Although directory services have been used in IT for years, bridging the gap between the corporate directory and the cloud is a chore that many prefer to avoid altogether. Symplified's SinglePoint SSO allows organizations to operate a hybrid of local and cloud identities, or even to migrate identity functions to the cloud.
Directory services may be old
news, but they still represent an important part of the IT infrastructure. The
question for many organizations is how to take an existing directory that grew
up around locally served applications and services such as file and print, and
use it with cloud-based services such as Google and Salesforce.com.
Too often, the answer is to avoid
integration between local identities and the cloud. That choice, convenient as
it may be in the short run, is likely to blow up in one's face someday. As
cloud-based services proliferate, the potential only increases for trouble
through a compromised user identity, or a dropped ball on the part of an
administrator provisioning services for users.
Enter Symplified and its
SinglePoint cloud-based single sign-on services, which were refreshed in summer
2010 with an array of new features designed to keep local user stores and
cloud-based services on the same page. Symplified's approach to SSO makes heavy
use of open-source technologies and methods such as SAML (Security Assertion
Markup Language) and XACML (eXtensible Access Control Markup Language) to
perform its chores.
Although the nature of
cloud-based services makes it possible to slipstream new features into the mix,
Symplified chose instead to implement an entirely new provisioning fabric for
SinglePoint in July, implementing augmented synchronization and directory
capabilities, and a service that allows companies to use Google and
Salesforce.com as cloud-based directory services that can authenticate users in
The new Symplified Identity Vault
can substitute for an on-premises directory service, and manage user identities
as a cloud-based function, independent of any local infrastructure. For
example, in a traditional portal environment, the IT group would maintain users
within an LDAP directory; when the Identity Vault is implemented, the portal
instead turns to Google or Salesforce.com for authentication, and uses the
information supplied by the chosen service to deny or grant access.
For shops looking to migrate from
the traditional locally served user authentication and authorization, or simply
to offer a hybrid of local directory services and cloud-based services,
Symplified Sync steps into the picture. Symplified Sync offers a way to bridge
the gap between Microsoft Active Directory and the cloud, mapping user
attributes defined in AD to cloud services as desired. In this first pass, Sync
bridges between Active Directory and Google or Salesforce.com, but Symplified
expects to include other cloud applications as demand requires.
P. J. Connolly began writing for IT publications in 1997 and has a lengthy track record in both news and reviews. Since then, he's built two test labs from scratch and earned a reputation as the nicest skeptic you'll ever meet. Before taking up journalism, P. J. was an IT manager and consultant in San Francisco with a knack for networking the Apple Macintosh, and his love for technology is exceeded only by his contempt for the flavor of the month. Speaking of which, you can follow P. J. on Twitter at pjc415, or drop him an email at email@example.com.