© 2021 All rights reserved
Made with love for Google Workspace:)
Hey, fellow Google Admins. Welcome to the Google Cloud Identity course. This is Goldy again
In the previous video, we talked about difference between Google Cloud Identity and Google Identity platform.
In this video, let’s talk about the differences among Google Cloud Identity, Google Cloud Platform, and Google Workspace. So let me share my screen and present a few slides that will help you with that understanding.
So what’s the difference among them?
Well, before we move towards that difference, let’s understand that Google Cloud Identity is an identity provider offering from Google.
It is similar to when you are carrying your driving license from DMV, which you got after verifying your six point ID. Now, when you go to airport, you show your driving license as your identity.
So in this specific case, airport authority is acting as a service provider, whereas DMV is acting as your identity provider, and behind the scenes, they have a channel to communicate, and that’s why you might have seen airport authority officials would just put your license in some sort of scanning machine and they might hear a beep saying everything is ok.
So now you understand identity provider, service provider and a channel of communication between them.
Now let’s move towards our use here which is to understand the difference among Google Cloud Identity, Google Workspace and Google Cloud platform.
Note – This is not an official documentation from Google, this is just my understanding doing Google Workspace and Cloud Identity from sometime, so in case if I miss something, please do not forget to put that in the comments below and I’ll be happy to correct it.
Okay, so Google Cloud Identity, just think of it as the identity provider where you will be doing things like creating your identities, that means creating your users, your groups, your members, doing settings like password management enforcing MFA, who can access which application in which circumstances.
On the other side, you have services, and these can be Google services or these can be third party services too.
For this video, let’s talk about Google services. So for example, if you want to use Google Cloud Platform or Google Ads or Google Analytics, these are service providers and they need an authentication provider which they can rely on, and that is what Google Cloud Identity is.
In case, if you’re considering Google Cloud Platform, or if you have already signed up for Google Cloud Platform, you might have seen Google asking you to first sign up for Google Cloud Identity so that you can have an identity provider where you will have your users, groups and members, and then you will assign Google Cloud Platform to all or a subset of these users.
Okay, so Google Cloud Identity is equal to identity provider rest, what you see here are service providers, but there is a bit of catch specifically with Google Workspace, because to sign up for Google Ads on Google Cloud or Google Analytics with your company domain, you will first need to sign up for Google Cloud Identity.
However, if you need to sign up for Google Workspace, you might have noticed that you can directly go to Google Workspace and sign up for it without a need for Google Cloud Identity.
That’s because when you sign up for Google Workspace, it gives you the same admin console where you’re creating identities so your identity is already created. You can also have Google Cloud Identity license and Google Workspace license working together in some cases.
For example, in case if you have a contractor who does not need access to things like Gmail, Google Chat, Meet, Drive, etc, he just needs to access some of the applications which you have configured as services in your Google Cloud Identity console, e.g GCP or Salesforce where Google is acting as Identity Provider.
Then instead of investing money and purchasing Google Workspace for this contractor, you can just give him Google Cloud Identity license and it will be price efficient, we’ll talk about the pricing in in video.
But coming back to Google Workspace, in case if you have signed up for Google Workspace, you already have created your identity inside Google, and you can use this identity just as you would use Google as your IDP.
Now, let us talk about another important point which is authorization.
So authorization is who can do what inside an application, so for example, once you are in Google Cloud platform, can you create a virtual machine or not? That is part of authorization, in Google Analytics, which report can you read and which report you cannot read? These are examples of authorization.
Please keep in mind that authorization is defined within the application itself and not in Google Cloud Identity.
In Google Cloud Identity, you can configure a rule saying who will have access to Google Cloud platform e.g whether all of my users or a subset of my users, but what these users can do when they log into Google Cloud platform, that level of authorization is defined within the service itself, be it Google Ads or Analytics or Google Cloud Platform.
Then all the logging and reporting, for example, logging in terms of who is logging from which IP etc is available in Google Cloud Identity admin console. However, logging in terms of what these users are doing in those end applications themselves, e.g what user did in Google Cloud platform, they create a virtual machine or a storage bucket, that level of application specific reporting will be available in the application itself and not in Google Cloud Identity.
Now, Google Cloud Identity is also capable to act as identity provider, service provider, or both. So as you see the optional layer here where you can have a Okta, Azure or Ping as your optional identity provider, which can number one provision the identities to Google Cloud Identity, and second, it can also do authentication to Google Cloud Identity.
If you have already invested in one of those identity providers, you may leverage your investments. If not, you can straight away work directly with Google Cloud Identity as your identity provider and access the applications securely.
I’ve created one more video on what Google Cloud Identity includes and how it can help you or put that in the description below.
Finally, in terms of device management, for example, doing things like who can access XYZ from mobile application. That kind of device management is also configured or part of Google Cloud Identity.
I understand it’s a little bit confusing, but just think of Google Cloud Identity as your identity provider and rest of the services as your service providers except Google Workspace, because when you are signing directly for Google Workspace, behind the scenes you are creating your identities inside Google.
So I hope it was helpful. If you have any questions or comments, please do not hesitate to put that under this video, and I will be happy to collaborate with that.
Thank you so much.