In the past, the most effective and complete way to handle server access and address privacy and security issues was to establish a central user directory on the corporate intranet via the LDAP protocol or Microsoft Active Directory (AD) as the only source of users. Starting from a central directory, enterprises build a "bridge" to cloud server infrastructure that may participate in running one or more different IaaS platforms.
Given that many servers are running remotely, businesses need an easy way for each server to have information about access permissions and permissions. A more efficient solution is to leverage a SaaS-based cloud directory service, or DaaS platform. The cloud directory service will synchronize users with the enterprise's internal LDAP or AD, and the cloud user management service, as an LDAP server, can realize automatic user provisioning and management based on access and permissions.
Schematic diagram of user management service
01
Advantages of Cloud Directory Services
Adopting a cloud directory platform offers administrators many benefits:
1) No network configuration required
The Bridge in the above figure, that is, the LDAP or AD agent, will send the feedback securely to the user management service delivered by SaaS. Bridge manages all users, keeps them in sync, and secures firewall ports as well as a central directory. With such a structure, the enterprise does not need to modify the network configuration locally.
2) Improve security
The cloud directory service can ensure the security of the central directory and the synchronization status of all users. The server infrastructure is synchronized with the enterprise's core user sources, so user access is strictly limited. After a user is deactivated, extraneous accounts are not provisioned and retained. With compromised user accounts the number one risk to corporate directories, organizations must maintain the accuracy of user access, which means every employee and the devices they use must be properly managed.
3) Minimize extra management as much as possible
The cloud directory service automatically syncs users and group tags to the cloud infrastructure, so administrators have little extra work beyond account creation and privilege management. Even for account creation and privilege management, the cloud directory platform will replicate relevant information and give users corresponding access rights across all systems, applications, and networks.
4) Mobile office business collaboration
For enterprises with mobile business characteristics such as fast-moving consumer goods, e-commerce, and technology Internet, they often choose to use corporate social accounts such as DingTalk, Enterprise WeChat, and Feishu as the source of employee identity accounts. In addition to providing the ability to bridge local AD and LDAP accounts, the cloud directory service can also bridge enterprise mobile social accounts, and realize automatic user provisioning and management, eliminating the need to maintain multiple account systems, and boosting the rapid launch and growth of mobile services.
02
Ningdun cloud directory platform: Compatible with AD, unified management of identities, applications, networks, terminals, etc.
Ningdun cloud directory platform is a solution for SMEs to manage and protect access to cloud server infrastructure. The SaaS-based managed directory service centralizes user management through the LDAP protocol and provides functions such as single sign-on (SSO), network access control, and multi-factor authentication (MFA). For the long-standing problem of using and managing the existing account system of the enterprise, the administrator can use the cloud directory platform to build a bridge between the local user source and the enterprise social account source, and quickly connect the cloud directory service to the enterprise AD or LDAP user source, pin Ding, Enterprise WeChat, Feishu, etc.