Introducing Support for On-Premises Directories & Custom IAM

Enterprise Identity & Access Management (IAM) comes in many forms, from cloud Okta deployments to on-premises Microsoft Active Directory tenants to homegrown systems built to unique operational specifications. Our mission at Nametag is to protect all identities against impersonation and account takeover threats. That’s why today we’re announcing support for on-premises and custom identity directories. We’ve made workforce-grade identity verification available wherever enterprise identities live. ‍

Check out the press release or read this blog to learn more. Then consult our dev docs or contact us to start protecting your on-prem or custom directories!

Why do on-premises and custom directories and IAM setups matter in identity verification?

IT and security teams are increasingly embedding identity verification (IDV) like Nametag’s Deepfake Defense™ engine into the workforce identity lifecycle. Workforce identity verification solutions protect and streamline key moments like employee onboarding, account recovery, and helpdesk tickets.

To support these and other workforce IDV use cases, IDV providers integrate with cloud-based IAM providers such as Microsoft Entra, Okta, Cisco Duo, and Beyond Identity.  But some enterprises have good reasons to favor on-premises identity directories like Microsoft Active Directory (AD). Other IAM teams have built custom directory systems in order to meet their organization’s unique requirements. And still other companies use a combination of cloud IAM on top of on-premises or custom directories. 

Now we’ve built a solution that brings Nametag’s Deepfake Defense™ engine and ready-to-use account protection solutions to every directory.

How do I integrate Nametag with my on-premises or custom directory?

Nametag’s on-premises and custom directory support is enabled through our new Directory Agent. The agent connects your directories to Nametag and responds directly to directory-related requests such as listing users, retrieving group memberships, and initiating account recovery actions.

Importantly, Nametag’s Directory Agent runs within your infrastructure and performs all directory operations locally. For example, if you have a Microsoft Active Directory setup that you would like to integrate with Nametag, you can use the Nametag CLI to run the agent which can then be used to perform operations on your directory on behalf of Nametag.

Why did we take this approach? Versatility. In some organizations, individual users can have multiple accounts in different directories; other organizations have users with one account in an on-premises directory and another account in a cloud directory. Nametag supports all of these scenarios and more.

Why should I integrate Nametag with my custom or on-premises directories like Microsoft Active Directory (AD)?

• Protect critical workforce identity lifecycle operations like password delivery and account recovery with Deepfake Defense™ identity assurance.
• Safely enable self-service password and MFA resets, reducing helpdesk tickets by up to 50% by sending them to self-service.
• Cover critical security gaps in traditional workforce IAM to prevent account takeovers that lead to data breaches and ransomware events.
• Reduce IT support costs, streamline operations, and improve user experiences, without re-architecting IAM implementations.
• Support complex IAM scenarios, such as users with multiple accounts in different directories or in both on-prem and cloud directories.

Get started connecting on-premises and custom directories to Nametag to enable account protection and automation.

On-premises and custom directory support is available today for all Nametag customers. To get started, consult our dev docs. Not yet a Nametag customer? Explore our workforce account protection solutions and then contact us.

On-premises and custom directory support is just one use case enabled by Nametag’s Directory Agent. Stay tuned for more announcements coming soon!