What is Google Cloud IAM? Google Cloud IAM is Google’s identity management solution for Google Cloud Platform. It enables Google administrators to authorize who can access specific Google resources, namely those in their Infrastructure-as-a-Service platform. Think of Google Cloud IAM as similar to AWS IAM – it is a web based access management console for who can access the web-based consoles for GCP and AWS, respectively.
In doing so, organizations leveraging Google Cloud IAM can utilize Google Cloud Identities which ties to a number of services like G Suite, GCP, and other Google services. Google’s concept with Cloud IAM is to have centralized control and visibility over their Google Cloud Platform resources and who can provision, modify, and deprovision access to GCP resources on an individual basis.
What is Google Cloud IAM
Google Cloud IAM is a recent addition to Google’s cloud platform. It used to be that Google identities were tightly woven in with G Suite (formerly Google Apps for Work) resources like Gmail, Calendar, Drive, and so on. But, Google’s concept now is to enable you to use any “type” of Google identity and connect it to GCP resources.
In effect, Google identities were built from the apps they regularly used. This approach was effective at managing Google apps. Yet, it starts to break down when you factor in other Google resources – most notably Google Cloud Platform (GCP). Google Cloud IAM effectively detached the core Google user identity from G Suite and now calls it Google Cloud Identity and it cuts across a wide range of Google services.
In doing so, Google administrators gained centralized Google identities. Identities which admins could then provision to an exclusive list of Google resources like G Suite, GCP, and other Google services as well as with Cloud IAM for very specific types of resources within the IaaS platform.
Limitations of Google Cloud IAM
Google Cloud IAM is a great tool for managing Google Cloud Platform identities and connecting them to GCP resources. Hypothetically, if an organization only leveraged GCP resources, Google Cloud IAM would be the only solution they would need..
Realistically, that’s not how modern organizations operate. In fact, organizations regularly leverage a wide array of cloud resources from a variety of providers (e.g. AWS, Azure, IBM SoftLayer, and many others).
Not surprisingly, Google Cloud IAM cannot natively support management capabilities for these third party cloud resources. Organizations must also consider how to manage logins to their systems (e.g. Windows and Linux servers). The other problem is that Cloud IAM doesn’t connect with core identities – e.g. those from on-prem identity providers such as Microsoft Active Directory and OpenLDAP. Historically, those identity providers have been the centralized authentication platform, but even today, AD and OpenLDAP can’t connect users to many of their IT resources.
With that in mind, it’s easy to see that while Google Cloud IAM is great at managing Google resources, it is but one piece of the puzzle that organizations must assemble to effectively manage their modern IT infrastructure.
Fortunately, a new generation of IDaaS solution is emerging to consolidate IT management from one centralized location in the cloud. Directory-as-a-Service® is the next generation identity provider connecting users to the IT resources they need.
Google Cloud IAM vs. Directory-as-a-Service.
Directory-as-a-Service seamlessly integrates with Google in two ways. The first is our directory integration bridge, which provides user account provisioning, password updates, and metadata changes from our core directory to G Suite. Note with this model, IT admins can import in all of their existing Google data and then any new accounts can be provisioned from Directory-as-a-Service. The other is through SAML to create a single sign-on experience to connect users to Google apps.
Once integrated, Google identities can then be federated to resources at G Suite, but also other cloud service providers (e.g. AWS, Azure, O365), web apps (Salesforce, Box, Zendesk), networks (wired and WiFi), Samba and NAS appliances (Synology, QNAP, FreeNAS), on-prem applications (Jenkins, Docker, Jira), and can even be used to login to systems (Windows, Mac, and Linux), and more.
Check out a testimonial from Eusoh, one of our customers who is currently enjoying the benefits of our G Suite integration.
It is important to note that integrating JumpCloud with G Suite isn’t just about enabling admins to manage Google services – they can already do some of that with Google Cloud IAM. The integration is more for having one centralized location to manage all of their resources, both at Google and everything else. In a sense, Google Cloud IAM and Directory-as-a-Service are complementary solutions operating at somewhat different layers of the identity and access management stack.
The end result is that administrators can continue to leverage Google Cloud IAM to manage GCP resources, but those same user identities can be leveraged to connect to the entirety of an organization’s IT resources. Whereas previously these same resources would have to be managed independently.
To learn more about what Google Cloud IAM is and how to integrate with Directory-as-a-Service, drop us a note. You can also sign up and integrate Google with Directory-as-a-Service today. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud