By Rajat Bhargava Posted October 7, 2016
Many IT admins are asking about G Suite True Single Sign-On. Over the last few months, Google has made some significant changes in their views around SSO and impacting major SSO players such as Okta, Ping Identity, OneLogin, and more.
In fact, we’d argue that Google wants their G Suite Single Sign-On to be a core part of the reason that you leverage their G Suite productivity platform.
This also ties in to Google’s ambition to be the “universal cloud identity.”
IT admins need to examine exactly what G Suite SSO delivers and what it doesn’t. In fact, a question that IT admins should be asking is, “Does G Suite work as a True Single Sign-On™ solution?”
Google’s Approach to SSO
When Google Apps first emerged the IT landscape was very different than it is today. Google’s goal with GApps was not to be the central identity provider for an organization, but rather to replace Microsoft solutions such as Exchange, file server, and Office.
Google knew that most devices at that time were Windows-based and to ask IT organizations to throw out the solution that tied all of those devices and applications together, Microsoft Active Directory, didn’t make any sense.
So, GApps was built on top of directory services such as AD and OpenLDAP.
IT admins would configure a solution called Google Apps Directory Sync and their on-prem directory service would be federated to the Google Apps directory. Changes made in Active Directory would be reflected in GApps directory.
This all made sense when the world was Microsoft and on-prem.
The Shift in Single Sign-On
As IT has moved to the cloud, IT admins are looking for different solutions to solve their identity management needs. As a result, Google spent time on expanding their view of G Suite directory. They enabled web applications that leveraged OAuth to authenticate with G Suite.
And more recently, they rolled out support for a handful of applications that leveraged SAML.
These select integrations with a few web sites and applications gave G Suite Single Sign-On capabilities. There is little doubt that the implementation is lightweight and isn’t a credible alternative to Okta, Ping Identity, or OneLogin, but for organizations that are leveraging a few common, well known applications it could suffice.
The challenge, though, isn’t about web application single sign-on for IT organizations. The problem is how to leverage G Suite identities more broadly.
G Suite True Single Sign-On
A few, popular web applications can be easily solved by Google’s G Suite. A unified cloud directory is another matter altogether.
G Suite directory isn’t a central identity provider. It doesn’t authenticate Windows, MacOS, and Linux machines. It doesn’t authenticate cloud servers at AWS or Azure. It also isn’t a source of truth for on-prem, LDAP-based applications or for their WiFi authentication either. It’s really a user management system for G Suite and a few web applications.
The good news, though, is that there is a way to make G Suite identities the True Single Sign-On™ solution for your enterprise.
Leveraging Directory-as-a-Service®, G Suite identities can be the core credentials for access into your laptop, desktop, cloud servers, on-prem applications, WiFi, and more. It is really what IT admins want with G Suite SSO. Directory-as-a-Service tightly integrates with G Suite and matches its SaaS-based delivery model.
If you would like to learn more about how thousands of organizations are leveraging a G Suite true Single Sign-On approach, drop us a note.
Or, feel free to give our cloud hosted directory service a try. It is easy to integrate with G Suite and be your replacement to an on-prem Active Directory or LDAP server.