Identity sprawl (Directory Sprawl)
Identity sprawl refers to a situation where a user’s identity is managed by multiple siloed systems/directories that are not synchronized with each other, resulting in multiple identities for each user. The situation often arises when an application/system is not, or cannot be, integrated with the central directory service of the organization, resulting in the need to manage another set of user identities to support access to that application/system. Identity sprawl has been a problem for organizations adopting cloud services that operated a separate identity silo, which meant users needed a separate identity for the cloud service.
IDaaS is often procured in order to address identity sprawl by centralizing user identities in one place. That said, if the IDaaS does not support all the identity needs of the organization – i.e. does not support access to all relying parties – then using an IDaaS adds another set of identities that need to be managed.
Central management and smart replication can help contain directory sprawl by ensuring that user, computers and applications have one identity that is replicated among multiple directories, but still managed centrally.
The manner in which a directory service is delivered – installed on premise or as-a-service – has little bearing on the issue of identity sprawl. Directory-as-a-service’s influence on identity sprawl will depend on the scope of support it provides. If all the directory needs of the organization can be address using a directory delivered as-a-service, then it can solve the identity sprawl problem. If some of its needs remain unmet, then additional identities need to be managed separately.