What is IDaas?
Identity as a Service (IDaaS) is cloud-based authentication operated by a third-party provider.
The X-as-a-service model means some feature (X) is being delivered or served through a remote connection from a third-party provider, as opposed to a feature being managed on site and by in-house personnel alone. Very simple and day to day life example could be of email. Local email, such as Microsoft Outlook operates primarily on my own computer versus cloud email, such as Gmail, is provided to me as a service through web connections. In similar manner Identity and Security features can similarly be provided as a service.
Identity as a service (IDaaS) are SaaS-based IAM offerings that allow organizations to use single sign-on (SSO using SAML or OIDC), authentication and access controls to provide secure access to their growing number of software and SaaS applications. The goal is to ensure users are who they claim to be, and to give them the right kinds of access to software applications, files, or other resources at the right times.
Gartner defines IDaaS as, “a predominantly cloud-based service in a multi-tenant or dedicated and hosted delivery model that brokers core identity governance and administration (IGA), access and intelligence functions to target systems on customers’ premises and in the cloud.”
Core aspects of IDaaS are:
- IGA: Provisioning of users to cloud applications and password reset functionality.
- Access: User authentication, SSO and authorization supporting federation standards such as SAML.
- Intelligence: Identity access log monitoring and reporting.
Enterprise IDaaS requirements:
Five key capabilities are required to make enterprise IDaaS solutions possible:
- Single Sign-on (SSO): With single sign-on employees, partners and customers obtain easy, fast and secure access to all SaaS, mobile and enterprise applications with a single authentication using corporate credentials.
- Multi-factor Authentication (MFA): MFA typically includes adaptive authentication methods—options to step up as risk increases based on situational changes, user behavior or application sensitivity.
- Access Management: Access security is policy-based access management for applications and APIs to enhance security beyond SSO.
- Directory: While most enterprises prefer to integrate IDaaS with their existing user stores, they may use a cloud directory, especially to support customers and/or partners.
- Provisioning: Through SCIM support and integration with on-premises provisioning, user data is synced with web and enterprise applications.