A common configuration for on-premises Linux servers includes using an LDAP directory to manage identities and for user authentication. This approach has been a de-facto standard and best practice for more than a decade. But LDAP directories have posed challenges to administrators and security professionals.
LDAP directories come with their own set of challenges. For one thing, the servers that run the directory have to be deployed and maintained. And since no one can access the Linux environment without the directory, High Availability and Disaster Recovery (HA/DR) are required. The result is that there may be multiple servers that have to be built, maintained and updated to ensure access to the Linux environment.
There is a better way to manage Linux identities, without relying on LDAP.
Okta’s Advanced Server Access (ASA) provides a modern approach to managing Linux identities securely without requiring an on-premises LDAP server. Using ASA, you can benefit from automatic identity CRUD for your Linux servers without the problems of LDAP directories or of local files administration.
ASA relies on Okta’s Identity Cloud as a master source for the Linux identities. Identities are stored in Okta’s Universal Directory (UD), and provisioned automatically to the appropriate servers based on the authorization policies of your organization. This means that Identity Management is performed automatically as Access Management policies are added or changed. Identities in Okta can be automatically pulled from a master source, such as Active Directory, an HR system, another application, a CSV master, or other source. Your existing LDAP directory may be the source for your Linux attributes during the migration to ASA.
Read Steve McCullar’s full blog here.