Using a central identity store with Active Directory
One of the most used identity stores is still Active Directory. Before we get into AD itself, it’s important to understand that it should definitively not be confused with Azure Active Directory. The key difference is that Azure AD is a cloud-native IDaaS solution whereas AD is a traditional Lightweight Directory Access Protocol (LDAP), a network protocol that determines how information is exchanged from directory services using, for instance, TCP/IP.
Understanding AD is not easy, but basic knowledge is necessary when talking about IAM. An enterprise should only have one central directory. Identities should only be kept in one place. That also comes with a risk—if a directory gets breached, an attacker will have access to all identities that exist within the enterprise. It’s crucial that the directory and the IAM system are very secure and that directory data is extremely well protected. This...
