Managing identities and access rights is one of the central tasks of cloud operations. This is all the more true as the increasing use of the Google Cloud Platform also brings with it the need to protect sensitive data. As cloud environments are perimeter-less
perimeter, access is possible by default without protection mechanisms such as a VPN
and protection is all the more necessary. This workshop demonstrates how this can be achieved with Google’s Cloud Identity and related services.
The Google Cloud Platform (GCP) offers a wide range of tools and services that help companies to securely manage identities and control access to resources. The tasks of these services are diverse and include user management, authentication including multi-factor authentication and single sign-on (SSO) and authorization including access control.
authorization including access rights and access control. The management of a directory service and its connection to other services such as Microsoft Entra ID should also be mentioned. Advanced scenarios relate to federation with other directory services by means of token exchange so that users and applications can use the access data of their identity provider to access resources in the Google Cloud.
The basis is Google’s Cloud Identity At the heart of identity management is Cloud Identity, a central platform for managing identities in the Google environment. Although this is separate from GCP, it is a mandatory requirement for its use. Cloud Identity serves as the basis for user and group management for most Google products. It is relatively easy to set up. The system asks you for the name of a domain (usually your own company domain), which you validate by setting a TXT entry. The exact steps for setting up Cloud Identity and how to connect to Entra ID are described in our article in the IT-Administrator special issue “Cloud Security” [1].
You can access the full article online in the IT-Administrator portal or read it in the October 2024 issue of IT-Administrator magazine.
