense as its I think US$6/user/month if I remember correctly.
                        Haven't started new job yet so I don't know what system they're using.

                        1 1 Reply Last reply Reply Quote 1
                        • 1
                          1337 @jt1001001
                          last edited by

                          @jt1001001 said in What do you use as an identity provider?:

                          @Pete-S Old job we used Azuer AD exclusively because we were already in that space; no need for a'Third party" provider. We did review Okta as it integrated with on premise AD, and liked it but why spend extra $$ since we had to get E5 licenses already for other reasons. If you have a lower license teir Okta may make sense as its I think US$6/user/month if I remember correctly.
                          Haven't started new job yet so I don't know what system they're using.

                          I think that scenario is pretty common. Did you authenticated other SaaS apps with Azure AD as well?

                          jt1001001J 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @1337
                            last edited by

                            @Pete-S said in What do you use as an identity provider?:

                            @Dashrender said in What do you use as an identity provider?:

                            @Pete-S said in What do you use as an identity provider?:

                            I don't know if Azure AD would make sense as a standalone service, without users being on M365 or having Windows infrastructure in general.

                            I'll agree with you there - which is why I said - IF you have M365 or Google Workspace already....

                            If you don't, yeah, I likely wouldn't look to them as a basis for an identity provider, but if you already have them.... As I've done zero research - I have no clue what OKTA or DUO, etc bring to the table.

                            What do you guys do at your place?

                            Have no type of SSO.

                            All systems are separate.

                            That said, I'm trying to work us toward being rid of AD (on-premise or otherwise) and primarily use AAD as part of our M365 subscription for ID management.

                            I know our EMR can tie into AAD for SSO, but I have no idea what they will charge us for doing that.

                            After that there's 3-4 hospital systems that we could investigate setting up federation with - though I hold little hope for that to actually go anywhere.

                            1 1 Reply Last reply Reply Quote 1
                            • 1
                              1337 @Dashrender
                              last edited by 1337

                              @Dashrender said in What do you use as an identity provider?:

                              Have no type of SSO.
                              All systems are separate.

                              I think that is pretty common too.

                              A lot of SaaS apps also requires that you have signed up for the enterprise tier to be able to do SSO. From what I've seen legacy on-prem software usually needs AD and then from there you can sync to an identity provider.

                              DashrenderD 1 Reply Last reply Reply Quote 1
                              • jt1001001J
                                jt1001001 @1337
                                last edited by

                                @Pete-S We were in process with that when I left. We still have legacy VPN needs so were demo'ing a Fortinet solution uses Azure SSO that worked well. I had gotten Mimecast email services workign with Azure SSO as well; both using SAML.

                                1 Reply Last reply Reply Quote 1
                                • DashrenderD
                                  Dashrender @1337
                                  last edited by

                                  @Pete-S said in What do you use as an identity provider?:

                                  @Dashrender said in What do you use as an identity provider?:

                                  Have no type of SSO.
                                  All systems are separate.

                                  I think that is pretty common too.

                                  A lot of SaaS apps also requires that you have signed up for the enterprise tier to be able to do SSO. From what I've seen legacy on-prem software usually needs AD and then from there you can sync to an identity provider.

                                  We don't have any on-premise software that ties to AD. We have only one on-premise software, the accounting software. So they tell me - next year is the year to replace it - hopefully something cloud based. Considering only 3 maybe 5 people in the whole company would ever log into it - if there is a cost involved in setting up SSO for that, I doubt we would do it.

                                  1 Reply Last reply Reply Quote 1
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    One of the issues @scottalanmiller has mentioned about using things like AD for identity management is denial of service attacks.

                                    i.e. if you put a Windows computer directly on the web with RDP (that's part of AD) then a hacker could deny any user in that environment access to their account because of account lock out (assuming an account lockout is set at say 5 bad password attempts).

                                    RD Gateway I guess can solve this by only allowing those with certs to connect to the gateway, but that's pretty cumbersome.

                                    The local hospitals all use Citrix web portals (formally nfuse - not sure new name, hell might still be called nfuse) the back end of that definitely ties to those hospital's AD - why don't they have account lockout issues?

                                    scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said in What do you use as an identity provider?:

                                      One of the issues @scottalanmiller has mentioned about using things like AD for identity management is denial of service attacks.

                                      That can be an issue, but almost no one has built a LAN-centric central authority like AD for decades. AD was at the tail end of the "LAN authentication" era and carries legacy thought processes alone into the modern world and so has a lot of risks and problems that nothing modern would have.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @1337
                                        last edited by

                                        @Pete-S said in What do you use as an identity provider?:

                                        @Dashrender said in What do you use as an identity provider?:

                                        @Pete-S said in What do you use as an identity provider?:

                                        @VoIP_n00b said in What do you use as an identity provider?:

                                        JumpCloud’s SSO goes beyond application access to provide a single identity that can access any IT resource, from applications to devices, networks and more. Backed by a robust Directory Platform, you can onboard, offboard, and manage the lifecycle of every user with a single set of credentials. With one identity per user, you can easily provision and deprovision user access to devices (MacOS, Windows, and Linux), on-premise applications, networks and VPN, and servers from a single, secure console.

                                        https://jumpcloud.com/platform/single-sign-on

                                        Thanks. Are you using it as well?

                                        Have you integrated JumpCloud with M365 or Google Workspace or whatever you might use?

                                        If you have azure AD or Google Workspace, why bother with Jumpcloud?

                                        You mean if you paid for M365 then you're already using Azure AD as your identity provider in which case JumpCloud serves no purpose?

                                        I'm not 100% clear what capabilities each system have but I would guess that dedicated identity platforms such as JumpCloud, Okta, Onelogin etc are more mature, sophisticated and has more features.

                                        I don't know if Azure AD would make sense as a standalone service, without users being on M365 or having Windows infrastructure in general.

                                        Agreed, if buying the identify service individually, JumpCloud is quite a bit more mature and I would trust them far more.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @1337
                                          last edited by

                                          @Pete-S said in What do you use as an identity provider?:

                                          You mean if you paid for M365 then you're already using Azure AD as your identity provider in which case JumpCloud serves no purpose?

                                          For one thing, Azure AD is lacking connectors for normal things like Linux desktops. Doesn't even WORK in our environment or most of our customers, almost none. At most it works for SOME workloads.

                                          1 1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said in What do you use as an identity provider?:

                                            The local hospitals all use Citrix web portals (formally nfuse - not sure new name, hell might still be called nfuse) the back end of that definitely ties to those hospital's AD - why don't they have account lockout issues?

                                            web portal. Probably doing the exact thing that RDS Gateway does. If it is like most Citrix products, it IS RDS Gateway, just rebranded.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post