LDAP and SAML are standardized authentication protocols, both commonly used to securely access applications. In this video, we'll cover each protocol's strengths, their similarities and differences, their various use cases, and how to easily implement both together.
Learn more about:
LDAP vs SAML: jumpcloud.com/...
Cloud LDAP: jumpcloud.com/...
Single Sign-On (SSO): jumpcloud.com/...
Try JumpCloud for free: jumpcloud.com/...
JumpCloud What Is video series: • What Is? Series
Resources and social media:
Blog: jumpcloud.com/...
Community: community.jump...
Facebook: / jumpcloud.daas
Twitter: / jumpcloud
LinkedIn: / jumpcloud
#jumpcloud #ldap #singlesignon #sso
Transcript:
LDAP, or Lightweight Directory Access Protocol, is an open standard that was created in the early 1990s before the internet took off. It's still a widely used protocol for authentication into a wide range of applications, which speaks to the flexibility and utility of LDAP. Directory platforms such as JumpCloud, or Microsoft's Active Directory, are implementations of the standard.
Now, let's talk about SAML. Created in the early 2000S, SAML, or Secure Assertion Markup Language, is an assertion based authentication protocol that federates identities to web applications. As web application use has dramatically increased, organizations have leveraged SAML based web application, single sign-on solutions, in addition to their core directory service.
At their core, LDAP and SAML SSO essentially serve the same function: to help users connect to their IT resources. They are often used in cooperation by IT organizations and have become staples of the identity management industry. However, there still are some significant differences.
LDAP is mostly used for the backend of user authentication, such as storing information about people, and then sharing it out for authentication purposes. SAML extends user credentials to the cloud and other web applications. The most common LDAP server implementations are intended to be the authoritative identity provider, or source of truth, for a user identity. A SAML service isn't the source of truth, but it complements the directory by performing the identity and authentication process that's necessary to log into web apps.
Let's break down the use cases in more detail. LDAP is used for authentications into Linux applications, such as OpenVPN, Docker, Jenkins, and many others. LDAP may also be used for standalone authentication for resources such as firewalls that don't support Radius.
LDAP Servers and cloud services are the ultimate source of truth for user identities. LDAP runs efficiently on systems and gives it organizations a great deal of control over authentication and authorization. Running it from the cloud, reduces maintenance, complexity, and total cost of ownership.
SAML, on the other hand, is generally used as an authentication protocol for exchanging authentication and authorization between directories and web applications. It's been extended to add functionality to provision user access to web applications through SCIM.
SAML-based solutions have historically been paired with a core directory service, so what's the easiest way to implement both LDAP and SAML SSO? The JumpCloud Directory Platform rolls these protocols together into an open directory service delivered from the cloud and adds on multi-factor authentication for each method. It spares IT professionals from doing the heavy lifting of building out a whole infrastructure and juggling multiple point solutions.
JumpCloud employs several industry-leading protocols in addition to SAML and LDAP, including Radius, SSH, and OpenID. Learn more by visiting jumpcloud.com/...