Is there LDAP support in Google Cloud™ Identity? Google recently announced an early version of their support of the LDAP protocol, so in a sense, the answer is yes. Of course, like many Google Beta solutions, the devil is in the details.
What is Google Cloud™ Identity?
Before diving into the LDAP support in Google Cloud Identity, it is important to understand what role Google’s identity management approach can play in your organization. If you are a G Suite™ or Google Cloud Platform™ customer, you know that your users can use their Google credentials across virtually all Google apps. That’s really the function that Google Cloud Identity is playing. Recently, Google has also leveraged this identity to a few, select web applications and, now, to some LDAP based applications.
Limitations of the Google Cloud
For most organizations, though, Google Cloud Identity doesn’t function as their authoritative identity provider, but rather an adjunct to an on-prem Microsoft® Active Directory® (AD) or OpenLDAP™ instance. Those that have tried to use Google identity management services as a “directory service” have quickly realized that it was never meant to replace AD. Since Google is mostly concerned with their own proprietary solutions, permeating a Google identity to non-Google resources (i.e. systems, competing cloud infrastructure, networks, etc.) cannot be done. This restriction makes it tough on admins who are looking to dole out authorization to their user identities using Google Cloud Identity.
The result has been that Google customers either maintain their on-prem AD server or lose a great deal of core authentication functionality such as to systems (Windows®, Mac®, Linux®), cloud and on-prem servers (e.g. AWS®, Azure®), file servers such as Samba and NAS appliances, and WiFi through RADIUS. It is certainly a rock and a hard place sort of scenario. On one hand, IT admins are stuck leveraging a traditional directory that’s being bolstered by a handful of added on tools like Google Cloud Identity. In the other, the IT organization is crippled by having to forego (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/ldap-support-google-cloud-identity/