User Management with Google Identity-as-a-Service

Written by Vince Lujan on August 5, 2017

Share This Article

G Suite has over five million business customers worldwide. It has been so successful that it has eliminated Microsoft Exchange, Windows File Server, and Office for many of those customers. Well, it seems Google is at it again with their cloud Identity-as-a-Service (IDaaS) platform. Google’s cloud identity and access management (IAM) solution adds additional management capabilities over the G Suite productivity platform. It empowers IT administrators to leverage granular user access management for Google productivity solutions to ensure that only the right person has access to the right resources. The goal of all of these G Suite features is to enable a huge number of organizations to make the shift to the cloud.

Can Google Cloud Identity Services replace Active Directory®?

Google Cloud Identity Management

The challenge remains that one fundamental component of the IT infrastructure is still stuck on-prem – the central user management platform. Historically, this has been Microsoft Active Directory or OpenLDAP. The question then becomes, can you make the move to Google Identity-as-a-Service for all of your user management needs?  The short answer is no. You can’t eliminate Active Directory or OpenLDAP with Google IDaaS. Google cloud identity management services are certainly a powerful tool for managing user access to Google services, but not sufficient to replace Active Directory or OpenLDAP.

Google IDaaS is a user management platform designed specifically for Google services and single sign-on into a few, select web applications. It isn’t meant to be a general identity provider connecting users to all of the IT resources they need. In fact, Google cloud IAM is designed to run on top of a core directory service and is not generally responsible for providing the source of truth for user identities to authenticate. This means that administrators will still have to establish an authoritative identity provider that exists outside of the Google ecosystem. For most, that means Active Directory is still in the picture.

This may come as a surprise for many G Suite customers. Historically, Google’s approach to the market has been all cloud, while Microsoft’s historically has been all on-prem. These two don’t really co-exist, but many organizations that sign up for G Suite will be forced to try and make them play nicely. It will be a constant battle. Unfortunately, Google identity services appears to only add complexity to an already difficult situation by having two places to manage identities.

Can Google Cloud IAM manage all of your IT resources?

Identity and Access Management Pyramid

It’s unclear whether or not administrators will ever be able to extend Google cloud user identities out to other non-Google cloud services like AWS, Azure, and Office 365 as well as on-prem systems and resources, WiFi, storage solutions, and a lot more. Based on what we’ve seen so far, it would appear Google is not interested. Instead, Google IDaaS falls within the realm of a private user management system. With G Suite directory services, organizations will still have one foot in the cloud and one on-prem. This isn’t necessarily a bad thing. It’s just that ideally the modern office would like to move completely to the cloud.

Directory-as-a-Service® to the Rescue

G Suite JumpCloud Integration

Fortunately, there is a way to have complete management capabilities over G Suite and all of your IT resources delivered from the cloud. The way to do that is through Directory-as-a-Service®. Our product is the first complete cloud based identity and access management solution that is tightly integrated with G Suite and Google Cloud. Leverage Directory-as-a-Service to not only help manage G Suite, but all of your IT resources both on-prem and in the cloud. Directory-as-a-Service works at the speed of light to push the core user identity to all of your cloud services like G Suite, AWS, GCP, Azure and on-prem infrastructure like WiFi, storage solutions, systems, and so much more. Directory-as-a-Service opens the door to a complete cloud-forward organization. All you have to do is walk through it.

jumpcloud learn more demo

Sign up today to see first hand how Directory-as-a-Service can benefit your organization and effectively be your user management systems for Google cloud identities. You and your first ten users can demo the full functionality of our product for free. You can also schedule a personalized demo or contact a member of our team at any time for any product related questions.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter