KuppingerCole Report
Leadership Brief
By Dave Kearns

Cloud SSO is not sufficient: What else do you need?

Cloud-based identity services have come a long way in the past several years, make sure you’re keeping up with what’s available and what you need.
By Dave Kearns
dk@kuppingercole.com

Content of Figures

  1. Figure 1 Cloud IAM in conjunction with on-premise IAM

1 Recommendations

One common feature of Cloud-based IAM/IAG is Cloud Single Sign-On. Users can access all their Cloud services – and existing web applications that run on-premises, as well as business partner web applications – through that portal. Login is provided either via SAML (Security Assertion Markup Language) or by way of the OAuth protocol (perhaps running underneath another service such as OpenID Connect) as the most important Identity Federation standards, although other protocols and services may emerge.

This is good. This is necessary. But this is not sufficient. Demands for greater efficiency and lower costs means that the cloud-based services must do more. We see two possibilities moving forward:

  • Cloud-based IAM/IAG that provides Identity Provisioning and Access Governance capabilities as a Cloud service; or
  • a combination of identity federation, self-service registration, directory services, and access management solutions, all provided as a Cloud service (IDaaS).

The former serves as a way to integrate cloud services with traditional on-premise IAM, or even as a direct replacement, while the latter is considered a better approach for integrating non-employee users – the so-called “externals”, such as partners, vendors, contractors and clients.

While the two may converge, we recommend you choose one or the other now – based on your current needs – as any convergence will be accompanied by a direct path from these solutions.

Those that do not begin now to move in these directions may be doomed to playing “catch up” for many years to come. Failure to do so could seriously damage your organization in the future.

2 Analysis

Single SignOn (or, better, Simplified SignOn or SSO) was one of the early successes for cloud-based IAM (Identity and Access Management). There were, ...

Employees and contractors inside the enterprise would access the datacenter directly or through web-based portals. But they would also go beyond, to t ...

Login Get full Access

3 Summary

Identity and Access Management (IAM) has come a long way in the past 15 to20 years. But now it’s time to take IAM and its partner Identity and Acces ...

Login Get full Access

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top