The security gaps in LDAP
Sooner or later, your organisation may make the move to AWS or other third party hosting. Aside from the obvious savings in operational expenditure, elasticity and flexibility of operations, the scalability of computing resources are reason enough to migrate.
However, if your current deployment uses LDAP to authenticate and provision users, you may want to carefully consider your options.
Typically, security policy restricts using LDAP with third party and cloud hosting because the service provider needs access to your Active Directory’s admin (?) credentials.
This poses unnecessary risk and exposure if the service provider or managed service provider is compromised. Even more so, if the credentials of end users are affected this can have a compounding effect because we all know employees are notorious for their lazy password habits.
Of course I may be fear mongering slightly, but how far fetched is it? In 2018 some of the world’s largest companies had security breaches that affected users/customers in the billions. Yes, BILLIONS.
Easy enough our SAML SSO is the simple and effective replacement to LDAP for authenticating and provisioning users.
The alternative to LDAP
Just In Time (JIT) is a standard feature that provisions users dynamically when they log in based on SAML assertions sent by the identity provider. JIT provisioning has reduced admin costs, increased user adoption and better security. Alternatively, our SAML SSO has User Synchronisation, a feature that syncs your AD with cloud providers and customer specific directories automatically.
Migrating your organisation to cloud or third party hosting may be more efficient and less costly, but can also be risqué if not configured correctly.
Save your company from having to send one of these emails with our SAML 2.0 Single Sign-On for your Atlassian applications.
Try it for free.