Secure the keys to your identity kingdom by linking your cloud and on-premises directories.
Imagine being able to work from any location and on any device with other people. Office 365 and other cloud services help to make this easy, as long as you have an ID and password to access the system. That’s where hybrid identity comes in. By linking the cloud identity to the on-premises identity, access is available seamlessly, whether in the office or anywhere else.
That all sounds great (and it is) but having a hybrid identity set up provides so much more. One thing that has always caused an issue is the implementation of passwords. They expire, are complicated and I have about 100 of them (with different IDs too).
The chances of remembering all of them all the time are fairly slim. Particularly when they expire on the last day at work before I go on holiday (2 weeks in the sun sounds good…). When I get back, I am sure that I changed my password, but, since I used it only the once, can I still sign in to my PC?
This is where hybrid identity comes back in and helps me to recover the situation.
In the old days, I would log a call with the service desk and wait until they called me back (lost productivity there). Then, after going through some questions to prove who I am, they would reset my password, tell me what it is (or email my manager) and I would be able to log in. I would also need to reset my password as the service desk set it to “Summer2018” and it’s timed to auto-expire.
Today, I can utilise the cloud service to prove who I am by answering my mobile phone and then simply putting in a new password. This is then written to the internal directory and the cloud directory straight away, so I can get access immediately.
“The more we can work together, collaborate on projects, design new things or fix things that are broken, the better things are.”
The issue of multiple identities is also helped when a hybrid identity is used. Cloud services use different types of authentication token; SAML, OAuth, Open ID Connect. Like the differences between Yale, Mortice and Deadbolt, to access the service, it is important to provide the right key.
A hybrid identity can provide different keys for different services based on the original authentication. We can think of part of the identity service as being a big, secure key box. We can use our ID and password as a key to open the key box.
Inside that box are keys to each of the services that we need to access, it holds different Yale and Mortice keys, as well as others that are handed out as long as we can open the box. As a result, we can sign out the key we need, when we need it, and work productively in each system.
Each user has their own box that contains the keys that they are permitted to use. By signing out the key to the finance system, I can access it and submit my expenses.
That’s great for accessing my services, but I also need to work with other people. Teamwork and collaboration are essential, the more we can work together, collaborate on projects, design new things or fix things that are broken, the better things are.
Again, in the past, this needed anybody we worked with to have an account in the same system. To work with somebody from outside the organisation a new account for that user would have to be added to the internal systems for both authentication and authorisation. There was no way to know if that outsider had since left their organisation, we had to manage the ID, provisioning, de-provisioning, and, of course, password resets.
Hybrid identity gives us a much better way of handling this. Cloud-based services can be linked to an identity in someone else’s cloud; they manage the provisioning, de-provisioning, and password resets – we manage the access to the specific services. Effectively, we give a copy of the door key to the outsider with the promise that if they ever leave that they will return the key.
OK we know that in real life when we lend somebody a key it probably isn’t coming back. What happens here though is that we place the spare key inside the key box belonging to the outsider’s company. When they leave the company, the key to the key box is taken away from them. That means that they can’t get the key to our system.
Hybrid identity allows us to achieve a number of things:
It can also help with the automatic provisioning out to external applications (if we are using them of course).
While hybrid identity may seem like a complex issue when it is up and running, it makes accessing data and services both internal and external while collaborating with partners/customers/vendors much simpler. Paraphrasing J. R. R. Tolkein it gives us, “one identity to rule them all, one identity to sign in, one identity to keep control and in the Internet find them”.
If you want to know more about how to create a hybrid identity, or to make the most of your current set-up, then book a free half-day envisioning session. Alternatively, take a deep dive into the Microsoft Identity Stack with Senior Consultant Ian Bassi.
Envision a secure future, with automated user management and controlled access.Apply for free workshop
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.