By Vince Lujan Posted October 12, 2017
AWS and Google don’t always play nice. In fact, they are bitter rivals across a wide range of product lines. So, why would AWS server authentication work with Google Identity-as-a-Service (IDaaS)?
The truth is that while the native integration between Google Cloud Identity and AWS is non-existent, the cloud identity management platform called Directory-as-a-Service® enables IT orgs to leverage their users’ Google identities on AWS cloud servers.
The most common use case desired by IT organizations is to allow your technical personnel to use their G Suite login credentials to access AWS cloud servers. How? Before we answer that question, it is important to understand a couple of key factors.
The True Nature of Google IDaaS
The first factor to understand is that Google’s version of IDaaS is really a user management platform for their own Google Apps, Google Cloud Platform, and for a few, select web applications. Google’s goal with their cloud identity management services isn’t to be the core identity provider for an organization. In other words, enabling organizations to manage AWS, Azure, your on-prem systems, networks, file servers, and other IT resources is not high on Google’s priority list. Rather, their singular goal is to make the experience of accessing and managing Google cloud services completely seamless.
Authentication with AWS
Like Google, AWS is not interested in being the core identity provider. They don’t want to be in charge of authenticating user identities to Google IDaaS, nor your systems, WiFi networks, or other IT resources. Amazon is focused on managing AWS authentication, which requires users leverage their SSH keys.
So given all of this, how do you get a Google Cloud Identity to work on AWS when it is a mismatch of platforms and the type of authentication?
The answer is that you leverage a cloud directory service that seamlessly integrates with both Google’s G Suite Directory platform and with AWS.
The Cloud Directory Solution
JumpCloud’s innovative IAM platform, Directory-as-a-Service® is the leading solution for organizations that want to better integrate their AWS and Google infrastructure. With this cloud-based directory platform, an organization can leveraging existing Google Cloud Identities as the core user identity across all of their critical infrastructure.
The identity hosted in Directory-as-a-Service is identical to the Google identity, except that it can be federated to a wide range of solutions including AWS, Azure, Mac, Linux, Windows, on-prem applications, Samba file servers and NAS devices, WiFi, and much more. This approach also allows for authentication via SSH keys and multi-factor authentication.
AWS Server Authentication Using Google Identities
In a sense, by leveraging a third party cloud identity management platform, IT organizations can integrate and bridge the gap between Google and AWS. One identity across multiple providers and platforms enables technical personnel to seamlessly access the IT resources they need, while IT has full control over identities from one central cloud-based directory service.
We offer a pair of tutorial videos that allow you to see JumpCloud’s interaction with Google and AWS firsthand:
To learn more about AWS Server Authentication with Google Identity-as-a-Service, and how Directory-as-a-Service can help unite the two under one centralized management platform in the cloud, drop us a note. You can also sign up and explore the full functionality of the Directory-as-a-Service platform at no cost. Your first ten users are free forever to help you discover how our platform can be a valuable asset for your organization.