The Secret Security Wiki

Categories

Home > Wikis > Identity & access management > Identity as a Service

Categories

Identity as a Service

Identity as a Service (IDaaS) is cloud-based identity and access management (IAM) service operated by a third-party provider. Using IDaaS, subscribing companies can validate user credentials and provide access to resources and/or relying parties that have a trust relationship with the IDaaS. IDaaS is particularly relevant for enterprises that are ‘all-in’ on cloud services and do not manage their own network or host their own servers and applications.

IDaaS supports standards like SAML and OIDC that are also supported by many relying parties.

IDaaS is typically used by customers that determine it is cheaper for them to source their IAM as a service than managing user identities and access control on-premise using something like Active Directory Domain Services. IDaaS is also used by customers that want to bridge their on-premise IAM to support cloud applications.

  • What are the applications of IDaaS?

    IDaaS is used to manage user identities, authenticate them and provide attestations to relying parties that a user was successfully authenticated.

  • What are the benefits of IDaaS?

    IDaaS is managed service, which mean the service provider assumes full responsibility for maintaining it. For some customers, this can result in lower total cost of ownership (TCO). For other customers, it relieves them of the headache of setting up and maintaining their own IAM. IDaaS also helps customers keep up with the latest authentication technologies, standards and best practices.

  • What are the core aspects of IDaaS?

    Core aspects of IDaaS include:

    • Directory: IDaaS functions as the enterprise user directory or can integrate with an existing directory.
    • Provisioning: IDaaS is used to provision user accounts on multiple systems and applications using standard protocols like SCIM or proprietary connectors.
    • Single Sign-on (SSO): IDaaS enables SSO for all resources and applications that trust the IDaaS for authentication, which means users can access multiple systems and resources with one set of credentials.
    • Multi-factor Authentication (MFA): IDaaS typically supports multi-factor authentication (MFA) and adaptive authentication capabilities that work in tandem to deliver better, more secure user authentication.

  • What are the key capabilities of IDaaS in an enterprise environment?

    Enterprise customers typically require the following capabilities:

    • Directory: IDaaS functions as the enterprise user directory or can integrate with an existing directory.
    • Provisioning: IDaaS is used to provision user accounts on multiple systems and applications using standard protocols like SCIM or proprietary connectors.
    • Single Sign-on (SSO): IDaaS enables SSO for all resources and applications that trust the IDaaS for authentication, which means users can access multiple systems and resources with one set of credentials.
    • Multi-factor Authentication (MFA): IDaaS typically supports multi-factor authentication (MFA) and adaptive authentication capabilities that work in tandem to deliver better, more secure user authentication.