By Vince Lujan Posted October 9, 2019
Amazon® and Google® are at it again. This time, the two tech titans square off in the identity management arena.
In one corner, you have AWS SSO, a newcomer on the block when it comes to single sign-on (SSO), although it does weigh in with an incredible base of technical users through AWS cloud infrastructure. In the other, you have Google Cloud Identity, who has been a heavyweight in the cloud identity game for a while now, with its freshly rebranded G Suite™ Directory.
The stakes are high as both Amazon and Google are throwing everything they can into the ring to try and win the heart of the cloud: the user identity. In this bout, it is AWS SSO vs Google Cloud Identity.
Overview of AWS SSO
AWS SSO is an Identity-as-a-Service (IDaaS) solution that enables AWS users to gain access to a wider range of IT resources than previously available. These IT resources include various AWS services and third-party web applications.
Like many IDaaS solutions, AWS SSO federates identities to remote resources using the Security Assertion Markup Language (SAML 2.0) protocol. AWS SSO also leverages a core identity provider (IdP) such as AWS Directory Service, a.k.a. AWS Managed Microsoft AD, or another IdP as it’s identity base.
With that in mind, let’s talk about Google Cloud Identity.
Overview of Google Cloud Identity
Google Cloud Identity began as G Suite Directory, the core identity management solution for Google Apps and its users. Initially, G Suite user identities were somewhat nebulous in that they were created by the apps they regularly used, rather than building upon a core user object.
Recently, Google changed its approach by effectively detaching the core user identity from G Suite Directory. This core user object is what Google is calling the Cloud Identity, to which they added SAML support to provide access to a select group of web applications and Google services.
Google Cloud Identity then becomes the core IdP for Google Cloud Platform (GCP) users. It can also integrate with an existing implementation of Microsoft AD via the Google Cloud Directory Sync (GCDS), or alternatively, a cloud directory service.
It’s a use case that has some overlap to AWS SSO, but is primarily focused on Google as the foundation instead.
Caught in the Crossfire
AWS SSO and Google Cloud Identity are great for their respective ecosystems, but the tug of war between the two heavyweights is difficult for DevOps engineers and IT admins to manage. While the two solutions seem quite similar on paper, AWS SSO and Google Cloud Identity are ultimately designed for different use cases.
Essentially, AWS SSO is the IDaaS solution that you will use to connect AWS users to web applications and cloud resources, whereas Google Cloud Identity is for connecting GCP users to third-party apps and Google services. The two don’t cross pollinate very well, and it often doesn’t make sense to have identities tied to one particular platform because you are then locked-in to using that provider’s services.
Many IT organizations leverage resources hosted at both AWS and GCP in tandem (or G Suite for that matter), so finding a core identity solution that works across both platforms is often more practical than choosing between the two. Although both solutions can integrate with Active Directory on-prem, IT admins would like to shift their on-prem identity management infrastructure to the cloud.
So, the challenge becomes finding a cloud IdP that can integrate and manage AWS and Google identities and provide web application single sign-on capabilities.
One Identity for AWS and Google
Fortunately, the JumpCloud® Directory-as-a-Service® platform bridges the gap between these and other providers creating a neutral cloud directory for users to connect with AWS, GCP, G Suite / O365, web applications, and more. As a result, IT admins can provide SSO capabilities for all of their users from one centralized location in the cloud and without having to choose between AWS or Google Cloud.
Contact JumpCloud to learn how to leverage a single identity provider to connect users to AWS and Google Cloud Identity. Sign up for a free account and see for yourself. Your first ten users are free forever.