With a distributed and ever-expanding infrastructure across servers and data centers, administrators struggle to manage separate user stores for access to each database, SaaS app, or other resource. To simplify identity management and access provisioning, you might choose to integrate Active Directory (AD) with your databases and applications using their native APIs, connectors, or toolkits. As the number of integration points increases (e.g. Oracle, Snowflake, PostgreSQL, etc.), so does the manual effort required to secure access. This problem won’t disappear anytime soon. For global cloud databases alone, research forecasts the market doubling from $12 billion in 2020 to $24 billion by 2025.As your technology stack continues to grow, you’ll need a way to simplify your Active Directory integration and take full control of provisioning access, including onboarding, off-boarding, and auditing changes to user credentials and resource permissions. Before delving into the “how,” let’s take a step back and understand the significance of Active Directory in your infrastructure. Originally released in 1999, Active Directory (AD) is a widely used Windows directory service implementation that contains information about objects such as users, computers, printers, files, and folders in an organization’s network. Active Directory’s domain controllers handle authentication requests and authorize access to network resources through access control lists. Since its release, Microsoft has extended Active Directory into a collection of services that enable identity management, including DomainServices, Certificate Services, Rights Management Services, and Lightweight Directory Services. Active Directory is the umbrella term used to refer to all these services. To address the challenge of authenticating users to out-of-network resources, Microsoft also created Active Directory Federation Services (ADFS) to enable single sign-on (SSO) via a claims-based authentication mechanism. When a user accesses external resources, the ADFS server authenticates user requests against the AD server and then passes on a token to the external resource to validate the sign-on request. Today, 29% of organizations use ADFS. Of those companies, 21% are small (<50 employees), 47% are medium-sized, and 33% large (>1000 employees). As organizations expand their infrastructure, Active Directory has become crucial for authentication against other databases and servers. LDAP is an open-source, cross-platform protocol used to manage and access directory services. It is a subset of the standards contained in the X.500 directory access protocol. LDAP defines structures, formats, and rules that govern the communication of client applications with directory services, as well as the structure of client requests, server responses, and data formats. Admins can use LDAP to search for a user in a directory, add, delete, and modify objects of a directory, authenticate users to access resources in a network, and more. Directory services such as Active Directory, OpenLDAP, and IBM Directory Server all support LDAP. Since it can support multiple platforms and operating systems, LDAP is an important piece of an expanding infrastructure. If your client implements LDAP — whether it's a Windows desktop, a Linux machine, a SaaS app, or a database application — it doesn't matter which directory service is on the other end of the LDAP server. LDAP enables organizations to tap into the vast database of users, devices, and resources stored in Active Directory. Learn more about the difference between LDAP and Active Directory (AD). In a single day, users need to access multiple cloud-based and on-premise applications. Single sign-on (SSO) solutions allow users to login to multiple applications with just one set of credentials, eliminating the hassle and risk of managing different combinations of usernames and passwords. To enable single sign-on with Active Directory, you’ll need to use ADFS or a third-party tool. However, expect some challenges regardless of the path you choose. Implementation of single sign-on in Active Directory brings a certain level of complexity. A third-party solution can simplify the process by federating Active Directory’s access to multiple SaaS applications and databases residing in the cloud. If you plan to configure resources in a distributed infrastructure to authenticate against Active Directory, you know the repetitive and manual work it will require. A proxy-based control plane can help you eliminate complicated configuration. StrongDM integrates with Active Directory, or any other directory service or single sign-on provider, to authenticate users and securely route traffic to any destination resource, regardless of where it’s hosted. From a single control plane, admins can onboard or off-board users, assign and modify role-based access, and audit all user activities. Decrease manual effort and streamline the provisioning process with StrongDM. Try today with a free, 14 day trial.Active Directory and Its Role in the Infrastructure
Lightweight Directory Access Protocol (LDAP) and Active Directory (AD)
Single sign-on (SSO) and Active Directory
Integrate Active Directory with any database or SSO
About the Author
Justin McCarthy, Co-founder / CTO, originally developed empathy for Operations as a founding and pager-carrying member of many operations and data teams. As an Executive, he has led Engineering and Product in high-throughput and high-stakes e-Commerce, financial, and AI products. Justin is the original author of StrongDM's core protocol-aware proxy technology. To contact Justin, visit him on Twitter.
💙 this post?
Then get all that StrongDM goodness, right in your inbox.
