March 28, 2019
Multi-Factor Authentication
Cloud Directory
Device Management

Rethinking Your Approach to Your Enterprise Directory

Archit headshot
Archit Lohokare Chief Product Officer
Directory hero

Fueled by advances in technology and widely-recognized business benefits, many organizations today are actively moving to cloud-based applications, platform services and infrastructure as a service.  This trend, coupled with an explosion in mobile computing, means that IT must increasingly enable access of these applications, services and infrastructure anytime, anywhere. There are also new complexities related to digital transformation projects across the enterprise, which often involve building new web presences, online business models, applications for employees, partners and consumers. In turn, these paradigm shifts are encouraging CEOs, CIOs and IT organizations to rethink their traditional approaches to many foundational services within the organization.

One such foundational service is the enterprise directory – the single source of truth for all identity information related to individuals (employees, contractors, partners, consumers), endpoints (mobile devices, workstations and laptops) and even infrastructure (servers, network devices, etc.). Traditionally, most organizations have invested in building out a legacy enterprise directory framework based on an on-premise Microsoft ActiveDirectory (AD) or other directories based on Lightweight Directory Access Protocol (LDAP). While these frameworks served organizations well in the on-premises world, they fall short of enabling an organization to truly embrace the cloud and mobile world.

Designing, deploying and managing this legacy enterprise directory framework comes with extensive requirements to invest in people, processes, technologies and infrastructure. This in turn creates significant opportunity cost to any enterprise looking to extend their competitive advantage through new and forward-looking technology investments. These legacy frameworks also are limited in their authentication and authorization capabilities, especially in the new cloud world. Cloud applications and services increasingly leverage new protocols such as SAML, OpenID Connect, OAuth 2.0, as opposed to using traditional mechanisms like Integrated Web Authentication (IWA) using Kerberos or NTLM. These services are also limited in their ability to support the modern BYOD (Bring Your Own Device) and BYOI (Bring Your Own Identity) where individuals are consuming the organization’s services using their own devices and using their own identities from platforms that may include Facebook, Twitter, LinkedIn and others, in addition to federated services.  Similarly, managing and securing access to cloud IaaS like AWS, GCP and Azure too can be a challenge with these legacy frameworks.

Designed precisely with this paradigm shift in mind, Idaptive’s Next-Generation Cloud Directory addresses many of the challenges detailed above. A highly scalable, performant and turnkey cloud service, the Idaptive Cloud Directory can scale up to tens of millions of users and devices, enabling organizations to deliver web-scale digital experiences to their consumers, employees, contractors and partners. The Directory supports comprehensive User and Device Management and Role Based Access Control through a Policy-Based framework that applications and devices can leverage to drive superior access security and demonstrate compliance. The Cloud Directory, along with the Idaptive Next-Gen Access Platform, also enables authentication via new protocols like SAML, OpenID Connect. OAuth 2.0, etc. while supporting legacy protocols like IWA.

Idaptive’s market leading Adaptive Multi-Factor Authentication service is deeply integrated with the Cloud Directory, enabling organizations to implement stronger authentication assurance and risk-based access to applications and devices. Lastly, Idaptive’s Identity Lifecycle Management services, built to leverage the Cloud Directory, enable seamless provisioning from and to the Cloud Directory into Line of Business applications like Box or HR systems like Workday and BambooHR. And with an API interface that enables all interaction with the directory to be done via APIs, and an enterprise grade Secure Token Service integrated with the Directory, the directory enables not just IT admins, but also developers to integrate their applications with it.

The Cloud Directory will also soon deliver a brand-new paradigm called Brokered Authentication. Using Brokered Authentication, the Cloud Directory can serve as a virtual directory, allowing users to login to applications, endpoints and services using their existing enterprise credentials (AD or LDAP), enabling a seamless transition from an existing legacy directory to the Idaptive Cloud Directory.

If you’re looking to try the Idaptive Next-Gen Cloud Directory and accelerate your cloud and mobile first initiatives, sign up for our free trial here.

Archit Lohokare

Archit headshot
Archit
Lohokare
Chief Product Officer

Archit Lohokare is Chief Product Officer at Idaptive, where he is responsible for product strategy, driving innovation, and bringing new products and services to market. He transitioned over to Idaptive as it was spun-out from Centrify, where—as Vice President of Product Management—he led the Identity-as-a-Service (IDaaS) and Unified Endpoint Management product portfolio. Prior to Centrify, Archit was Vice President of Products at Optymyze, where he led the product management team responsible for the company’s Sales Performance Management and Sales Platform-as-a-Service SaaS and PaaS solutions, securing a Leadership position in the first Gartner Magic Quadrant report on Sales Performance Management along the way. 

Earlier in his career, Archit led Symantec's Cloud Information Protection Security-as-a-Service offering, and IBM's Access Management product line, comprised of Web Access Management, Identity Federation, Enterprise Single Sign-On, and Risk-based Access and Entitlements Management products. Archit joined IBM through the acquisition of Encentuate, a leading Bay Area start-up in the security software space; as an early employee, he had the opportunity to contribute to its successful exit. 

Archit has an MBA from UC Berkeley-Haas School of Business, and a bachelor’s degree in Computer Engineering from NTU, Singapore, where he was awarded the SIA-NOL undergraduate scholarship by the Ministry of Education, Singapore.

Archit is an avid history buff, enjoys reading in his spare time and running breathlessly after his one-year-old, hyperactive son.

CHAMELEON-LIKE SUPERPOWER

If Archit could have any Chameleon-like superpower, it would be the ability to change colors quickly and adapt. “Actually, it would be like the ability of our IAM solutions to adapt instantaneously to a customer’s environment and user behavior. Anomalous user access? A snap! Presto, change-o – like a chameleon from green to red in an instant, adapt to the change in user behavior and request user to assure their identities using multi-factor authentication...”