Identity federation has come a long way, and is constantly shifting gears as cloud (SaaS and IDaaS), social, mobile and the increase in cross-domain access driven by the API economy, are creating challenges for federated Single Sign On architecture. It is important that organizations understand and navigate the current federation trends, to cope with these challenges. The top 3 identity federation trends to keep your eye on are:
1. Movement of Applications and Users
As the IT and business landscape changes with the adoption of cloud and mobile devices, IT Pros need to find solutions to help bridge our current and future business processes. Federation can be and is most often, the glue that can help bind our user, their identities, and their devices together. The challenge we have now and in the future, is about trust and the relationship of users with their identities and devices. In the past, we relied on internal applications, internal users, and managed, corporate owned machines. Moving forward, these entities are moving farther and farther apart. Instead of holding onto our legacy processes, we need to embrace these disconnections, because that is what the business will expect. Instead of controlling the user connections, we need to be concerned with ensuring that the user identity is efficiently managed, authenticated, and audited, in a seamless manner that is abstracted from the application or protocols.
In other words, we need to start laying the foundation for a world where applications will use a variety of protocols to authenticate, and provide the infrastructure to support these mechanisms. On-premises solutions such as Active Directory are not going away, but the plumbing to connect these to external applications will be new.
2. Authorization Requirements
As federation is primarily concerned with authentication and validation of users, a component that is usually not well thought out is the authorization of the application to that end user. For on-premises applications, this is typically not a strong concern, in the sense that the application has known controls (hopefully), and users are granted their access accordingly, regardless of device or location. For cloud applications, these are typically less known, and are up to the cloud provider’s terms.
For our own peace of mind (and our business’s), we need to start thinking about how to bind users and their devices, and ensure that only authorized users can access applications. In addition, this should extend to what the users can do (or authorized) within the application, to include non-repudiation with audit trails. This may be limited to what the application provides; however, this does not mean that we shouldn’t be concerned.
3. Partner Collaboration and Sharing
The last trend that is driving federation is around collaboration and sharing with business partners, acquisitions, or even divesture scenarios. Much like a cloud provider, you may be providing access to a system or sharing information to a partner organization. One of the primary challenges with this is one of identity management – provisioning and termination. With federation, you solve that pain, in that you are no longer worried about password management and terminations.
As the IT landscape evolves, we too must evolve to meet the needs of our users, while still ensuring trust and accountability within these systems and access. Federation will continue to change as well, but at the same time organizations need to start investigating and planning their infrastructure for the future. More and more often applications and users will be outside our traditional controls and networks, and we as IT Pros must still enable seamless and transparent access for those users, regardless of where they are.
If you have any questions pertaining to identity federation, Active Directory, integration of Office 365 with Active Directory or related topics, feel free to call us on 510.668.0700 or drop us a note at [email protected] and we’ll have you talk to one of our technical experts.