Google’s Workspace productivity suite provides small and medium-sized enterprises (SMEs) with an alternative to Microsoft’s 365 services. Microsoft’s model is prescriptive and positions its software and services at the forefront of identity and device management. Google takes a different approach by offering a range of its own identity and access management (IAM) options as well as partnerships with vendors, including JumpCloud. This article guides Google admins through those options to help determine the best fit for a IAM and device management platform.
Google’s IAM Options
Image credit: Google
Google Sign-In is the most basic user management platform for Workspace apps and other services. These are managed user accounts that IT admins can centrally control with their tenant. Google values optionality, so it’s possible to incorporate external identities through federation.
Single sign-on (SSO) for third-party web applications can be configured simply by selecting an Identity Provider (IdP). It’s flexible and permits you to choose the IdP that’s best for you. Google also has an in-house IdP called Cloud Identity.
Google Cloud Identity
Cloud Identity is a unified IAM and endpoint management platform from Google. There are free and premium editions with the primary difference being app management, device management, rules, reporting, and other advanced features aren’t available for free.
It provides SSO with multi-factor authentication (MFA) for apps and infrastructure along with a library of connectors. It can enforce policies for personal and corporate-owned devices with interfaces for basic actions to wipe, deploy apps, and view reports on devices.
Google Identity also includes Active Directory (AD) sync, security services, and some automation for user provisioning. Google’s device management uses an agentless deployment model, which has benefits and limitations for controlling or interacting with a device.
Supported protocols are:
- OpenID Connect (OIDC)
Supported operating systems are:
- Android, iOS, and Windows
Google and Microsoft Active Directory
Google Workspace has the option to add LDAP via Active Directory using Cloud Identity. AD is used for user/group account provisioning and can be configured for SSO using Active Directory Federation Services (AD FS). Suspended or deleted AD users will be disabled in Cloud Identity.
It’s also possible to federate Google identities using Azure Active Directory (AAD), which is primarily set up for guest users, but can also be used for IAM in Google apps and services.
JumpCloud’s Open Directory Platform
Google recognizes that one size doesn’t fit all and has positioned JumpCloud as the appropriate option for the SME segment, especially when organizations are migrating from AD. Google and JumpCloud have partnered to offer a productivity and IT management solution. This combination offers SMEs a true alternative to Microsoft’s 365 SKUs to extend Workspace identities for seamlessly and centrally managed IAM with unified device management.
Identity and Access Control
JumpCloud is an open directory platform with centralized IAM and device management capabilities, regardless of the underlying authentication method or device ecosystem. JumpCloud authenticates users whether they use biometrics, digital certificates, passwords, or SSH keys. The platform treats identities as the new perimeter with secure, frictionless access to resources. JumpCloud ensures that every resource has a “best way” to connect to it.
- Servers use SSH keys, which are more secure than passwords
- Passwordless certificates can secure RADIUS Wi-Fi access
- LDAP with integrated MFA
- Web applications use SAML and OIDC for authentication with a growing collection of connectors for SSO apps
- JumpCloud Password Manager as an integrated add-on for additional security and convenience around passwords
- Integration with Active Directory
- Conditional access rules for privileged access management for Zero Trust security
JumpCloud provides EMM/MDM as well as agent-based deployments (where it makes sense). MDM enforces tamper-proof security policies and configurations to demonstrate and comply with organization compliance requirements. Agents offer additional telemetry through JumpCloud’s System Insights and pre-built reporting, as well as Remote Assist and root-level commands access. For instance, the platform includes a Windows PowerShell interface.
Supported operating systems include Android, Apple devices from iOS to macOS, Linux, and Windows.
JumpCloud includes unrestricted Remote Assist for every desktop operating system. Patch Management is an optional add-on to ensure operating systems and all major browsers are up to date and can be trusted. Patching is a vital aspect of healthy device posture as zero-day attacks become more frequent.
Selecting JumpCloud as your IdP can help to unify your stack and eliminate the need for IAM and IT management point solutions that raise management overhead, costs, and complexity.
Advanced Lifecycle Management
JumpCloud’s open directory platform functions as a cloud directory, and is tightly integrated with Google services such as Workspace and Google Cloud using an OAuth-based API. This allows IT admins to provision, deprovision, and manage Workspace users. IT admins can extend credentials to the kinds of systems, apps, file storage, and networks mentioned above.
The JumpCloud directory also differs from Cloud Identity by integrating with HR systems and automating group memberships through attribute-based access control. This simplifies on/off boarding while providing mature entitlements management that’s easier to administer.
Try JumpCloud with Google Workspace
Implementing our cloud-based directory service will allow you to fully move your identity management strategy to the cloud, centralize user access to on-prem and cloud resources. It will enable your organization to continue using Google without being forced onto Microsoft.
You can try JumpCloud’s platform by signing up. It’s free for 10 users and 10 devices with 10 days of complementary chat support. Pricing is workflow based and administration is easy.