Extend G Suite Identities [Old Way Vs. New Way]

By Rajat Bhargava Posted October 9, 2016

One of the most common questions that we receive is how to extend G Suite identities.

IT admins have centralized their businesses around G Suite, which was formerly known as Google Apps for Work. With over 2mm businesses on G Suite and with it being utilized by the entire organization, IT admins would like those same credentials to be utilized everywhere.

In effect, IT admins are asking for a True Single Sign-On™ solution.

G Suite is Google Apps for Work

google apps for work is now g suite

G Suite directory is a user management store for G Suite. It stores user access rights and some attributes such as phone number, address, and others. The goal of G Suite directory has largely been as a contact database.

Recently G Suite added the ability to authenticate a few cloud applications via the SAML protocol. OAuth was previously accepted by G Suite for other web sites that wanted to rely on GApps identities.

Limitations of G Suite Identity Management

Devices Graphic

Unfortunately, G Suite directory isn’t a core identity provider. It doesn’t authenticate systems such as Windows, MacOS, and Linux devices. Or, AWS cloud servers for that matter.

On-prem applications are left to their own auth system – most likely an on-prem directory service such as Active Directory or OpenLDAP. If you want to tie your WiFi authentication system to your directory service, it won’t be your G Suite identities.

In short, G Suite is a separate system from your directory service.

The Old Way

ad-and-ldap

Historically, IT admins have leveraged Active Directory or OpenLDAP on-prem and those identities have been federated to G Suite via the G Suite Directory Sync tool or GADS. The challenge for many with this path is that an extra server is required for GADS and the directory service is hosted on-prem.

With IT organizations trying to move more to the cloud, this ends up going against their strategy.

The New Way to Extend G Suite Identities

jumpcloud g suite integration

As a result, the path to extending G Suite identities doesn’t lie with legacy, on-prem solutions, but with a cloud hosted directory service. The concept is to match the G Suite model with a cloud identity management platform that can leverage G Suite identities to virtually all IT resources including systems, applications, and networks.

Directory-as-a-Service® is the platform to extend G Suite identities to a user’s laptop, their cloud servers, WiFi, and applications.

For end users, the benefit is clear. They can have a True Single Sign-On™ platform where their G Suite credentials also grant them access to virtually all of their IT resources. The benefit for IT admins is significant. They have central control over user management and one directory service for their entire enterprise. And, to top it off, the user gets to leverage the core credentials that they know for their email.

jc-learn-more

If you would like to learn more about how to extend G Suite identities to the rest of your IT resources, drop us a note. Or, give Directory-as-a-Service a try for yourself. You’ll be integrated with G Suite in no time and leveraging the power of a cloud identity management platform. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts