By Vince Lujan Posted August 6, 2017
The two tech titans are at it again. In one corner we have Microsoft Azure Active Directory a cloud based identity and access management (IAM) solution for hybrid or cloud-only implementations (1). In the other corner we have Google Identity Management, a cloud management solution for managing user identities and access to Google resources (2). Both organizations seek to control your identities. However, there can only be One Directory to Rule Them All®.
Microsoft and Google have been locked in a battle for the heart of IT for years now. This has led to a technological arms race that has brought about a number of new innovations in cloud infrastructure over the years. Currently, they have set their sights on user identity management. Both contenders understand that by controlling user identities, they can lock you into their respective ecosystems and sell you additional services. The interesting problem is that if you are looking to replace your on-prem Active Directory instance or leverage directory services, then neither of these options can provide a solution.
Summary of Azure AD
To begin, it is important to understand that Azure AD is NOT the cloud replacement for Active Directory. Rather, Azure AD works on top of Active Directory implementations primarily to provide single sign-on (SSO) access to a variety of SaaS applications like Office 365, Salesforce, DropBox, and many others as well as being the user management system for Azure. In essence, it is designed as a bridge between your existing legacy Active Directory instance and Microsoft’s catalogue of compatible cloud delivered services (1). While it is possible to sync your Active Directory instance with Azure AD, in of itself Azure AD is not a complete cloud based directory service.
This is because Azure AD does not act as the authoritative source of truth of user identities (unless you are just using Office 365 or Azure resources). This role is still within the domain of Active Directory for many organizations, thus requiring traditional on-prem devices and dedicated IT staff to create and maintain. While Azure AD is meant to be a cloud identity platform, unfortunately, the true source of identity management is still firmly grounded with the legacy directory service, Active Directory.
Summary of Google Identity Management
If you have ever used Google Apps or G Suite, then you are already familiar with Google cloud identities. Google identity management services enable users to connect to various services primarily delivered through Google Apps or G Suite in connection with the user’s unique Google Apps address. Like Azure AD, Google identity management allows for easy integrations to Google’s catalogue of SaaS services and SSO applications (2). However, Google’s identity management approach does not offer support for legacy applications or on-prem resources. Their cloud identity management solution also does not act as the authoritative source of a user identity. Unfortunately, this means that a lot of users will remain locked into their on-prem identity provider instance, namely Active Directory. While Google IDaaS is an excellent cloud user management system for G Suite, like Azure AD, it is not a stand alone cloud delivered directory service.
Is Azure AD or Google Identity Management right for you?
Azure AD and Google Identity-as-a-Service are certainly excellent user management systems for their respective cloud services such as Office 365, Azure, G Suite, and Google Cloud Platform. They are also a web application SSO platform to varying degrees. Yet, both of these solutions are an adjunct to your core directory service and neither serve as your core, authoritative virtual identity provider. To add fuel to the fire, neither solution will let you fully manage users and devices on Windows, Mac, and Linux systems on-prem as well as authenticate other applications, cloud servers, storage systems, and WiFi networks. Which then puts forth the question; which cloud identity management platform should you use?
Gamechanger: JumpCloud Directory-as-a-Service®
If your organization is interested in a complete cloud based infrastructure, then Azure AD and Google identity management aren’t really an option. Fortunately, a new champion has entered the arena. Directory-as-a-Service can provide complete control over users identities and IT resources from the world’s first cloud delivered directory service. Directory-as-a-Service is a comprehensive cloud replacement for your on-prem directory service instance. No more expensive AD implementations or tedious OpenLDAP configurations. Our cloud directory service goes even further to tightly integrate with cloud services from Microsoft, Google, Amazon, and thousands of others regardless of the platform. JumpCloud empowers you to choose which services are right for your organization. Administrators retain all of the advantages of Azure AD and Google identity management without being locked into their respective ecosystems. JumpCloud Directory-as-a-Service is truly One Directory to Rule Them All.
If you would like to learn more about the battle between Azure AD and Google Cloud Identity Management and why Directory-as-a-Service may be the better option for your organization, drop us a note. Alternatively, sign-up for a free IDaaS account and see what a true cloud directory could be for you. Your first 10 users are free forever.
- Curtand. “What Is Azure Active Directory?” Microsoft Docs. Microsoft, 8 May 2017. Web. 14 July 2017.<https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis>
- Google, Docs. “Overview | Cloud Identity and Access Management Documentation | Google Cloud Platform.” Google. Google, 7 July 2017. Web. 14 July 2017. <https://cloud.google.com/iam/docs/overview>
- Hall, Gregory. “Re: Migrate to Azure Active Directory from On Premise AD????” Blog comment. Spiceworks. Microsoft, 23 Oct. 2015. Web. 14 July 2017. <https://community.spiceworks.com/topic/1251024-migrate-to-azure-active-directory-from-on-premise-ad>.