Many organizations around the world choose Google as their cloud identity provider (IdP). The advantages of doing so are easy to imagine with Google being one of the tech titans in the industry. However, Google as an IdP does have limitations.
One major limitation is the lack of system authentication capabilities. Yes, you can access Linux workloads located at Google Cloud Platform (GCP) with your Google cloud identity, but things start to get complicated if your Linux servers (or desktops for that matter) are at AWS, Azure, or on-prem. That is why a common question we receive is how to authenticate Linux with Google Cloud Identity.
Authenticate Linux with Google Cloud Identity
In order to get to the bottom of this, let’s first step back and understand what is going on here and what Google Cloud Identity is all about. Google Cloud Identity is the new instantiation of a Google identity for business. In other words, Cloud Identity is what Google is using to manage identities for G Suite, Google Cloud Platform, and to authenticate to a small number of web applications.
That’s the extent of what you can use a Google Identity for with their platform. That means IT admins will have to find a different solution for extending Google Identities to non-Google resources.
Like most of the biggest players in the cloud identity market, Google likes the idea of creating an exclusive cloud computing environment so their customers need not look anywhere else for enterprise solutions. Their pay-to-play pricing is certainly enticing as customers only pay for what they use. This model is Google’s attempt to lock you in their ecosystem so they can sell you more of their products and it has proven to be effective. Yet, what’s good for Google isn’t always good for your IT infrastructure. In fact, it’s not uncommon for organizations to need to leverage resources from a variety of vendors just to meet all of their identity management requirements.
The good news is that a cloud directory service can unify IAM operations for organizations with Google Identities. To answer the original question, yes, it is possible to extend Google Cloud Identities to Linux machines using this method, even if they are not located at GCP. Directory-as-a-Service® offers an especially powerful solution. Let’s dig deeper into it below.
Directory-as-a-Service Features Linux Authentication with Google Cloud Identity
Directory-as-a-Service unifies identity management and eliminates the need for siloed resources. As illustrated in the diagram above, JumpCloud’s Directory-as-a-Service integrates directly with G Suite and provides a singular platform with the capacity to manage the breadth of an organization’s IT resources – from systems to apps, networks, and infrastructure.
That includes authentication for Linux systems. JumpCloud works by leveraging the G Suite Directory Sync feature to automatically import selected individuals, groups, or the entirety of your user database into the JumpCloud administrative console. Once imported, JumpCloud can provide a slew of additional management capabilities including the ability to federate your Google identities to your Linux endpoints. A Google Cloud Identity can be connected to Linux servers or desktops regardless of their location – all from one user friendly portal in the cloud.
Directory-as-a-Service offers a lot more than just Linux authentication. Using this cloud directory service, IT organizations can leverage a user’s Google Cloud Identity for systems (Windows, Mac, and Linux), cloud servers at AWS, Azure, or other IaaS provider (Windows or Linux servers), web or on-prem applications via SAML or LDAP, physical and virtual storage, and wired or WiFi networks through RADIUS.
To learn more about how to authenticate Linux with Google Cloud Identity, drop us a note. You can also sign up today and extend your Google Cloud Identities to Linux today. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud