Integrating G Suite with a directory service leverages the G Suite Directory Sync tool which is also known as the Google Apps Directory Sync (GADS).
The G Suite directory sync tool is meant to integrate a directory service with G Suite directory such that the core, authoritative directory can provision, de-provision, and modify user access within G Suite. Most organizations have their own directory service and want that to be their central user management platform. As a result, G Suite would be a “consumer” directory, dependent on the central identity provider.
Origins of G Suite Directory Sync
The GADS tool was created early on in the Google Apps cycle. While much of an organization’s infrastructure was being moved to the cloud with Google Apps, one key area that remained behind was the directory service. Historically, this was Microsoft Active Directory and OpenLDAP.
IT organizations shifting over to Google Apps at the time didn’t want to re-create their user directory and database within GApps as well. They wanted GApps to import in their users and manage those users in only one place – their core directory service.
This approach to identity management with G Suite and an on-prem directory service has continued through today. The change now is that as more organizations move to the cloud, they no longer want an on-prem directory service such as Active Directory or OpenLDAP. With their email server being hosted in the cloud and their productivity apps also being cloud based, it makes little sense to the IT admin to have their directory service on-prem.
As a result, a cloud identity management platform is critical.
Full Cloud Identity Management with G Suite
The good news about a virtual identity provider is that it matches the G Suite model of being cloud-based, scalable, and cost-effective. With tight integration with G Suite, a user can be centrally managed in the cloud directory service. This means that a user provisioned, deprovisioned, or modified in Directory-as-a-Service® is appropriately handled in G Suite.
The other piece of important data is that G Suite directory sync service and server are no longer necessary. Directory-as-a-Service integrates with G Suite via direct APIs. This creates a more stable, and resilient model of integration instead of leveraging GADS and Active Directory.
The benefits of an Identity-as-a-Service platform integrated with G Suite are significant. G Suite identities can be leveraged throughout the organization. For example, a user’s login to their laptop can be their G Suite identity. The same is true for WiFi authentication and cloud server access. With the Directory-as-a-Service SSO capabilities, access to cloud and on-prem apps is also driven from a user’s Google Apps credentials. IT admins can create a True Single Sign-On™ approach with G Suite and Directory-as-a-Service.