By Rajat Bhargava Posted November 4, 2016
Many IT admins ask us about G Suite Directory (formerly known as Google Apps Directory) and whether it can act as an organization’s central identity provider.
The short answer is no, it can’t.
But the longer answer is below. It’s a common enough question that we wanted to address it. We want G Suite users to have a sense for what they are getting for user management directory services with that platform. There’s also is a comparison point in this conversation between G Suite vs Office 365 and the inclusion of Active Directory® or Azure Active Directory®.
In addition to taking a look at G Suite directory, we’ll share an alternative cloud directory approach that may be better suited for G Suite customers.
G Suite as a Standalone Directory
When IT admins moved to G Suite, they effectively replaced key components of their IT infrastructure that historically were Microsoft-based. And, if they haven’t replaced those components, they have often avoided purchasing new Microsoft solutions.
For many IT organizations this is a huge benefit and one that they value. With G Suite, IT organizations don’t need to purchase and deploy Microsoft solutions such as Exchange®, Windows Server®, and Office®. In addition to being a substantial cost savings, it changes their infrastructure.
Can G Suite Replace Active Directory?
Almost by extension (and maybe by hope), IT admins think that G Suite directory may be their answer to replacing Active Directory®. They figure that if G Suite is replacing Exchange, it should replace the other half of the duo, Active Directory.
Unfortunately, Active Directory is far more than a simple user management system, it is the leading on-prem directory services. It functions as not only a user management system, but a system management platform as well. G Suite’s directory falls short when it comes to management of systems, networks, and apps.
Reasons Behind G Suite Limitations
Google built G Suite’s directory services capability very differently compared to how Microsoft builtAD.
Google Apps was introduced during a time when Microsoft Windows and related solutions such as Exchange and Active Directory were monopolies in the market. As a result, the G Suite directory capability was largely focused on managing users on their platform. The thought process was that most of the G Suite customers would have Active Directory on-prem and would federate those identities into the G Suite platform. This made a lot of sense at the time since there was virtually 100% deployment of Active Directory.
The challenge is that today, IT organizations are shifting away from AD and looking for alternatives to Active Directory. With their move to the cloud, use of mixed platforms, and workers all across the world, there is little reason to stay with Active Directory. This is the genesis of the question about G Suite directory as an Active Directory migration path.
As IT admins quickly realize, G Suite’s directory services capabilities are not really aimed at being the central identity provider for an organization.
How to Make G Suite Your Central Identity Provider
This is where Directory-as-a-Service comes in. Built to be a complement to G Suite and tightly integrated leveraging APIs, Directory-as-a-Service replaces Active Directory in the above scenario. G Suite covers Exchange, and the cloud directory is the AD alternative. It’s a symbiotic relationship and enables IT organizations to be all cloud.
If you would like to learn more about G Suite Directory and whether it can be your central directory service, drop us a note. We’d be happy to walk you through how to think about G Suite, Active Directory, and our IDaaS platform. Or, sign-up for a free account and give it a try for yourself. Your first 10 users are free forever.