IAM

Identity Platform

  1. It is like Cognito from AWS. Allows specifying which providers to federate the auth to.
  2. Services:
    1. Client SDKs: to allow app to authenticate its users
    2. Admin SDKs: to setup (server side)
    3. CLI

Cloud Identity

  1. Is Identity as a Service (IDaaS), extends GSuite identity management to GCP services. You don’t have to be a GSuite customer (i.e. no Google apps such as email, calendar, drive) to use Cloud Identity. Even though, both are managed through admin.google.com.
  2. Manages internal and external identities for either your company resources or external facing products/apps
  3. Identities can be users/groups, apps for devices
    1. Device management
    2. Directory management
    3. Security
    4. SSO: apps
    5. Reporting
  4. vs. Identity Platform: Cloud Identity is just API used by IAM, Identity Platform is the service that can be configured and used by others including apps.
  5. Cloud Identity is managed at the GSuite side to specify authentication requirement (e.g. 2-SV, password requirements, etc)
  6. Features:
    1. Free and Premium editions
      1. Premium adds enterprise security, apps and devices management
    2. SSO and 2-SV (2-steps verification, 2FA)
    3. Sync with on-prem directories.

BeyondCorp

  1. Trust no network!
  2. Offer this to customers through Identity-Aware Proxy (IAP)