Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Top 5 Things You Can Look Forward to When You Rethink Active Directory

Steve Chan
Steve Chan
Group Product Marketing Manager

In our first blog, we asked you to consider finally breaking up with Active Directory (AD), and to ponder why you’ve tolerated its limitations and shortcomings for so long. Ask yourself: what other technology in your IT stack was designed 20 years ago?

In this post, we’ll break down all the benefits of moving off of AD, and why it’s worth it to begin the journey. Step #1? Figure out how we got here.

What’s changed during Active Directory’s lifetime?

Every app must be accessible

Gone is the reliance on on-premises Microsoft Exchange, Active Directory, and other in-house IT solutions. Instead, companies reach out directly to Office 365, and an average of 160+ different applications in the cloud (Business @ Work 2019).

Every device must work

The diversity of devices has exploded. While Windows historically dominated workstations, it continues to fall for global desktops and has not penetrated the mobile device OS market (Statcounter 2009 to 2019). Instead, more organizations and employees want choice in devices, leveraging more Apple and Android-based operating systems, neither of which can join Active Directory natively.

Consequently, companies seeking the leading edge of talented workers must accommodate bring-your-own-device (BYOD) policies, and the technologies that support them.

Everyone must be effective

The gig economy is driving demand for more flexible work conditions that enable employees, contractors, and external contributors (like partners and customers) to succeed under a wide range of remote scenarios.

Every location must be secure

Traditional IT was all about establishing a corporate perimeter. But castles and moats are being blown away in the shift towards zero trust networks. Enabling the workers of the gig economy to flourish means enabling them to work anywhere—including public networks.

In this modern context, AD has stayed in one place as the world has passed by. What’s more, it’s stopping you and your organization from moving ahead as well. How can your organization compete and thrive when you’re tied to AD? Think about what you can do once you’re off of AD.

The top 5 things you can look forward to

1. Feel secure and establish trust

Have peace of mind as you move into a world of zero-trust. Active Directory was designed under the assumption that it would be protected inside a hardened corporate network. Unfortunately, as more modern demands were asked of it, AD found itself reaching for an increasing number of external resources—including cloud-based apps and resources. As a result, vulnerabilities that never existed within a secure network are now considered part of AD’s attack surface.

So, by reducing the footprint of AD, customers are reducing portions of their attack surface. Instead of M&M’s candies, crunchy on the outside but soft inside, today’s zero-trust networks are more like peaches: soft on the outside and hard on the inside.

2. Stop managing domain trusts

Eliminate domain trust complexity. Modern organizations aren’t simply about the internal workforce. To be nimble, they must work with partners, contractors, and customers, all of whom traditionally belong to different domains. Managing trusts across all of these domains and forests can be difficult and time-consuming. Centralizing a user directory eliminates the need for negotiated domain trusts or special security groups that span domains and forests. Overall, this reduces the complexity of integrating existing directories together, something every organization needs. Once a centralized user directory is in place, the need for inbound firewall rules and complex LAN/WAN routing is eliminated. Each domain simply needs an outbound HTTPS connection to the internet, allowing users across all domains to access shared resources. 

3. Gain confidence with greater reliability

Set it and forget it! By gradually reducing the number of legacy, on-prem technologies relying on AD and moving those workloads to the cloud, customers can shift a significant amount of management and upkeep off their plates to service providers, improving reliability at the same time. Cloud solutions generally stay updated on their own and require zero customer hands-on for infrastructure upkeep or maintenance. Consider Zoom, Salesforce, AWS, and Box. Each of these solutions provides best-of-breed services while shifting administrative loads away from the customer. This results in less work but also delivers greater confidence in your environment’s uptime.

4. Start seeing the big picture

Opportunities are out there. Active Directory wasn’t designed to accommodate all users in a modern organization, just employees. Today’s organizations are more than corporate workers. They’re contractors, channel partners who sell, partners in the supply chain, and don’t forget, customers who buy things.

Organizations relying on AD have all kinds of special requirements and demands that it just can’t provide, such as:

  • Securing access to all apps from on-prem to the cloud
  • Enabling users to access apps and resources from any device
  • Visualizing and controlling the entire organization from one pane of glass
  • Managing, securing, controlling contractors, non-knowledge workers
  • Managing customer accounts through web and mobile applications
  • Securely enabling supply chain and channel partners with the right resources
  • Securely managing Linux servers on any cloud platform (AWS, Azure, GCP)

With the right solution, you can see the big picture, with a clearer view of how various parts of the organization are leveraging apps and resources, as well as tracking growth and inefficiencies between partners, customers, and employees. 

5. Enjoy the freedom of modern IT

Once you’ve moved off of Active Directory, the freedom and security that modern IT affords are available to you. Projects that were once too difficult or costly are now within reach. Done right, the entire organization gains flexibility, agility, effectiveness, and efficiency overall.

For example, consider the following projects under an Active Directory regime:

Domain consolidation and M&A integration

Reducing the complexity of an established entity, whether grown via acquisition or organically, means unwinding years of organizational spaghetti. Similarly, M&A integrations fail more often than they succeed due in large part to the inability of teams to successfully integrate acquirees into the organizational fabric of the acquirer. 

With a proper modern identity as a service (IdaaS) platform, AD consolidation should cost no more than the licensing of the software and a few weeks of services. The IdaaS can then automate the provisioning of all those users into their appropriate applications and resources further accelerating integration.

Leveraging modern, best-of-breed solutions

Savvy CTO’s are starting to realize how much AD has silently restricted their IT decisions. At a minimum, it's made adoption of best-of-breed SaaS solutions more difficult and stifled modernization plans. But once dependency on AD is shifted to a modern identity solution, this all changes. 

Modern identity is built to work beyond its own platform. It supports deep identity and sophisticated access use cases and works with the vast ecosystem of best-of-breed technologies and services that customers demand. 

In this way, a modern IdaaS ensures vendor neutrality that protects customers from entering an uncertain future trapped in the wrong technology through shortsightedness.

Modern identity is not modern just because it’s identity in the cloud—that’s a common and dangerous misconception. It’s modern and better because it’s designed from the ground up to solve the problems of today's organizations—all types of users, internal and external, heterogeneous devices, and hybrid environments using cloud-scale, cloud reliability, and cloud security.

And, it certainly doesn’t perpetuate Active Directory. Rather, it draws together the modern versions of the apps, policies, and services that never should have been managed by Active Directory in the first place.

In our next blog, we’ll get into the details and talk about how organizations who are ready to give up their 20-year old infrastructure can begin their Rethink AD journey today. We’ll also outline how to get there through profiling companies that have embarked on the journey, and won. Until then, read on from our eBook, Rethink Active Directory.

steve chan
Steve Chan
Group Product Marketing Manager

Steve is a Group Product Marketing Manager for Okta, focused on Microsoft partnership. Together with a broad, cross-functional team, Steve positions how Okta delivers identity and access management with other best-in-class productivity and security ISVs in support of customer technology goals. Before joining Okta, Steve was at Proofpoint as evangelist and product leader for their information protection, cloud security, threat, and data loss prevention portfolio. Prior to Proofpoint, Steve co-founded and held executive roles at security, information governance, and gaming firms around Silicon Valley. Steve received undergraduate degrees from the University of California, Davis and a master's from Harvard University.

Follow Steve Chan icon LinkedIn