What is Google Identity-as-a-Service?

Google IDaaS

Identity-as-a-Service (IDaaS) solutions have taken off over the last several years, with a number of vendors piling into the IDaaS market. Perhaps the most notable recently has been Google Cloud Identity, which is making interesting inroads into the identity and access management (IAM) space. But what is Google Identity-as-a-Service? What does it give to organizations that they didn’t already have? Before we dive into what Google IDaaS is all about, we should step back and outline how the identity management space has been evolving. That way we can begin to understand where it is going.

A Brief History of IAM

SAML training

The modern identity and access management (IAM) space arguably kicked off with the introduction of the LDAP protocol, but that is really because LDAP led to powerful solutions like OpenLDAP and Microsoft Active Directory® (AD).

Both of these solutions were on-prem identity providers – the core directory service. This meant they were responsible for authenticating user access to systems, applications, file servers, and network infrastructure. However, they were never designed to support cloud innovations.

As web applications started to gain popularity in the early 2000’s, a new generation of identity management solutions were created. These IAM platforms were called web application Single Sign-On (SSO) providers. They leveraged Active Directory credentials and federated access to web apps. Their success inspired a number of other vendors to enter the market for a variety of purposes.

However, despite being identity management solutions, these platforms still needed a core identity provider (e.g., AD or OpenLDAP). We can think of these as first generation IDaaS solutions.

Google Enters the Game

google apps directory sync

Google first started to get involved in the IDaaS space with G Suite Directory – their user management platform for Google Apps. Prior to that, G Suite identities were tightly woven in with individual Google apps. In other words, identities were effectively attached to the Google apps they used.

Google IDaaS changed this approach, which is centralized around the core Google Cloud Identity. Essentially, what they’ve done is detach the core user identity from G Suite to offer identity services for users that don’t need access to Gmail, Drive, and other G Suite services. In doing so, Google administrators can now manage Google Cloud Identities from a centralized Google Admin console. (Google)

However, while the Google version of IDaaS is an interesting solution, it is really just a first generation IDaaS solution. In other words, IT admins will still require Active Directory or OpenLDAP to connect users to resources beyond Google, or be forced to manage them independently under this model.

Modern organizations have evolved to next generation Identity-as-a-Service solutions that can offer a complete cloud identity management platform, or said another way, a cloud directory service. These modern cloud IAM solutions are integrating user access to a wide variety of IT resources. JumpCloud® Directory-as-a-Service® offers a particularly powerful example.

Directory-as-a-Service with Google IDaaS

JumpCloud Directory-as-a-Service is a cloud-based directory service platform tailored for cloud-forward organizations. It is effectively the cloud alternative for legacy solutions like AD and OpenLDAP, but with a far more holistic approach to cloud identity management.

JumpCloud seamlessly integrates with Google IDaaS to create a secure path for Google identities to be imported into the JumpCloud administrative console. JumpCloud then becomes the core backing authority for Google identities, and the source of truth for metadata like usernames, email addresses, and passwords. JumpCloud serves as the full-featured directory service in the cloud. In this sense, we can think of JumpCloud as Active Directory and LDAP reimagined.  

JumpCloud securely manages and connects users to virtually any IT resource from a comprehensive, cloud-based identity management platform. In doing so, Google credentials can now be leveraged to gain access to a huge array of other resources that live outside of the Google ecosystem.

This includes other Infrastructure-as-a-Service providers (AWS®, Azure®), networks (wired & WiFi), web apps (Salesforce®, Box, Zendesk), on-prem applications (OpenVPN, Jira®, Jenkins®), Samba and NAS appliances (QNAP, FreeNAS, Synology), and Google credentials can even be used to gain access to systems themselves (Windows®, Mac, Linux).

In essence, Directory-as-a-Service becomes the beating heart of an organization’s IT infrastructure, securely pumping the core user identity to all of the endpoints and resources circulating throughout your IT network.

Learn More About Google IDaaS and JumpCloud Directory-as-a-Service

G Suite JumpCloud Integration

Contact the JumpCloud team to learn more about Google Identity-as-a-Service, and how JumpCloud can extend Google identities beyond Google resources. You can also sign up today and see how a comprehensive Directory-as-a-Service can benefit your organization. Your first ten users are on us, so you can check out the full functionality of our platform for free.

Vince is a content developer at JumpCloud. He currently specializes in professional communication and technical documentation, and has recently expanded his repertoire to include audio and video editing. When he is not developing content for JumpCloud, Vince enjoys exploring everything Boulder, CO has to offer.

This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud

Vince Lujan

Vince is a documentation and blog writer at JumpCloud, the world’s first cloud-based directory service. Vince recently graduated with a degree in professional and technical writing from the University of New Mexico, and enjoys researching new innovations in cloud architecture and infrastructure.

vince-lujan has 112 posts and counting.See all posts by vince-lujan