By Kayla Coco-Stotts Posted February 12, 2020
On-prem single sign-on (SSO) to Windows-based applications/systems and Group Policy Objects (GPOs) are both features included in the Windows® Server’s Active Directory role that admins have employed to manage IT resources and users for decades.
GPOs are used to execute policies and tasks on the Windows platform. Additionally, controlling access to on-prem Windows apps and systems is also a core function of AD. Some might even call that the first pass at single sign-on since one set of credentials was needed to access on-prem Windows-based resources. Both are indispensable in helping admins manage their IT environments, but only function optimally in organizations that maintain a strictly Windows-based, on-prem environment.
However, as IT infrastructure continues to evolve in favor of cloud-based innovations — and away from the legacy directory service, AD— Microsoft’s access control for Windows-based systems/applications and GPOs struggle to work in cloud-based, heterogeneous environments. Below, we’ll discuss the implementation of a next generation concept, True SSO, and group policies, as well as solutions for circumventing the issues that arise when trying to support cross-platform, cloud-forward IT infrastructure.
What Is SSO?
Before cloud-based infrastructure existed, AD introduced the initial concept of SSO by allowing users to leverage a single set of credentials to access all their Windows-based resources (such as systems, on-prem applications, and networks). Legacy IT environments were structured around Windows infrastructure and on-prem hardware, so AD managed virtually all resources.
Fast forward a few years, and today’s idea of SSO (mainly web application SSO now) is a major facet of identity and access management (IAM), allowing users to employ their credentials for the applications they access.
Whereas applications used to be solely installed on-prem, modern web applications exist outside the four walls of the office. First generation web application SSO solutions came about in response to the common workplace inclusion of SaaS applications like Salesforce®, Slack®, and G Suite™ (formerly Google Apps) that exist in the cloud. These SSO solutions were great for controlling and monitoring access to web applications, and came with the added (Read more…)