In this blog I shall try to discuss few things that we need to consider while Extending our IdM into the Cloud.
Each organization today is thinking about moving its IT operations into the cloud to take advantage of the many cloud-based services, and thus facing a lot of challenges while planning to do so. With the movement of all IT operations on to Cloud, organizations would also require to transition the identity management (IdM) platform on cloud.
Therefore, IT organizations need to consider a number of things before they transition to a cloud-centric IdM strategy.
All the IT organizations currently manage their IDM systems by storing their user information into directories, Novell or MS Active Directory being the most used. As organizations extend their IT infrastructures to take advantage of the many cloud-based services available, they will face challenges while moving to cloud-based identity stores because their users have multiple IDs – both corporate and personal – that they use at access multiple cloud-based services.
So what are the available options..?
Generalizing the scenario ,there can be three possible solutions among which IT organizations need to choose the best one. If the company’s employees use a number of cloud services such as SalesForce.com, Dropbox, Concur for expenses and Google apps for email, then they can either
(a) Give the employee five passwords (which the employee is likely to forget),
(b) Ask the employee use the exact same password everywhere or
(c) enable the employee to log into all of the cloud services by logging into the company’s system with a single sign-on.
Option (c) clearly is preferable. It’s simple for the employee to remember and use. And it’s much more easily provisioned and managed by IT.
Using the third option, the employee’s password allows single sign-on access to a number of different cloud-side applications, including various Google offerings, that otherwise would each require its own password. When employees log into the company portal, they can be logged into Gmail, Google Apps or Google Docs based on a single sign-on. And when the employee leaves the company, we can turn off single sign-on and remove the account.
For single sign-on, there’s Open ID and OAuth that allow you to log into one service – your internal systems – then use that identity to log into the other systems without handing your password over to those systems. For example, powered by Open ID and OAuth, today one can log into other systems using your Facebook, Google or Twitter credentials instead of theirs. And you don’t even need to create a new account with a new password for these systems.