By Stephanie DeCamp Posted November 18, 2019
Google started 2019 with more than five million businesses using G Suite™, making its value as a resource undeniable. But sysadmins face a significant challenge in managing user access to it (and other IT resources — including systems, servers, web applications, and more) all while keeping their IT environment secure. And if an enterprise is leveraging Microsoft® Active Directory® (AD) as its core identity provider (IdP) already, while also offering G Suite to its employees, then it’s likely they would consider syncing the two for security and productivity purposes.
The GCDS Approach
Traditionally, syncing AD with G Suite has required Google Cloud Directory Sync™ (GCDS) and G Suite Password Sync (GSPS). This isn’t a simple fix though, as it calls for a dedicated server and integration management, meaning more work for IT admins.
For example, neither GCDS nor GSPS are bidirectional with AD, so the tools that sync password changes and the like can go from AD to G Suite, but not the other way around. Plus, if an IT admin has already eliminated their Exchange server in favor of G Suite, chances are they’ll be reluctant to take another one on. Furthermore, GCDS (formerly known as GADS – Google Apps Directory Sync) only bridges AD identities to G Suite alone, and not to additional platforms such as AWS®, macOS®, Linux®, or other web applications.
The SSO approach
Another approach is to bridge G Suite to AD with a single sign-on (SSO) solution. Utilizing an SSO service can take much of the work out of it, such as eliminating the need for a GCDS server.
While SSO solutions connect users to web applications like Salesforce® (and in this case, extend AD to G Suite) using one set of credentials, those credentials don’t then extend to device authentication (Windows, macOS, Linux) or management. Also, SSO apps tend to focus on SAML protocol, but not always LDAP — so integrating something like G Suite with on-prem, legacy servers and apps isn’t always an option, even though AD may be in place as well.
There are plenty of other SaaS identity management patch options for AD on the market to help fill in these gaps, but because they’re similarly limited in scope, an IT admin may require many. If that’s the case, they run the risk of having each additional patch being just one more thing to look after — and purchase.
In sum, if a company needs to sync their AD with G Suite — but needs more than a baseline integration, doesn’t have the time or money to put toward patching, or simply wants the most bang for its buck — Directory-as-a-Service®, the third option below, may be the way to go.
The DaaS Approach
To achieve all of these ends, consider exploring a cloud-based Directory-as-a-Service. This solution extends an enterprise’s AD identities from on-prem domain controllers to G Suite, and an abundance of other IT resources that are challenging to bind to AD as well. It then enables users to securely log in to cloud-based and non-Microsoft resources with their same AD credentials.
In the case of JumpCloud Directory-as-a-Service, it can serve as the central user platform for the entire enterprise, and is even capable of replacing AD altogether. As a result, end-user identities can access not only G Suite but also their Windows, macOS, and Linux systems, AWS or GCP cloud servers, web and on-prem applications via SAML and LDAP, Samba file servers, and WiFi and VPN networks through RADIUS.
If you’d like to learn more about how JumpCloud can extend Active Directory to G Suite, and also integrate with systems, applications, and networks, feel free to contact us or check out our YouTube page. You can also give it a test run yourself and sign up here for a free account, where your first 10 users are free forever.