Google鈥檚 Workspace productivity suite provides small and medium-sized enterprises (SMEs) with an alternative to Microsoft鈥檚 365 services. Microsoft鈥檚 model is prescriptive and positions its software and services at the forefront of identity and device management. Google takes a different approach by offering a of its own identity and access management (IAM) options as well as partnerships with vendors, including 探花大神. This article guides Google admins through those options to help determine the best fit for a IAM and device management platform.
Google鈥檚 IAM Options
Image credit: Google
Google Sign-In
Google Sign-In is the most basic user management platform for Workspace apps and other services. These are managed user accounts that IT admins can centrally control with their tenant. Google values optionality, so it鈥檚 possible to incorporate external identities through .
Single sign-on (SSO) for can be configured simply by selecting an Identity Provider (IdP). It鈥檚 flexible and permits you to choose the IdP that鈥檚 best for you. Google also has an in-house IdP called Cloud Identity.
Google Cloud Identity
is a unified IAM and endpoint management platform from Google. There are with the primary difference being app management, device management, rules, reporting, and other advanced features aren鈥檛 available for free.
It provides SSO with multi-factor authentication (MFA) for apps and infrastructure along with a library of connectors. It can enforce policies for personal and corporate-owned devices with interfaces for basic actions to wipe, deploy apps, and view reports on devices.
Google Identity also includes Active Directory (AD) sync, security services, and some automation for user provisioning. Google鈥檚 device management uses an agentless deployment model, which has benefits and limitations for controlling or interacting with a device.
Supported protocols are:
- LDAP
- SAML
- OpenID Connect (OIDC)
Supported operating systems are:
- Android, iOS, and Windows
Google and Microsoft Active Directory
Google Workspace has the option to add LDAP via Active Directory using Cloud Identity. AD is used for user/group account provisioning and can be configured for SSO using Active Directory Federation Services (AD FS). Suspended or deleted AD users will be disabled in Cloud Identity.
It鈥檚 also possible to federate Google identities using Azure Active Directory (AAD), which is primarily set up for guest users, but can also be used for IAM in Google apps and services.
探花大神鈥檚 Open Directory Platform
Google recognizes that one size doesn鈥檛 fit all and has as the appropriate option for the SME segment, especially when organizations are migrating from AD. Google and 探花大神 have partnered to offer a productivity and IT management solution. This combination offers SMEs a true alternative to Microsoft鈥檚 365 SKUs to extend Workspace identities for seamlessly and centrally managed IAM with unified device management.
Identity and Access Control
探花大神 is an open directory platform with centralized IAM and device management capabilities, regardless of the underlying authentication method or device ecosystem. 探花大神 authenticates users whether they use biometrics, digital certificates, passwords, or SSH keys. The platform treats identities as the new perimeter with secure, frictionless access to resources. 探花大神 ensures that every resource has a 鈥渂est way鈥 to connect to it.
For example:
- Servers use SSH keys, which are more secure than passwords
- Passwordless certificates can secure RADIUS Wi-Fi access
- with integrated MFA
- Web applications use SAML and OIDC for authentication with a growing collection of connectors for SSO apps
- 探花大神 Password Manager as an integrated add-on for additional security and convenience around passwords
- with Active Directory
- for privileged access management for Zero Trust security
Device Management
探花大神 provides EMM/MDM as well as agent-based deployments (where it makes sense). MDM enforces tamper-proof security policies and configurations to demonstrate and comply with organization compliance requirements. Agents offer additional telemetry through 探花大神鈥檚 and pre-built reporting, as well as Remote Assist and root-level commands access. For instance, the platform includes a Windows PowerShell interface.
Supported operating systems include Android, Apple devices from iOS to macOS, Linux, and Windows.
探花大神 includes unrestricted Remote Assist for every desktop operating system. Patch Management is an optional add-on to ensure operating systems and all major browsers are up to date and can be trusted. Patching is a vital aspect of healthy device posture as zero-day attacks become more frequent.
Selecting 探花大神 as your IdP can help to unify your stack and eliminate the need for IAM and IT management point solutions that raise management overhead, costs, and complexity.
Advanced Lifecycle Management
探花大神鈥檚 open directory platform functions as a cloud directory, and is with Google services such as Workspace and Google Cloud using an OAuth-based API. This allows IT admins to provision, deprovision, and manage Workspace users. IT admins can extend credentials to the kinds of systems, apps, file storage, and networks mentioned above.
The 探花大神 directory also differs from Cloud Identity by integrating with HR systems and automating group memberships through attribute-based access control. This simplifies on/off boarding while providing mature entitlements management that鈥檚 easier to administer.
Try 探花大神 with Google Workspace
Implementing our cloud-based directory service will allow you to fully move your identity management strategy to the cloud, centralize user access to on-prem and cloud resources. It will enable your organization to continue using Google without being forced onto Microsoft.
You can try 探花大神鈥檚 platform by signing up for a free trial.
