Hello everybody! Are Office Filing Cabinet, Directory, Active Directory, OpenLDAP, LDAP, Cloud Directory and IAM (Identity and Access Management) blood related? Let us find out.
Chances are that you would have seen a filing cabinet in your boss’, or when you were a student, in your dean’s cabin. In it we oragnise files based on some logic, usually alphabetical. So the filing cabinet presents us with a structured system to store and access information in the files. As for the information’s safety, the keys to the filing cabinet are usually with the owner or their office assistants.
With the advent of PCs, we started creating, storing and sorting data and information electronically. So we needed an electronic equivalent of the filing cabinet to organise (store and sort) all this data. So we invented directory! The directory is an electronic system that organises the files and folders we create. These files and folders are organised in a structured, related and hierarchical way by the directory – in our PCs as well as on our networks.
Active Directory is Microsoft’s proprietary directory service. And in their own words it provides the methods for storing directory data and making this data available to network users and administrators. Using Active Directory, IT administrators provide users with secure access to network resources they need to accomplish their work.
The AD stores data as objects. The objects are users, user groups, computers, printers, applications, other devices that need to be accessed and shared folders. It also contains critical information such as permissions (who is allowed to do what), job title, department, address, phone number etc. The Domain Services of AD ensure that the user is who they claim they are (authentication) by matching ID with password. They also ensure users are allowed access to only as much information they are allowed to use (authorisation). AD thus brings in the element of Authentication and Authorisation.
LDAP is often used interchangeably with AD as the open source equivalent of AD. However, the open source directory service is OpenLDAP. So what LDAP then? Lightweight Directory Access Protocol (LDAP) is the protocol that accesses information stored in a directory service like OpenLDAP or AD and makes it available to the user.
Directory services were originally designed as on-prem solutions. A user logged in once through SSO and gained access to all different resources in the directory. And after the use, the user logged out of all resources at once.
Then the IT landscape evolved. Cloud computing and services came along. The IAM model for on-prem usage was not designed for the diversity cloud brought in. What are we talking about?
We accessed information on office networks from our PCs. In those days all PCs would be either Linux, Mac, or Windows. Now, any organisation might have all of these PCs. In addition, we use android and iPhone. Besides office network we use home network, telecom network and public network. We use multiple devices with different OS on different networks. In a lot of organisations, Exchange has been replaced by Zoho Workplace, Google Workspace and Microsoft 365. The on-prem directory was not designed to manage this diversity. Imagine creating multiple on-prem directories for multiple identities!
There were a few add-on products to on-prem cloud / identity, but they could not cover the entire IAM gamut. This left room for attacks on identities and attacks from identities. The twin challenges of attacks and diversity were ultimately answered by the development of the Cloud Directory, one directory for all identities.
- Cloud directory is a comprehensive tool for administrators to create, modify & delete identities at scale whether your enterprise is B2B or B2C.
- For B2C it further enables users to access apps using social logins. REST APIs provide sign-up functionality to apps and websites.
PS 1: The name ‘directory’ actually derives from telephone directory that lists the phone numbers of all the people living in a certain area. The concept of directory is similar to yellow pages and telephone directory.
PS 2: By the way, a directory is just a file. Now howzatt? 🙂
If you have queries on Cloud Directories on any other aspect of IAM reach out to our in-house Cyber Protection experts.
Recent Comments