Amazon® and Google® are at it again. This time, the two tech titans square off in the identity management arena.
In one corner, you have AWS SSO, a newcomer on the block when it comes to single sign-on (SSO), although it does weigh in with an incredible base of technical users through AWS cloud infrastructure. In the other, you have Google Cloud Identity, who has been a heavyweight in the cloud identity game for a while now, with its freshly rebranded G Suite™ Directory.
The stakes are high as both Amazon and Google are throwing everything they can into the ring to try and win the heart of the cloud: the user identity. In this bout, it is AWS SSO vs Google Cloud Identity.
Overview of AWS SSO
AWS SSO is an Identity-as-a-Service (IDaaS) solution that enables AWS users to gain access to a wider range of IT resources than previously available. These IT resources include various AWS services and third-party web applications.
Like many IDaaS solutions, AWS SSO federates identities to remote resources using the Security Assertion Markup Language (SAML 2.0) protocol. AWS SSO also leverages a core identity provider (IdP) such as AWS Directory Service, a.k.a. AWS Managed Microsoft AD, or another IdP as it’s identity base.
With that in mind, let’s talk about Google Cloud Identity.
Overview of Google Cloud Identity
Google Cloud Identity began as G Suite Directory, the core identity management solution for Google Apps and its users. Initially, G Suite user identities were somewhat nebulous in that they were created by the apps they regularly used, rather than building upon a core user object.
Recently, Google changed its approach by effectively detaching the core user identity from G Suite Directory. This core user object is what Google is calling the Cloud Identity, to which they added SAML support to provide access to a select group of web applications and Google services.
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/aws-sso-google-cloud-identity/