As we've entered the world of single sign-on and integrated platforms that talk to one another, identity has become more than authentication. It's now a way to establish context for a user. The Microsoft stack has given us a way to have our information "follow us around," says Scott Robinson, a SharePoint and BI expert.
But just because various applications in the Microsoft platform can share user identity based on Active Directory, that doesn't mean that they always should. SharePoint, Exchange, Lync and so forth can hook into one another with Active Directory and contextualize user identity, but there may be times when user identities need to be kept separate.
Robinson counseled that companies should take a strategic approach to user identity rather than treat it as a mere administrative issue.
"There needs to be a sit-down, where the enterprise decides exactly what sort of strategy is appropriate in establishing user context based on identity," he said.
"It's not enough to say, 'Hey, we can hook all these things together. We can use Active Directory as our hub and we can have Active Directory drive the identity of all of these applications,'" Robinson said. "Sometimes that might be appropriate, but there may be times when that is foolish. There are times when, yes, you want to build a wall."
For more, click on the podcast below.
For more on Windows access management:
- The compliance benefits of Windows identity and access management
- Six ways to improve identity and access management (IAM) for Windows
- Are identity and access management payoffs worth the fuss?