Trong thế giới kinh doanh hiện đại, các giải pháp công nghệ đã trở thành…
If you have ever heard of SaaS (Software as a Service), PaaS (Platform as a Service), or IaaS (Infrastructure as a Service), you probably already imagine the similarities between these services. That's the model X-as-a-service – which is nothing new in the information technology age. These models provide software, platform or infrastructure to client companies as a service – that is, instead of building the system, software, self-managing, businesses can use this service from a third party (For example, instead of building an email system on their own server, the company can choose to use it. Business Gmail provided by Google). And Google Cloud Identity is a kind of Identity as a Service – identity services (credentials to applications) provided by Google. This article will help you learn some more specifics about Google's Cloud Identity.
- Cloud Identity: Centralized User, Device, and Application Management
- Session duration control for Google Cloud Console and gcloud CLI
1. What is Cloud Identity?
Cloud Identity is an Identity as a Service and Enterprise Mobility Management (EMM) service. Cloud Identity provides businesses with a service to help control logins, access to documents, and applications. Businesses can use this service in conjunction with G Suite (Workspace Google) or used alone, separate from G Suite (stand-alone product). As an admin, you'll be able to manage users, apps, and devices from a single place – the Google Admin Console.
In a word, Cloud Identity allows businesses to create account for employee. These accounts will be used by employees to log into the system and access the resources of that business. The difference: these are merely accounts, a identification information or like one "Access Card" that the user provides to the system in order to
- Identity verification (I am employee A of company B)
- Verify my access to company resources (I have access to department C data)
- Unlike a G Suite account or a free Gmail account: If it's just a Cloud Identity account, users will not have Gmail, Drive, ... applications to use.
2. Cloud Identity versions?
Currently, users can choose one of the two versions below:
Cloud Identity Premium: This release brings enterprise-wide security, application management, and device management services, including automated user management services, app whitelisting, and setting automation rules for device management.
Free Cloud Identity: The free version includes basic end-point management and identity management services. For users who don't need G Suite services, like Gmail or Google Drive, they get free Google accounts. You can use your Cloud Identity account with other Google services such as Google Cloud Platform (GCP), Chrome, Android enterprise, and an app store from third parties.
3. If you are a G Suite Admin
A G Suite account (G Suite license) is only necessary for users who need to use the applications included in G Suite (such as Gmail, Drive, Hangouts, ...). To manage users Are not If you have a need to use G Suite, you can create free Cloud Identity accounts for them.
In most cases, free Cloud Identity users can use the same services as G Suite users, such as Single Sign-On (SSO) or 2-Step Verification (2SV).
4. If you are a GCP admin
Personal user accounts (such as free Gmail accounts or email accounts with corporate addresses), are unmanaged accounts and are not under your control. If developers in your enterprise use unmanaged accounts to use resources GCP, you can create their own Cloud Identity. Specifically, these accounts will be separate from G Suite accounts – allowing you to manage all employees and users across the enterprise, directly from the Admin Console.
5. Control Statistics for Admin
Device Management – Device Management
- Enforce the use of a screen lock or password to protect devices.
- Remote device wipe: Delete business applications and data on mobile devices. For example, business accounts, work profiles, etc.
- View and search for devices, extract data to CSV files.
- Whitelist recommended apps and make them available to users for them to install.
- Manage enterprise-owned devices.
- View events on mobile devices.
- Set rules to automate mobile device management.
- Create a work profile on your Android device to separate personal and business data.
Directory Management – Manage contacts
- Manage account security using two-step authentication (2SV) and security keys.
- View and manage user privacy settings.
- Set session length for enterprise users (users of accounts with business domains).
- Google Security Center.
- Password recovery policy: Admin can choose to let users recover their own password or force them to contact admin to recover password.
- Manage Chrome browser.
SSO and automatic user management
- Install SSO for Cloud applications.
- Automate user management between Cloud applications.
- Get an overview of user statistics and trends for domains using G Suite.
- Assess the level of security and threats your business is facing, and find out specifically which users are at risk.
- Access all data from Security, Apps usage activity and Highlight pages in one consolidated report.
- View admin activity log.
As can be seen, with Google Cloud Identity, businesses can improve data security. It helps to unify and consolidate user access control in a single platform, thereby giving IT admins a quality management solution. When an employee leaves, the IT admin can remove their access from the admin console and ensure that this action takes effect. Currently, you can use this service for free or combine it with G Suite to manage members in your company.