By Jon Griffin Posted August 21, 2019
IT admins that are leveraging G Suite often ask a simple question: “Can Google Cloud Identity replace Microsoft Active Directory®?” As more IT organizations move to the cloud, the question around the shift from on-prem identity management to cloud IAM (identity and access management) has been coming up more and more frequently. Unfortunately, the Google Cloud Identity vs Active Directory question is not a simple one.
Google Cloud Identity
The question actually extends into “What does an organization need?” Google Cloud Identity isn’t really a product, it’s more of a concept on how Google views cloud identity management. Additionally, even this concept is limited to just Google services such as G Suite and Google Cloud. One feature Google Identity Services does have is the authentication of users to a few, select web applications via Google identities and the authentication protocols OAuth and SAML. That can work for your organization if you aren’t worried about controlling user access to your systems (Windows®, Mac®, Linux®), on-prem or cloud servers (e.g. AWS®, Azure®, your own data center), on-prem applications or those web applications not covered by Google authenticator, and your WiFi or wired networks.
Essentially, if you are just interested in user management for Google Apps and Cloud, then their concept of Google Identity Management could work well for you. If you are interested in using Google Identity Management as a cloud directory service, then that’s really outside of the scope of their cloud IAM solution.
The directory services area is where Active Directory has typically come in. Most organizations are looking for a central user management platform such as a directory service, and Active Directory has been playing that role for on-prem IT networks for almost two decades now. For Windows-based systems and applications, Active Directory can easily serve as the core directory.
The catch with AD is that as soon as you add the cloud and non-Windows platforms or applications, it becomes more of a struggle to integrate everything together. Now, organizations that made the shift to Google’s G Suite or Cloud have started to find themselves asking the question “Why can’t we just eliminate Active Directory and go with Google Cloud Identity?” Unfortunately, it’s not a one-to-one mapping.
Solving the Issues of Both AD and Google Cloud Identity
The real solution for these organizations that are moving to the cloud is a cloud identity management platform called Directory-as-a-Service®. As a neutral cloud IAM solution, Directory-as-a-Service connects users with the IT resources they need regardless of platform, provider, protocol, or location. This means that DaaS is a replacement for Active Directory in the cloud. Plus, a G Suite identity can now be leveraged on AWS, Azure, systems (Windows, Mac, Linux), servers regardless of whether they are in the cloud or on-prem, wired and WiFi networks and much more. The cloud directory service is really the glue that binds on-prem and cloud systems together with a common user identity across all of the IT resources.
So, don’t worry about Google Cloud Identity vs Active Directory, but rather dig into what your needs are. If you are looking for a central user management platform across your entire IT infrastructure, check out our IDaaS platform.
We’d be happy to discuss the current state of the cloud identity management space, but you should also feel free to sign-up for a JumpCloud cloud directory account. Your first 10 users are free forever, so let us know what you think.