By Rajat Bhargava Posted April 4, 2017
The traditional definition of the G Suite Identity Provider (IdP) role is one meant for SAML integrations. With Google Identity Management Services a focus, they have started to integrate with a number of web applications via the SAML protocol. In the traditional identity management space, that would classify Google’s G Suite as an identity provider. The few applications that they integrate with would be considered service providers.
This is a narrow view of what an identity provider is. The term has been defined in the context of web application single sign-on. But we believe there is a much broader definition of the identity provider within an organization. Before there was a focus on web app SSO, the identity provider generally meant Microsoft Active Directory® – the core, authoritative user store for an organization.
Around the World of Cloud Identity Management
In today’s cloud identity management world, the virtual identity provider concept goes beyond just SAML-based applications. The modern identity provider is a central, cloud directory service that connects users to the IT resources they need regardless of provider, protocol, platform, or location. This includes central user management for systems (Mac, Windows, Linux), applications (cloud and on-prem), and network infrastructure (e.g. WiFi).
Let’s Circle Back to the G Suite Identity Provider
Now you see why G Suite’s directory is just a user management system for their Google Apps and a select few web applications via SAML:
Unfortunately, G Suite’s identity provider approach does not integrate with your on-prem Mac, Windows, and Linux systems. It also falls short with LDAP-based applications, WiFi via RADIUS, and much more. In fact, it doesn’t even support you with your AWS cloud servers:
All of that is OK, because Google Identity Management Services weren’t meant to be a replacement for Active Directory. Google IDaaS was meant to be for Google Apps.
Complete the Loop: G Suite Paired + Cloud Directory
Some IT admins like the concept of using G Suite’s identities as the core credentials throughout an organization’s IT infrastructure. If you’re one of them, there is an approach that can work: JumpCloud® Directory-as-a-Service. Via JumpCloud’s integration, the user’s G Suite credentials can be used for their on-prem laptop/desktop, AWS cloud server, on-prem applications, web applications, WiFi network access, and more. In fact, JumpCloud’s IDaaS platform can also execute policies across your Mac, Linux, and Windows platform – much like the concept of cross-platform GPOs.
Drop us a note to learn more about how your G Suite identity provider can be JumpCloud’s cloud identity management solution. The two solutions are tightly integrated and you’ll be able to replace Active Directory on-prem. Also, sign up for a free account to test it out yourself with your existing G Suite account. Your first 10 users are free forever.