What can LDAP and SSO integration achieve?

For single sign on （SSO） Of SAML Protocol and lightweight directory access for enterprise directories （LDAP） There was no overlap in the agreement , The integration of the two is interesting . The end user only needs to log in once to access whatever they need IT resources , But the reality is that this effect cannot be really realized in the short term .

 
therefore , Rather than LDAP and Single sign on （SSO） Integrate , In fact, it is more like realizing the identity and access to the unified management platform using multiple protocols , Support administrators to use in a single tool at the same time LDAP and SAML agreement . This article will discuss LDAP Protocol and identity and access management （IAM） The connection of ,IAM How is the industry because SAML The agreement has changed , Finally, this paper will also introduce how to implement the multi protocol identity management platform LDAP and SSO Integration of .

1. LDAP and IAM

In identity and access management (IAM) field ,LDAP It is arguably the most important kind of agreement . Since its creation ,LDAP Has been widely used as a core element of directory services , Typical examples include Microsoft local directory service Active Directory （AD）. For a while ,LDAP Almost IAM The pronoun of , Microsoft AD And so on LDAP Protocols connect end users to the enterprise IT resources .
 
The rise of cloud computing makes IAM The market has undergone earth shaking changes . The most obvious one is Web application , This new application is hosted on the Internet and widely used . The problems that follow are Web Applications cannot be federated by local directory services like other resources . So , Manufacturers have proposed a new solution to meet the growing demand for Web Application access requirements , That's single sign on （SSO） Tools .

2. Get into SAML Time

With single sign on （SSO）, Administrators can take advantage of SAML Protocol to bridge local AD Instances and cloud services , And this tool and in IAM Use in LDAP The agreement is irrelevant . On the other hand , Enterprises also need to implement single sign on （SSO） The solution complements Microsoft AD The function of , It is hoped that by combining single sign on （SSO） Tools and LDAP Agreement to perfect IAM Experience , Similar to the early AD. However , These two independent protocols not only increase the workload and cost , Also for administrators IAM The program adds pressure .
 
For the disconnection between local directory and cloud identity platform , Single sign on has been introduced in the industry （SSO） and LDAP The integration concept of the protocol ： Administrator use LDAP Will single sign on （SSO） The scheme is connected to the local AD. But at that time, there was no centralized solution in the market that could fully combine identity management with the two .

3. Integrate LDAP and SAML A unified platform for protocols

In recent years ,IAM The industry is developing rapidly , In the twinkling of an eye, a general was born SAML、LDAP And other protocols integrated into a single directory —— Directory as a service （Directory-as-a-Service,DaaS） Or cloud directory platform . The cloud directory platform will centralize user management 、 fictitious LDAP、 Cloud based RADIUS authentication 、 Multifactor certification （MFA）、 System management, etc. are integrated into one solution , Through integration LDAP and SAML SSO, Provide a truly seamless single sign on experience for administrators and end users .

—————— This paper is written by Shanghai ningdun Information Technology Co., Ltd Nington original , Do not reprint without authorization ———————