Microsoft and Google have been locked in a battle for the heart of the IT community for years now. This technological arms race has brought about a number of cloud innovations, including in identity and access management (IAM). Microsoft is building software monoculture around Azure by controlling identities. Google’s approach emphasizes optionality and customer choice.
In one corner, we have Microsoft Entra ID (formerly Azure Active Directory, or AAD), a cloud-based IAM solution for hybrid or cloud deployments. It’s a gateway to other cloud services and extends MIcrosoft’s foothold within enterprise IT infrastructures. In the other corner, we have Google Cloud Identity, a cloud-based solution for managing user identities and access to IT resources with the option to select an identity provider (IdP) that’s the best fit for you.
This article compares Google Cloud Identity and Entra ID, before explaining why JumpCloud, which Google recommends as the best fits for small to medium-size enterprises (SMEs), may be the optimal IAM solution. JumpCloud integrates identity and device management from a unified platform.
What Is Google Cloud Identity?
If you have ever used Google Workspace, you’re already familiar with Google Cloud Identity. The service enables users to connect to Google’s catalog of SaaS services and single sign-on (SSO) applications. It has free and premium editions with the latter including app management, device management, user provisioning, and several more advanced features.
Many organizations would benefit from using Google Cloud Identity, but Google has made the determination that use cases are not all identical and that its customers should be able to choose which IdP is best for them. For example, Google recommends JumpCloud for SMEs that are extending or migrating off of Active Directory (AD) and has other partners for the enterprise. The combination of Cloud Identity and partners supports most business use cases.
Next, we’ll examine the capabilities of Microsoft’s Entra ID and the role that it plays within Microsoft’s ecosystem. This section is more extensive due to Microsoft’s platform approach.
What Is Microsoft Entra ID?
Microsoft Entra ID is a cloud directory service that is the default IdP for Microsoft’s cloud and productivity services. Its free edition provides single sign-on (SSO) access to a variety of SaaS applications including Office 365 and third-party apps via web authentication protocols. Premium tiers, Premium 1 (P1) and Premium 2 (P2) extend what’s possible with Entra ID. Undoubtedly, the Entra platform can accomplish a lot, but consider that many of its features were created to fulfill enterprise requirements. Enterprises have significant IT resources; whereas SMEs don’t.
Here’s a brief list of Entra’s Premium features:
- Creates hybrid syncs with on-premises AD (P1, P2)
- Group management for users (P1, P2)
- Privileged Identity Management (PIM) (P2)
- Multi-factor authentication (MFA) for on-premises apps (P1, P2)
- Governance and access reviews (P1, P2)
- Advanced security and usage reports (P1, P2)
- Identity protection (P2)
- Conditional access policies (P1)
- Risk-based conditional access (P2)
- B2B entitlement management and access packages for guest users (P2)
- B2C collaboration (billed by monthly active users with similar licensing requirements)
Notably, IAM capabilities such as group-based user management are also gated off into P1+. That’s a “feature, not a bug.” Microsoft’s licensing can make it necessary to subscribe to more than you want to buy.
Add-Ons May Be Necessary
Entra ID has extensive capabilities as a whole, but its features vary among subscription levels and core IAM capabilities still require separate licenses. For example, Intune unified endpoint management (UEM) isn’t available unless it’s included in a Microsoft 365 bundle (or purchased a la carte). Intune manages endpoints, app deployments, and patching, but doesn’t include everything. Its licensing mirrors Entra ID and Intune has subscription tiers and add-ons within its product portfolio. For example, it costs extra to have remote assistance to support your users.
Considerations for SMEs
Entra and Intune sound complex, because they are. Entra may be a good fit for some SMEs with special use cases, but there are several considerations to take into account when evaluating it:
- Entra can’t leverage common network protocols such as RADIUS and LDAP for true SSO. An on-premises server running the NPS server role or a subscription to Azure AD Domain Services (AAD DS) is required to support apps and devices that use those.
- The cost and complexity of implementing Entra ID and its associated services can be high, even if the sticker price isn’t. Microsoft works with partners to assist with implementations. It’s not uncommon for implementations to be expensive.
- Some features will require multiple admins/roles by design.
- It’s a big commitment and training and certification in Entra ID may be necessary for your team. A junior-level admin can unknowingly do a lot of “harm”.
- Device management that exists separately from identity management creates more management overhead and that can make implementations more challenging.
- Federation (to switch to a different IdP) isn’t trivial; it more readily consumes identities.
JumpCloud’s open directory platform offers many of Entra’s best features, but makes it possible for a small team (or even a single admin) to implement them. Let’s learn more about it.
JumpCloud’s Open Directory Platform
JumpCloud unifies cross-domain identity and device management, reduces costs, improves operational efficiencies, strengthens cybersecurity, and reduces pressure on your IT admins. It integrates with other directories, including AD, Entra ID, Google, Okta, and HR systems. It’s designed with SMEs in mind and includes UEM without introducing a separate product. Network protocols are included to ensure that every resource has a “best way” to connect to it.
- JumpCloud leverages web protocols including SAML, OIDC, and SCIM provisioning for SSO. SSO and environment-wide MFA extend to network devices through common networking protocols including LDAP, SSH, and RADIUS via the cloud.
- MFA includes TOTP, push notification, and biometrics. We’re actively improving the platform experience with phishing-resistant modern authentication and introducing more passwordless workflows to increase security and usability.
- Mobile device management (MDM) and agents ensure that Android, Apple, Linux, and Windows devices are managed and telemetry is available for asset management and security. MDM ensures tamper-proof device management for compliance and security.
- Zero touch enrollment can be utilized for Apple products.
- Command templates and device groups make policies easy to deploy.
- Pre-built reports and Directory Insights make IT management easier.
- Unlimited remote assist is included, along with commands for remediations and streamlined endpoint management using PowerShell/Bash.
- Optional conditional access rules strengthen access control for privileged users.
- IT management options include cross-OS patch management and a password manager that blends a secure, decentralized architecture with security controls and auditability.
JumpCloud and Google are complementary. Each platform uses dynamic groups that use attributes to automate entitlements. This approach provides stronger lifecycle management throughout the platform (without charging SMEs extra for a premium SKU to access it).
Put simply, JumpCloud and Google are even better together.
Ready to learn more about why JumpCloud is the best choice for SMEs to manage identities and devices? Drop us a note for a live demo, or reach out to [email protected] for assistance determining which Professional Service option might be right for you.