Google Cloud IAM

Written by Rajat Bhargava on March 4, 2017

Share This Article

Google recently announced Google Cloud IAM (Identity and Access Management). It is a free tool that sits on top of Google Cloud that helps organizations to control their cloud infrastructure at Google Cloud. At a high level, you can think of Google Cloud IAM as analogous to AWS IAM. Yet it is very different from cloud directory services, such as our Directory-as-a-Service® platform and also what Google is thinking about with respect to Identity Management Services.

What Google Cloud IAM Does

Google Cloud IAM is a management tool for Google Cloud that focuses on how to manage access to Google Cloud projects. The idea behind their identity service solution is to provide a mechanism to control who has access to projects, who can create projects, and what actions individuals can take on projects. Cloud IAM can go deeper, giving IT organizations more granular control over specific resources as well.

Google Cloud IAM leverages the concept of groups as well as users’ existing Google identities. Policies can be created based on roles or functions within an organization to provide easy access control. All changes and updates to the Cloud IAM platform are logged for auditing purposes. You can also manage Cloud IAM via the web console or through APIs, thereby giving you the opportunity to tightly integrate it with your applications and configuration management infrastructure.

What Google Cloud IAM Doesn’t Do

Like AWS IAM and Azure Active Directory, Google’s Cloud IAM platform is focused only on their own infrastructure unlike a cloud identity management platform. Think of Cloud IAM as your access control system for the Google Cloud management console. Cloud IAM does not function like a central directory service similar to Active Directory, OpenLDAP, or Directory-as-a-Service. Access to the Google Cloud servers at the server level is handled by a separate system. One such cross-platform IDaaS solution is Directory-as-a-Service.

How to Extend Google Identities to Systems & Networks

Organizations that are leveraging Google Cloud should absolutely utilize Cloud IAM. It will help them lock down access to the right individuals for creation and management of Google Cloud projects. For individual cloud server access management, we’d also suggest that IT organizations look to complement Cloud IAM with Directory-as-a-Service. The cloud-hosted directory service can tightly manage the access to Windows and Linux cloud servers, whether they are hosted at Google Cloud, AWS, Azure, IBM Softlayer, Digital Ocean, or others.

JumpCloud®: The Clear Solution For Cloud Server Access

The concept of controlling access needs to occur at the lowest levels – server and file / application resource level. And it must continue through the highest abstraction layers, for instance, who can control projects at Google Cloud. Directory-as-a-Service can step up to the task of being a central directory service for cloud servers.

If you would like to learn more about Google Cloud IAM and how it can help you as well as how it can complement your cloud directory service plans, drop us a note. Also, please sign up for a free account and give it a try for yourself. Your first 10 users are a free forever.

Continue Learning with our Newsletter