By Jon Griffin Posted December 10, 2017
As more and more organizations leverage Google services like G Suite and Google Cloud Platform, a common question that arises is whether or not G Suite Directory is an identity and access management platform (IAM). This question is important to understand the answer to, because it defines what the true capabilities of the directory are.
Google and the Move Into the Enterprise
Google made their first move into the enterprise through the productivity suite named G Suite (formerly known as Google Apps). They leveraged hosted email as the wedge to get into organizations, and then provided a competing solution to Microsoft Office. By offering all of these services in the cloud, they were able to steal a huge percentage of the market share in this space, and have become one of the dominant platforms in the industry. Microsoft felt the pressure and responded with Azure® and Office 365®, but at that point G Suite was already established in the workplace. With over 5mm G Suite business customers, the solution is one of the biggest players in enterprise productivity platforms.
Through Google’s tool, IT admins were able to replace their on-prem Microsoft Exchange server. This was great, but many also wondered if they could also replace their Active Directory® instance with what Google was calling G Suite Directory. The idea of shifting the identity provider to the cloud is enticing for IT admins, and having it all be in one platform from Google would be convenient.
G Suite Directory Capabilities
Alas, G Suite directory can not function as a complete identity and access management platform. IT admins should think of Google’s identity management approach as a user management system for Google Apps and a few, select web applications – not a complete Active Directory replacement.
Google’s IDaaS aspirations really focus on being able to manage web and cloud solutions rather than being the complete identity provider for an organization. Their goal hasn’t been to replace Active Directory, but rather to be a complement to it. Essentially, Google’s approach is more of a variant of a cloud identity bridge – a bridge from on-prem IAM solutions to their G Suite directory.
The challenge for IT admins is that even though G Suite Directory can’t replace AD, they are still looking to shift their IT management infrastructure to the cloud. Many current environments have one foot on-prem and one in the cloud, and this makes it difficult to connect the two. While G Suite Directory is an incredibly useful tool, it just won’t solve this challenge. That doesn’t mean it isn’t possible though. One solution to this issue is to integrate G Suite with a cloud identity management platform such as Directory-as-a-Service® (DaaS).
Cloud Identity and Access Management Through DaaS
Directory-as-a-Service is the cloud replacement for Active Directory that admins have been searching for, and it seamlessly integrates with G Suite and Google Cloud Platform. Through API level integration, a user’s Google Cloud Identity credentials can be the same ones used for systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, Azure), web and on-prem applications (via LDAP and SAML), cloud and on-prem storage systems (e.g., Samba file servers, NAS appliances, and cloud solutions such as Box), and wired and WiFi networks through RADIUS. By integrating G Suite directory with a cloud IAM solution such as Directory-as-a-Service, IT admins can securely manage and connect their user identities with the IT resources users need, regardless of platform, protocol, provider, or location.
If you would like to learn more about the cloud IAM solution Directory-as-a-Service, feel free to reach out to us and ask. We would be happy to answer any questions about how the platform compares to a G Suite Directory, and the capabilities of a true cloud directory. Alternatively, you can also sign up for a free account of the platform and see how it works for yourself. We offer your first 10 users free forever, with no credit card required, so there’s no reason not to test it out.