When Google Apps Fails at being a User Directory

Written by Rajat Bhargava on September 24, 2014

Share This Article

The move to Google Apps is happening at an astonishing pace. Google claims over 5 million businesses are now leveraging Google Apps. Many of these companies became Google App users through Google’s enterprise Gmail service as an alternative to Microsoft Exchange/Outlook. As these organizations make that move from Exchange to Google Apps for Work, or as new companies start out on GApps, it raises some interesting questions. Is Google Apps acting as the user store of record for these organizations? Does it become the new Active Directory?

Examining Your User Directory Needs

You must scrutinize your needs before deciding whether Google Apps Directory is your user store of record. Are you looking for a directory store similar to Microsoft Active Directory or OpenLDAP? Do you need a directory service that enables authentication, authorization, and device management? Do you need to enable single sign-on to Web applications? Perhaps you have cloud servers and internal applications, so how do you manage to authorize users for those IT components? Do you want to leverage your GApps credentials for access to WiFi or AWS servers? Taking a close look at your needs for a directory is critical in figuring out whether Google’s directory will suffice.

Contact Store, But Do You Want More?

Google’s directory is effectively a contact store for your employees and potentially their contacts. It controls user access to GApps email and apps. You can create groups within it to enable aliases, share files, and calendar events. Google’s user store can also be leveraged by third-party Web apps through OAuth and a limited number of apps are available via SAML. While the third-party app needs to do the heavy lifting of integrating, Google will validate the user and their password. Google’s directory doesn’t authenticate and authorize via other standard protocols such as LDAP and RADIUS. Therefore, internal servers, applications, or even cloud servers will need to be connected to a different user store. Alternatively, you will need to write a translation layer from LDAP to OAuth to make it work. You are out of luck if you’re interested in authenticating and managing users on their devices such as their PCs, Macs, or Linux desktops. Google doesn’t connect to a user’s laptop or desktop for those functions.

In general, if you’re just looking for email and connecting to third-party apps in the cloud, Google’s directory is probably sufficient for you. If you don’t care about securing and managing your employee’s computers, then you will be fine. From what we have seen empirically, this works for very small businesses. As an organization reaches a size where they do care about security, Google Apps directory no longer works as their primary user store. This usually coincides with the addition of IT infrastructure and different devices to manage.

Alleviate Growing Security Concerns With JumpCloud®

At JumpCloud, these growing organizations are the folks we’re looking to help. Their current options are to attempt to leverage Active Directory or OpenLDAP. These are poor choices given the move to Google Apps. In addition, both solutions require significant expertise to install, configure, and manage. Ultimately, if an organization is embracing the cloud, then their directory should as well. JumpCloud’s Directory-as-a-Service® is doing just that. We work seamlessly with Google (and Microsoft Office 365 as well) so that either user store (JumpCloud’s or Google’s) can be your directory of record. In addition, JumpCloud helps you bridge the gap with authenticating, authorizing, and managing all of the users, devices, and applications that you cannot with Google’s directory.

Directory-as-a-Service Succeeds Where Google Apps Fails At Being A User Directory

With JumpCloud’s solution and Google’s Apps for Work service, you have effectively replaced AD and Exchange. So, you get the benefit of controlling access to cloud servers and managing Mac / Linux devices. That’s not a bad step-up, plus you get all the advantages of SaaS! If you are interested in learning more about whether JumpCloud’s cloud-based directory is right for you, drop us a line – we’d be happy to talk to you. 

Continue Learning with our Newsletter