Google Cloud
InterServer Web Hosting and VPS


Google has announced an expansion of its sign-in options. The company is opening up google Workspace, Google Cloud and BeyondCorp Enterprise so users can take advantage of single sign-on (SSO) from multiple third-party identity providers.

Google has long-supported SSO using the SAML protocol from a single identity provider (IdP), but the company recognizes that times are changing. Support for multiple SAML-based identity providers instead of just one is something that will benefit many customers.

InterServer Web Hosting and VPS

See also:

Announcing the expanded SSO support, Matthew Soldo — product manager for Google Workspace Identity — says that the change will allow “customers to more easily access Google’s services using their existing identity systems”. He points out that mergers and acquisitions can lead to organizations having multiple identity providers. By introducing multi-IdP SSO, Google is helping to eliminate the need to migrate users between providers.

In a blog post, Google says:

Another increasingly common use case is data sovereignty. Companies that need to store the data of their employees in specific jurisdictional locations may need to use different identity providers.

Migrations are yet another common use case for supporting multiple identity providers. Organizations transitioning to new identity providers can now keep their old system active with the new one during the transition phase.

The company also gives some details about how the new support works:

To use these new identity federation capabilities, Google Cloud Administrators must first configure one or more identity provider profiles in the Google Cloud Admin console; we support up to 100 profiles. These profiles require information from your identity provider, including a sign-in URL and an X.509 certificate. Once these profiles have been created, they can then be assigned to the root level for your organization or to any organizational unit (OU). In addition, profiles can be assigned to a Group as an override for the OU. It is also possible to configure an Organizational Unit or group to sign in with Google usernames and passwords instead of a third-party IdP.

For now, there is support for the SAML 2.0 protocol, but Google is looking to expand this to include support for the increasingly popular OIDC later this year.

Image credit: monticello / depositphotos





Source link