Simple Technology Solutions

GCP Identity and Access Management

 

Description

GCP Identity and Access Management leveraging Google Cloud Directory Sync Tool

Categories

Cloud Security
Cloud Enterprise Architecture
DevSecOps
Multi-CSP / Hybrid-Cloud
Cloud Governance & Compliance

PDF

BACKGROUND

A large U.S. Government organization with two cloud platforms (Amazon Web Services  and Microsoft Azure) leveraged a third cloud platform through Google Cloud Platform (GCP). Their goal was to implement an enterprise architecture using G-Suite to configure users and groups synchronized with the Enterprise LDAP server.

ANALYSIS

The Government Agency implemented a customer identity authentication service to manage the existing single sign-on needs. Any new solution would need to integrate with that authoritative identity authentication service and GCP would manage groups and users through G-suite. Any solution would require a low latency replication of the existing enterprise identity authentication service. Simple Technology Solutions (STS) conducted an assessment and determined that the most effective way of adding groups and users was to synchronize the G-Suite with the customer’s LDAP server.

SOLUTION

Google provides a Google Cloud Directory Sync (GCDS) tool for cross platform replication. However, STS determined that this would not support the customer’s defined naming standard for role-based access control. STS engineers synchronized G-Suite groups/users with the canonical groups and users in the Enterprise LDAP server using the Google Cloud Directory Sync Tool. For each project in the GCP, STS engineers developed a script based framework to add the groups defined by the enterprise with the appropriate access control permissions.

BENEFIT

By leveraging GCDS to sync groups and users in GCP Identity and Active Directory, STS reduced the duplication of work processes and the risk of human error. Using GCDS in GCP, STS did not need to create the groups and users again. GCDS is a one-way synchronization tool and the information in Active Directory or LDAP server is never compromised or modified. In addition, rules can be configured to exclude any groups and users created in Google Identity prior to synchronization.

SOLUTION ARCHITECTURE DIAGRAM

STS reduced the duplication of work processes and the risk of human error

Receive Updates

Receive Updates

Join our mailing list to receive the latest news and updates.

You have Successfully Subscribed!

COVID-19 Message

As we all adapt to a “new normal” in light of the COVID-19 pandemic, Simple Technology Solutions (STS) is here as your trusted federal information technology (IT) partner. STS leadership has more than 50 years of combined experience and have served various law enforcement agencies that protect our safety and well-being. Now, as we navigate uncharted water together, we want to bring that same peace of mind to you. While we adapt to new challenges like working from home, STS is here to help as we keep your safety and that of our team top of mind. Our company platform was designed with telework in mind and enables a 100% remote workforce. In the coming weeks (and maybe months) we must all rely on a foundation of understanding and flexibility. Communication is key and in these uncertain times let’s work closely and collaboratively to overcome the challenges ahead.