By Greg Keller Posted November 14, 2016
Directory services are suddenly hot. After almost two decades of stagnation, there’s been a renaissance in the identity management category. In fact, some might argue that the directory is retaking its rightful spot as the core of identity and access management.
The twist to the IAM market now is that it is moving to the cloud.
The good news is that it isn’t just “cloud washing” an existing solution. New, innovative approaches to the identity provider are emerging especially as cloud directory services. G Suite Directory and AWS Directory Service are two that are oft mentioned cloud identity management solutions.
Standalone Directories? Not Even Close.
Both of G Suite and AWS have broader focuses than just being an identity management provider. In fact, their goals are to use their directory services to support the sale of more G Suite and AWS core services. In both cases, the directory services are meant as internal user management systems. These solutions both struggle as broad identity management systems, and IT admins should look at these that way.
G Suite – It’s All About the Apps
G Suite directory is focused on being a user management system for G Suite and for a few, select web applications. The goal of the G Suite directory is to control access to G Suite applications including their hosted email and productivity applications.
Google has created some basic G Suite single sign-on capabilities with OAuth and SAML. While this is great for the few web applications it works for, it is not meant as a replacement to Identity-as-a-Service providers such as Okta, OneLogin, or Ping Identity.
Further, G Suite doesn’t federate identities to workstations such as Windows, Mac, and Linux. AWS cloud servers are out of scope as is an organization’s on-prem WiFi authentication. In short, G Suite isn’t a cloud directory service.
AWS – Hosted AD for Virtual Machines
AWS Directory Service is closer to being a cloud directory service, but IT organizations should view it more as a hosted instance of Active Directory for AWS machines.
As with any hosted Active Directory instance, there are a number of security and networking challenges. AWS Directory Service suffers from these same issues and more. While there is a move to SaaS-based solutions, IT admins should view this as more like Infrastructure-as-a-Service with all of the maintenance and management required from the IT admin.
AWS Directory Service struggles with connecting to Mac and Linux devices and any on-prem applications, systems, and WiFi networks. Azure and Google Compute Engine control is difficult at best with your directory service hosted at AWS.
Both are Stronger when Paired with DaaS
While Google and AWS get a great deal of attention, leveraging their cloud identity management is a struggle for more organizations. IT admins need solutions that cut across platforms, providers, protocols, and locations. A modern cloud identity platform should be liberating – not constraining – to an organization.
This is why many cloud forward organizations are opting for Directory-as-a-Service®:
As a next generation IDaaS solution, Directory-as-a-Service is integrating and consolidating the role of a virtual identity provider. DaaS tightly integrates with G Suite, AWS, and Office 365. As a cloud hosted directory service, it connects users to their Windows, macOS, and Linux systems. On-prem applications and WiFi are no problem. Directory-as-a-Service is the central, authoritative user management platform that is a True Single Sign-On™ platform.
G Suite or AWS Directory Service?
If you are comparing G Suite directory vs. AWS Directory Service, drop us a note. We can help you compare those along with Directory-as-a-Service. If your goals are to have a central cloud identity management platform, we think that our IDaaS solution could be helpful to you – especially if you have both G Suite and AWS.
Give our cloud directory a try for yourself. Your first 10 users are free forever.