Google Identity and Access Management – Beyond the Basics

Written by Greg Keller on September 14, 2015

Share This Article

Identity management is a core task for IT administrators, especially at larger organizations where keeping track of which employees have access to what becomes increasingly difficult. Today, with over 5 million organizations using Google Apps for Work, the Google Apps directory is becoming a larger and larger component of identity and access management (IAM) for admins. The challenge many admins are facing, however, is how to employ best practices to get the most out of Google Apps user management and how to seamlessly and efficiently incorporate it into a more comprehensive IAM system.

For most organizations, the Google Apps Admin console serves as the main portal for Google identity and access management. An organization’s domain comprises individual users, each with their own profiles and set of attributes. Maintaining complete and accurate profiles is the first step to ensuring proper identity management, but Google has made some rudimentary tools available to administrators when it comes to organizing and maintaining the directory.

Directory Management Tools within Google Apps


Organizational Units (OUs) are the key building blocks for your Google Apps organizational structure. Initially, all users in your company’s Google domain are created within a single OU that sits at the top of this (initially flat) structure. From here, additional sub-organizational units can be created, either at the same level or in hierarchies, allowing you to create further and further detailed access and permission levels for different groups of employees, turning on and off specific services as required (e.g., access to Google Hangouts, public sharing of calendars, enabling ‘Incognito Mode” in Chrome for Chromebooks, etc.).

icon-user-management-83d64dab58eb075b359f6127d7e84ae5 (1)

Google Groups are another way to organize Google Apps users within a domain, allowing for quick and easy collaboration between different teams, departments, or other subdivisions within an organization and even outside of a particular domain if desired. These can comprise email distribution lists, online forums, shared calendars, drive folders, and inboxes as well.


Searchable Directory allows users within a domain to browse for specific users and distribution lists that are shared with everyone in the organization. Administrators can set which details are shared publicly within the domain and also set certain users to hidden. Through shared contacts, it is also possible to allow contact details of users outside of a domain to be shared as well if, for example, certain vendors or contractors are frequently contacted by multiple individuals across an organization.

How far do these pre-existing tools go?

With the three tools above, admins can achieve a degree of control for identity management within Google Apps. There are many third-party applications out there that append additional functionality and improved UX on top of these features as well.

However, for most organizations, identity management goes beyond just Google Apps and must also incorporate access to things like WiFi and RADIUS networks, system machines, applications hosted on Amazon Web Services or Google Compute Engine, and much more. No matter how advanced you get with Google identity and access management, there is simply no easy way to touch these additional components of your IT network.

Complete Google Identity and Access Management 

A Directory-as-a-Service (DaaS) solution such as JumpCloud can help bring an organization’s Google identity and access management in-line with a more comprehensive IAM system by centralizing and merging user management for Google Apps with user management for nearly every other IT resource as well.

google identity and access management

Before Directory-as-a-Service existed, the only way to feasibly do this was to tie in a complicated and expensive on-premises solution such as Microsoft Active Directory or LDAP, and then layer in an additional layer of middleware such as Google App Directory Sync, commonly known as GADS. But with solutions like JumpCloud, organizations can now easily “bridge the gap” between Google Apps and their directory. DaaS is a turnkey solution that allows organizations to remotely manage users from a centralized directory, securely hosted in the cloud.

Move Beyond the Basics

Learn more about JumpCloud’s DaaS and how to seamlessly merge your Google Apps users into a comprehensive IAM solution to easily connect employees to the IT resources they need, all from a single point.

Continue Learning with our Newsletter