Might want to edit the title. This article really isn't about Netflix using GMail.
It's about Netflix's use of OneLogin and SAML to manage single sign-on for their corporate cloud apps. That umbrella includes Google Apps like GMail, but it also includes apps like "Dropbox, Docusign, Workday, Safari Books, SD Elements, ServiceNow."
Single sign-on is a downright essential feature for a lot of B2B cloud apps. Asking corporate users to constantly log in to a loads of different cloud apps is a fast way to make sure that most of those apps don't get used. It's only natural that a service like OneLogin would come around to help companies manage single sign-on.
Disclaimer: I work for OneLogin, but do not speak for OneLogin. :)
--
For sure. It's no coincidence that before recently moving to OneLogin from a short-term contract at Gap corporate, my biggest pain at work was getting access to do my job.
I think it took a week of onboarding to get on WiFi and in the ticketing system. I worked at Gap for six weeks (everything but the systems are pretty cush). The entire time I had an insecure password set by a network administrator because the password reset form was broken.
I had access to my Gap Exchange account for nearly two months after I left - longer than I worked there.
Perimeter-based security typically leads to a situation where the people who need to get their job done can't conveniently, but anyone with half a cluestick can waltz in.
In our startup, I do the orientation of new people. I require them to select a password manager before joining, and the first day includes setting up numerous accounts (around 11). It is a right royal pain.
A contributory factor are those services that don't understand people have separate personas for work versus personal. Examples that screw it up are Trello, Github and Dropbox. Google are the least worst although they do have sites that get things wrong (eg appengine & analytics).
Odd that they're dumping Exchange for SSO-related reasons, as "... Microsoft is now getting into the game. It recently announced that its customers, using certain Microsoft products and services, will be able to manage passwords for third party cloud apps through Active Directory." From the 2nd page.
Disclaimer: I work for OneLogin, but do not speak for OneLogin.
Microsoft likes to promise to provide things in the future that their current customers are paying someone else for.
Exchange is one of those things like Oracle that people install because they think if you're big, you need it, though in fact it's a bit like driving an SUV. Netflix isn't a company that really follows anyone else's lead and it surprises me that they used [edited use -> used] Exchange, but I bet it harkens back to the days when they were just a DVD-by-mail service.
This is probably a sign that Netflix increasingly doesn't want to deal with IT. It's widely known that they don't care about the costs of EC2 because they spend so disproportionately to license video content there's no way to make it an x-factor.
Active Directory Federation Services (ADFS) can be used as a SAML 2.0 Identity Provider (iDP). This goes back to the introduction of ADFS in Windows Server 2003 R2.
In this case, they were probably using AD just because of Exchange, so if you want to ditch Exchange for Gmail, it's an odd choice to use AD as your identity provider, esp if you're a company known for wanting as little on-premise IT as possible.
I would guess that they're using Active Directory because they have Windows PCs to manage. AD, arguably, provides a _lot_ of value if you have any quantity of Windows-based PCs that you want to manage centrally.
I haven't seen any compelling third-party hosted offering to replace the SSO and Group Policy functionality in Windows client OS's that AD enables. Maybe when Samba4 reaches maturity that will change.
I don't think it's just about SSO. Exchange isn't cheap to license or keep operational. If you switch to exchange in cloud it doesn't reduce the costs that much. Hopefully soon Microsoft will realize the value some of their products (SQL Server and Exchange) isn't nearly what it used to be and that they need to adjust prices and licensing requirements.
It's about Netflix's use of OneLogin and SAML to manage single sign-on for their corporate cloud apps. That umbrella includes Google Apps like GMail, but it also includes apps like "Dropbox, Docusign, Workday, Safari Books, SD Elements, ServiceNow."
Single sign-on is a downright essential feature for a lot of B2B cloud apps. Asking corporate users to constantly log in to a loads of different cloud apps is a fast way to make sure that most of those apps don't get used. It's only natural that a service like OneLogin would come around to help companies manage single sign-on.