Modernising Identity For On-Prem Apps.

By Michael Gleason, director of product marketing at OneLogin

Fun fact: in 2006, Forrester Research estimated that 90 percent of CRM sales were on-premises instances. That means ninety percent of CRM users had to deal with more than just a messy customer database – they had to deal with the hosting, the humans and the hardware necessary to host the application. In 2006,’s trailing twelve month revenue wasn’t anything to scoff at – it was nearing half-a-billion dollars. Today, of course, that figure is more like $14bn.

Change is constant. As Heraclitus wisely explained 2,500 years ago: “No man ever steps in the same river twice, for it’s not the same river and he’s not the same man.” Often, replacing aging on-premises applications with Software-as-a-Service (SaaS) alternatives makes sense. Think Oracle CRM vs. Go find a head of marketing that wants to replace their Salesforce instance with Oracle CRM. I’ll wait.

Sometimes, there isn’t a suitable cloud alternative to an on-prem app. Or the change management of replacing an on-prem app with a cloud app is not worth tackling quite yet. Or incredibly complex internal workflows are dependent on these on-prem apps. Think Oracle eBusiness Suite. Or Peoplesoft. Or an on-prem instance of JIRA or Confluence.

If you can’t take some of these apps to the cloud, what if you can take the cloud to them? This philosophy is gaining traction, as seen in developments like Amazon Outposts, where users can run AWS infrastructure on-premises with an integrated hardware rack that runs native AWS or VMware environments to connect to Amazon’s public cloud. The problem with some legacy apps, despite their robust functionality and wait-long-enough-and-the-old-becomes-new retro user interfaces (who doesn’t have a soft spot in their heart for Windows 98 era graphics?), is that they simply don’t cut the 2019 mustard in a few key areas:

Difficult or impossible to use contemporary authentication
Talk to anyone that has configured Single Sign-On (SSO) for a few of these legacy apps and you’re sure to hear some painful war stories. When it comes to modern authentication functionality, ranging from federation, to SSO, to MFA, you either need a team of experts, a great deal of luck, and/or to be in the favour of the IT gods.

Outdated security
The inflexibility of many legacy web access management solutions’ infrastructures prevents organisations from keeping up with modern security needs and associated technologies. For example, many organisations implemented RSA SecurID years ago and, as a result, are unable to integrate more modern security solutions like Google Authenticator, security event streaming or Adaptive Authentication.

Vulnerability due to complexity
The infrastructures of legacy SSO solutions are also so complex that IT admins are often reluctant to make changes to them after deployment. IT admins who make alterations outside of the boundaries of the initial deployment run the risk of breaking the system or inadvertently creating security holes.

Of course, there are access management offerings, purpose-built to address hybrid Identity and Access Management needs, centralising Identify and Access Management (IAM) for cloud and on-prem apps. However, not all organisations are quite ready for that project. After all, in the world of IT and security, there are always competing priorities, resource constraints and the whim of the business that requires strategic shifts. What if companies could tackle a key on-prem application first? An app that was widely used, full of sensitive data, not going anywhere any time soon and not exactly modern in its authentication flexibility. With new app security offerings, you have the opportunity to identify an individual application – cloud or on-prem – that you want to protect with multi-factor authentication technology.

Rapid Deployment
Deployments are measured in minutes, not months with templatized solutions to integrate with common on-prem apps like Oracle eBusiness Suite, Peoplesoft, Atlassian Confluence, and JIRA.

Bring your own directory
Many of these systems integrate with all user directories for simple configuration. Organisations can connect to their existing directories and HR systems.

Leading-Edge Security
Extend modern authentication capabilities to on-prem apps, including meaningful security that won’t slow you down in the form of Adaptive Authentication – risk analysis powered by machine-learning and customizable access policies.

Simple Management
Simple user administration. Administrate from anywhere with our responsive, web-based admin portal. Built-in automation, best practices, and training are provided — no servers or CS degrees required.

Modernising authentication for legacy on-prem apps unlocks a brave new world of possibilities. Who would have predicted back in 2007 that one day you would have the option to authenticate to Oracle eBusiness Suite with your face?! Leveraging modern functionality like identity federation and WebAuthN means you can do precisely that. And this is only the beginning!