who should use cloud identity?
It is common for organizations to have multiple systems and applications which their employees and other users need to access. Managing access to these services can be complex since different users typically need to have different levels of access to them. This gets more complicated when the organization has a large number of users. There is a need for enterprises to simplify and secure their identity and access management. To do this, organizations have to streamline this process by providing a single point of access for users and a centralized system for managing identities and access permissions. This is where Cloud Identity comes in.
What is Google Cloud Identity?
Google Cloud Identity is a unified identity and device management service built to deliver secure and reliable authentication for accessing various systems and data. It is an Identity-as-a-Service (IDaaS) solution that provides identity access management (IAM) to companies that use cloud-based services from GCP or other cloud providers. What separates Cloud Identity from other IDaaS solutions is that it is not a single service but a suite of services coming together to competently fulfill enterprises’ identity needs. These services include:
- BeyondCorp – to enable remote employees to access business applications and work from anywhere.
- Identity-Aware Proxy – to authenticate and authorize user requests.
- Data Loss Prevention API – to help in classifying company data for efficient governance, control, and compliance.
- Cloud Security Scanner – to scan and reveal vulnerabilities in your applications.
- Security Key Management and Enforcement – to set up, manage, and enforce the use of security keys.
Cloud Identity leverages all the above to implement IAM in four facets: user account provisioning, managing endpoints, directories, and applications.
Key Features of Google Cloud Identity
Cloud Identity has the following key features:
- Support for multiple authentication methods – this includes SAML, OIDC, and Email/Password. Google, Facebook, and so on.
- Single sign-on – allows users to access numerous related apps using one set of login credentials. With hybrid identity management, Cloud Identity ensures that users can access resources on-prem and in the cloud.
- Multi-factor authentication – Cloud Identity supports a wide variety of multifactor authentication methods, for instance, Google Authenticator, and push notifications.
- Unified endpoint management – Cloud Identity has a single console for managing all endpoints within your network, including Android, iOS, and Windows devices.
- Compatibility with other apps – Cloud Identity is compatible with popular open-source and third-party cloud applications so that you can continue working with your favorite apps.
Who should use Google Cloud Identity and who should not?
Cloud Identity is suitable for any organization that uses GCP services and needs to manage user access to those resources. This includes businesses of all sizes, government agencies, and educational institutions. It helps these businesses and institutions to implement complex access requirements as well as comply with regulatory requirements, such as HIPAA or GDPR.
Although Cloud Identity is suitable for any organization that uses Google Cloud services, it is not mandatory in all use cases. Here’s why. Cloud Identity offers identity and endpoint management services as part of Google Workspace and as a standalone product. For this reason, it has the following use cases.
If your organization uses, or wants to use GCP services and has not set up a Google Workspace account, you are required to sign up for Cloud Identity. This is usually the case if you are using another solution for your company’s messaging and collaboration, let’s say Office365, but you still want to use the services on GCP. Here, we recommend that you sign up for Cloud Identity to create work accounts for your users and have more control over which apps they can access.
If you’re already using Google Workspace, signing up for Cloud Identity can be optional or mandatory because it is already part of the Google Workspace offering. There are scenarios where you can use Cloud Identity and Google Workspace together. Let’s say you have employees on Google Workspace and you also have contractors who need to access GCP services. Instead of getting them another Workspace license, you should sign them up for cloud identity. Cloud identity is not just limited to entities that use Google Cloud as their primary cloud provider. Microsoft Azure users can also leverage its IAM capabilities.
Why should Microsoft users use Google Cloud Identity?
Microsoft companies that want to use Google Cloud should use Cloud Identity for user management. Cloud Identity is a prerequisite for onboarding an organization to the GCP so they will need to set up a Cloud Identity domain to gain full control over their organization.
For Microsoft companies, Azure AD is the primary Identity provider. After setting up the Cloud Identity domain, users can configure automatic user provisioning between Azure AD and Google Cloud/Google Workspace. When this setup is complete, Azure AD will automatically, provision and de-provision users and groups to Google Cloud, making onboarding to the GCP as smooth and as fast as possible. This integration supports the following actions:
- Adding and removing users, groups, and group memberships on Google Cloud
- Syncing user attributes between Azure AD and Google Cloud
- Single sign-on (SSO)
Microsoft has a Google Cloud connector that allows SSO integration with Azure AD. With SSO, Microsoft customers can still use their company Azure IDs to log into Google Cloud. This helps to improve enterprise security.
Cloud Identity is built to deliver Google-grade security by using BeyondCorp’s Zero Trust model where individuals within an organization’s network also have to be authenticated. It also uses Google’s threat intelligence signals to detect threats before they can breach users’ security. As a user, you can be assured that your data and users will be well-protected. Additionally, Cloud Identity also allows users to enjoy the following benefits.
- An enriched user experience – with single sign-on, users won’t have to create numerous credentials to access various related apps. They can simply use one set of credentials.
- Highly scalable – You can add as many users as you want and also remove them when you want as Cloud Identity is designed to scale with your organization’s needs.
- Centralized identity management – With Cloud Identity, you can manage all your user identities and access resources in one place. This makes it easier to manage and secure your organization’s resources.
Google Cloud Identity has a free and premium plan. The premium plan base price is $6 per user per month which includes all the features in the free plan together with advanced security features such as Data Loss Prevention, enterprise endpoint management, and so on. The premium plan also comes with 24/7 email, phone, and chat support whereas the free plan users have to make do with the Google Cloud Community in case of any issues.
Additional features, such as advanced security and integration with Google Workspace, are available for an additional cost. Google Cloud Identity also offers volume discounts for organizations with large numbers of users. Overall, the cost of Google Cloud Identity will depend on the specific features and services your organization needs. It is recommended to use the Google Cloud Identity pricing calculator to get a customized cost estimate based on your specific requirements.
You may also like…
Google Cloud Unmanaged Accounts [GCP Security Week #1]
Do you know how many of your employees have a Google account with their business email address? No? A lot of companies will be able to give a rather vague answer to this simple question, because they do not know what it is about in detail and…
Collaborative work with Google Workspace
Google Workspace is a cloud-based office suite that integrates Google’s communication and collaboration tools, including Gmail, Meet, Calendar, Chat, Drive, among others. How do distributed teams utilize Google Workspace to…
What is Google Cloud Landing zone?
A Google Cloud landing zone is simply a foundational blueprint for cloud adoption on GCP. This framework lays out a configuration that helps your enterprise to utilize the services on GCP for your business needs. This includes network configurations, determining the hierarchy of…
Get in touch with us
Ready to start your next project with us? Give us a call or send us an email and we will get back to you as soon as possible!