Integrate Google Workspace with OpenLDAP

Written by Rajat Bhargava on February 15, 2021

Share This Article

Updated on October 8, 2021

There are over 6 million organizations using Google Workspace (formerly called Google Apps for Work and G Suite). Many of these organizations want to shift their entire organization to the cloud. While Google Workspace enables IT organizations to get rid of Microsoft Exchange as an email provider and eliminate the need to leverage Microsoft 365 (formerly Office and Office 365), there are still core components that often live on-prem and are often Microsoft driven. 

With the Google Workspace model, one challenge that IT admin are facing is what they should do with directory services. Many IT organizations leverage Microsoft Active Directory or LDAP as their identity provider (IdP). Not surprisingly, many IT organizations are interested in integrating Google Workspace with OpenLDAP.

G Suite and OpenLDAP Integration Can Be Tough

LDAP is one of the most important authentication protocols. Originally authored by Tim Howes, our advisor, and his colleagues, the LDAP protocol is the centerpiece of the open source solution, OpenLDAP, and an authentication approach that has stood the test of time over almost 30 years.

Our Interview with Tim Howes

As a popular directory service, many organizations would like to integrate their OpenLDAP instance with their Google Workspace implementation. To enable the integration, IT admins need to implement Google Apps Directory Sync (GADS) (now called Google Cloud Directory Sync) to make it work. 

Of course, it is a one-way integration given Google’s approach to directory services. You can export your data into Google Workspace. However, this sync does not let you export your identity data from Google or passwords from Google Workspace. The integration requires an additional server and is fairly brittle. As a result, it is not widely liked by IT admins. 

There’s an Easier Way

A different and more popular approach to integrating Google Workspace and OpenLDAP exists. The approach is called directory-as-a-service, which is the foundation of JumpCloud Directory Platform. It creates a cloud-hosted directory platform that does not require another server, IT management, or babysitting. 

The process works as follows: 

  1. IT organizations leverage JumpCloud as their core user management platform. 
  2. Users and credentials stored within the JumpCloud identity provider are then synced with Google Workspace
  3. A new user can be created in the central, authoritative user management platform, which subsequently updates Google Workspace. 
  4. A user deleted in JumpCloud is also suspended in Google Workspace. 
  5. Passwords are updated on a user’s Windows or Mac machine effectively eliminating the risk of phishing attacks that plague major web applications such as Google Workspace.

Robust and Flexible Functionality

While the integration with Google Workspace and JumpCloud provides the same function as with OpenLDAP through GCDS, it offers a lot more too. Not only is a cloud directory platform far more resilient, it’s also API driven from the JumpCloud® service. IT organizations get a complete hosted cloud directory service instead of a self-managed, on-prem LDAP implementation plus extra servers for integration.

With JumpCloud, Google Workspace organizations can federate their Google identities to their Windows, macOS, and Linux machines, AWS servers, VPNs, web applications, WiFi authentication, and LDAP-based applications hosted on-prem, among others. The seamless integration is easy for end users because they have one set of secure credentials. And IT has central control over the identity management infrastructure.

Smoothly Integrate Google Workspace with OpenLDAP 

If you would like to learn more about how to integrate Google Workspace with OpenLDAP, drop us a note. Our cloud directory platform can solve this for you without the need to have your own OpenLDAP server or GCDS. Your first 10 users and 10 systems are free when you sign up for a free account, so give it a try today. You’ll also get 24×7 Premium in-app chat support for the first 10 days.

Continue Learning with our Newsletter