Identity as a Service (IDaaS)

Enterprises are embracing cloud and mobile technologies. As they do, they’re moving beyond traditional network boundaries and the capabilities of their legacy identity and access management (IAM) solutions.

Identity as a service (IDaaS) is a cloud-based subscription model for IAM, where identity and access services are rendered over the internet by a third-party provider rather than deployed on-premises. IDaaS can contain a range of services, but typically includes single sign-on (SSO), multi-factor authentication (MFA) and directory services that provide organizations with simple and cost-effective identity and access management capabilities. SSO typically uses either Security Assertion Markup Language (SAML) or OpenID Connect (OIDC).

Gartner defines IDaaS as, “a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers core identity governance and administration (IGA), access and intelligence functions to target systems on customers' premises and in the cloud.”

Gartner states that the core aspects of IDaaS are:

• IGA: Provisioning of users to cloud applications and password reset functionality.
• Access: User authentication, SSO and authorization supporting federation standards such as SAML.
• Intelligence: Identity access log monitoring and reporting.

IDaaS vs. IAM

IAM encompasses all aspects of managing identities and controlling access to digital resources, and it can be implemented on-premises or in the cloud. IDaaS, on the other hand, refers specifically to IAM capabilities delivered as a cloud service and managed by the IDaaS vendor. While many organizations operate hybrid environments with some IAM services managed locally and some cloud delivered, IDaaS is gaining in popularity for its scalability and cost-effectiveness, along with the flexibility to integrate with various cloud services and applications.

The goal of IDaaS, as with a traditional identity and access management solution, is to determine that a user is who they claim to be and then grant access to applications once the user has been authorized. However, with current trends of a more mobile workforce and the proliferation of SaaS apps such as Salesforce.com, managing identities is much more complex and costly than it used to be.

IDaaS is the Scalable IAM Future

Identity as a service allows an organization to let a specialized third-party vendor manage the operational nuts and bolts of an identity and access management solution, saving administrative overhead for the organization because there is no longer a need to manage infrastructure, provide security, install and upgrade software, back up data, etc. IDaaS offers a scalable IAM solution that accelerates digital transformation while reducing cost and risk. 

IDaaS helps organizations save money and time while taking advantage of specialized IT expertise. It enables users to securely and easily access needed apps on a variety of devices while on the go or at the office.

• Reduce costs. Using a cloud-based IDaaS solution eliminates the need for equipment purchases, specialized IT staff and ongoing training, allowing your IT team to stay focused on day-to-day operations.

• Better user experiences. Single sign-on and multi-factor authentication let users login with a single set of credentials, which reduces friction and password reset assistance.

• Increase revenue and customer loyalty. A good first impression from a smooth login process leads to more customer interactions and sales.

• Strengthen security. Outsourcing your IAM solution to experts limits the ability of bad actors with compromised credentials from entering your system and stealing data.

• Scalable to meet your needs. Cloud-based subscription services adapt easily to changing user bases, such as an influx of new customers for events and promotions. 

• Risk mitigation. Identity solutions reduce your risk of a data breach, which could cost your organization millions of dollars.
  

From a user's point of view, IDaaS provides similar capabilities to an on-premises deployment of identity and access management, assuming the user has access to the IDaaS cloud solution. The biggest difference is that IDaaS is hosted in the cloud by a third-party provider, which allows users to securely access their account from anywhere via different devices. This is done through a combination of single sign-on, multi-factor authentication and directory solutions.

There are many different types of IDaaS solutions. Some IDaaS providers support only one piece of the puzzle (e.g., providing only a directory) while other IDaaS providers deliver a more comprehensive suite of functionality encompassing multiple pieces of the puzzle (e.g., combined SSO, MFA and directory).

In addition to these different configurations of IDaaS solutions, different categories of IDaaS cater to different end users. Classes of end users include customers, employees and business partners.

Basic IDaaS

Basic IDaaS usually supports SSO into SaaS apps and provides the aforementioned benefits, which tends to work well for small- and medium-sized businesses and those organizations that were "born in the cloud." Organizations of this type and size do not usually have their own on-premises IT infrastructure to worry about and they are usually large consumers of SaaS apps. Multi-factor authentication can be used for increased security, and a cloud directory stores user data and credentials. Thus, basic IDaaS solutions can provide all the functionality needed for these businesses.

Basic IDaaS solutions also tend to have more streamlined interfaces, often including set-up wizards so that administrators can more easily solve less complex administrative use cases.

Enterprise IDaaS

Enterprise IDaaS is more robust due to the more complex IT environments that almost always exist in larger and older enterprises. These enterprises have a mix of on-premises, IaaS, PaaS and SaaS applications. In addition, enterprises typically use IDaaS to extend their existing IAM infrastructure. As a result, enterprise IDaaS providers must deploy solutions that can:

• Bridge to existing user directories (like AD) for authentication.

• Integrate with existing web access management (WAM) products to comply with access policies.

• Integrate with a diverse mix of non-SaaS enterprise applications that reside in the company’s data centers or hosted in a third-party data center such as AWS or Microsoft Azure.

• Provide access management for web, mobile and API environments.

The connectors, bridges and integrations provided by IDaaS solutions for enterprises allow for a more comprehensive solution. This additional functionality is combined with more fine-grained administrative controls to better customize solutions to an enterprise's specific needs.

Enterprise IDaaS Requirements

Five key capabilities are required to make enterprise IDaaS solutions possible:

1. Single Sign-on (SSO): With single sign-on, employees, partners and customers can log in just one time to gain fast and secure access to all SaaS, mobile and enterprise applications.
   

2. Multi-factor Authentication (MFA): MFA typically includes adaptive authentication methods—options to step up as risk increases based on situational changes, user behavior or application sensitivity.

3. Access Security: Access security is policy-based access management for applications and APIs to enhance security beyond SSO.

4. Directory: While most enterprises prefer to integrate IDaaS with their existing user stores, they may use a cloud directory, especially to support customers and/or partners.

5. Provisioning: Through SCIM support and integration with on-premises provisioning, user data is synced with web and enterprise applications.

Another way enterprises can leverage IDaaS is through API-first developer platforms. Often used for customer identity and access management (CIAM), these platforms expose all IDaaS capabilities through APIs. This approach allows enterprises to give their development teams a common IDaaS platform that makes it easy for them to embed identity services into their applications. It’s also important to ensure these platforms can meet broader enterprise requirements across all of their applications with:

• A focus on security and reliability.

• Support for common identity standards (OAuth, OpenID Connect, SAML).

• Integrations that allow for coexistence with their on-premises identity infrastructure.

• The ability to model their existing identity architecture in the IDaaS platform.

Just about every cloud-delivered service can claim its ability to deliver business value through efficiencies and reduced infrastructure costs. These are key cloud benefits. But IDaaS can do a lot more than that.

With capabilities such as multi-factor authentication and AI-driven threat prevention, IDaaS can reduce the risk of a costly breach. With automation and self-service capabilities, it can drive down helpdesk tickets and costs.

IDaaS can even help businesses grow through faster customer acquisition and personalization that keeps customers engaged longer and reduces shopping cart abandonment. Consumers are increasingly concerned about the security and privacy of their data, and sophisticated IDaaS capabilities can provide the assurances that build loyalty and increase customer lifetime value.