Identity Architectures

This deck covers identity architectures, focusing on the evolution from on-premise LDAP-based systems to cloud-based solutions like Azure AD and Okta.

• It explains limitations of LDAP, like plain text credentials and lack of SSO/provisioning, and how federated identity addresses these using claims and HTTP redirects.
• Real-world scenarios illustrate the transition to cloud identity, including using ADFS (Active Directory Federation Services) for on-prem to cloud integration.
• SCIM (System for Cross-domain Identity Management) is introduced for automated provisioning/deprovisioning, a key advantage of cloud identity providers.
• Just-in-Time (JIT) provisioning is explained, where user accounts are created/updated dynamically upon login, often via SSO.
• The deck concludes by discussing whether to migrate user stores to the cloud, weighing factors like on-prem app dependencies and legacy system limitations. It recommends a hybrid approach, keeping on-prem stores but synchronizing with cloud IDaaS for enhanced features.
• Overall, the deck provides a comprehensive overview of identity architecture evolution, offering insights into the benefits and considerations of cloud-based solutions.