Windows® Authentication Using Google Workspace™ Identities

Written by Rajat Bhargava on May 4, 2021

Share This Article

Updated on August 20, 2021

Connecting your Microsoft Windows machines to Google Workspace identities is a great vision. In fact, the ability to connect Google Workspace (formerly known as G Suite) identities to all of your IT resources – devices, servers, applications, files, and networks – would be wonderful. As a result of this pairing, it would centralize your users’ credentials and give you more control over all of their IT resources. Another benefit is that you could finally move completely to the cloud and eliminate Microsoft Active Directory®(AD) or OpenLDAP™ from your infrastructure and not be forced to maintain or secure those instances any longer. 

In short, Windows authentication using Google Workspace identities would be a beautiful thing for IT. 

But, We Live in the Real World

Unfortunately, out-of-the-box Google Workspace’s Directory (often referred to as Google Cloud Identity) doesn’t easily authenticate outside of Google Workspace applications and a few select web apps. Google has tried to make strides to authenticate with some Windows platforms through the Google credential provider for Windows machines, but it is not for the faint of heart with the number of moving parts and its command line installation procedures. The good news is that a vendor and platform agnostic solution can help you accomplish this universal identity vision with G Suite / Google Workspace identities; it’s called a cloud directory, or directory-as-a-service.  

As a companion to Google Workspace, the cloud-hosted directory service tightly integrates to centralize Google Workspace credentials. Now, a user’s Google identity can be federated to their laptop or desktop (Windows, Mac, and Linux), AWS® cloud servers, web or on-prem applications, and their WiFi authentication through RADIUS. Because JumpCloud is a third party provider, Windows, macOS®, and Linux® devices are all treated equally, and that means your users with Windows (or macOS / Linux) can login to their devices using their Google identities. The result is less friction and more time to get to work. You can even add in multi-factor authentication to the login process and leverage Google Authenticator as well.

Google Workspace Integration

That’s a powerful, comprehensive approach to directory services. A decade ago, a similar True Single Sign-On™ solution was available with Active Directory and the domain controller, but this required virtually all IT resources to be on-prem and leverage Microsoft solutions. With our modern mixed-platform environment moving to the cloud and shifting of gravity to Google Workspace, the ability to centralize user management was lost.

As it was known then, G Suite competed very well against Microsoft Office and Exchange. But, Google never tackled the problem of replacing Active Directory. Now, however, with a cloud directory, single sign on isn’t just for web applications any more; now, you can leverage those credentials for virtually any IT resources your users need to connect to virtually regardless of platform, protocol, provider, and location. 

Windows Authentication and More with Google Identities

IT can now manage access to your Windows systems, Linux cloud servers hosted at AWS, on-prem legacy applications via LDAP (OpenVPN™, Jira®), web applications via SAML, WiFi authentication through RADIUS, and much more all from one console and enabling the end user to leverage one set of secure credentials. 

The question we often hear is why can’t you login to your systems, SaaS apps, cloud infrastructure, file servers, and more using your Google Workspace identity? The answer to that question is actually quite simple. Google Cloud Identity is really a user management solution for Google applications and solutions. It does provide access to some LDAP and SAML applications, some Windows devices with a great deal of work, and some OAuth-based apps, but aside from that, it doesn’t leverage native Windows, macOS, or Linux authentication, APIs, or a multitude of protocols. That leaves a pretty sizable gap in your ability to manage users and their IT resources. 

Effectively, Google’s goal is for you to think of Google Workspace as a replacement for Exchange®, Windows file server, and Microsoft Office®. But, Google Workspace is no outright replacement for Active Directory, nor does Google seem to be positioning it that way given their additional solution to connect Google Workspace to AD, which is called GCDS (Google Cloud Directory Sync). So, you’re still stuck with AD on prem and Google Workspace in the cloud. JumpCloud Directory Platform, on the other hand, is aimed at being an alternative to Active Directory. In fact, it’s Active Directory reimagined. It allows you to firmly shift to the cloud with Google and an independent, agnostic cloud directory.

Do More with Google Identities

If you want to learn more about how you can achieve Windows authentication using Google Workspace identities, schedule a demo today. Or, you can just try it for yourself by signing up for a JumpCloud Free account. JumpCloud Free enables you to manage up to 10 users and 10 systems for free using the full-featured version of our platform. Be sure to check out our Google Workspace integration support documents. You also get 10 days of 24×7 Premium in-app chat support.

Illustration of a person using a large screen

One IT Platform for Windows Authentication and G Suite Identities?

It's possible to centralize user credentials and control your IT resources in one platform.

Continue Learning with our Newsletter