In the age of remote work identity management has become a major concern for many organizations. Mobile management policy is crucial for companies whose workforce uses mobile devices for work, often using their personal devices to stay in touch with coworkers. Introducing a Cloud Identity platform addresses all these issues and a few more. Let’s see how.
What is cloud identity?
Cloud Identity is a cloud-based identity and access management platform that includes access and device management (IAM/EMM) capabilities. It is an Identity as a Service (IDaaS) solution, which takes the burden of identity management off your business units and provides solutions in the Google Cloud environment.
Cloud identity refers to one of Google Cloud services and allows organizations to maximize IT efficiency and user experience, all the while putting data security and access management first.
Why should I consider Cloud Identity?
These days employees want to be able to access their more than just basic functions from mobile devices. They want to be able to access company resources from anywhere and from any device, including their personal devices. Many companies choose to allow employees to use their devices for the sake of convenience and efficiency. In order to safeguard company resources and maintain data security, they implement mobile policy standards.
Benefits of Cloud Identity
1. Single sign-on (SSO)
To enable employees to sign onto their devices and all their cloud apps in one go, Cloud Identity encompasses thousands of pre-integrated apps. Users can access them with a single sign-on. This way they do not need to remember multiple passwords.
Passwords are the weakest security feature because people use the same one for multiple applications, increasing the risk of a security breach, even in apps that enforce strong passwords.
Users can sign on securely and have access to apps integrated with their account both on-premises and in the cloud.
2. Multi-factor authentication
Multi-factor authentication (MFA) available in Cloud Identity serves to protect both users and the organization from unauthorized access and potential data loss.
MFA verification methods include:
- phishing-resistant security key,
- mobile push notification,
- one-time password.
3. Endpoint management and mobile device management (MDM)
By using Cloud Identity for endpoint management, you can enhance your company security. Your security team will be able to access and manage any Android, iOS, and Windows devices using a unified console.
They can set up devices in minutes. Endpoint management allows you to:
- enforce security policies,
- wipe company data remotely on any company device,
- deploy apps on employee equipment, so they don’t have to install it on their own,
- view and export reports.
You can also easily set up mobile management for Android and iOS devices.
4. Highest security levels
With Cloud Identity, you can control access to the data in your organization, manage users and resources, relying on Google’s BeyondCorp security model. It has several features that improve your company’s data security:
- User protection with strong and flexible multi-factor authentication (MFA)
- Phishing-resistant FIDO security keys to protect your high value resources and users
- Security Center, where you can find analytics, insights, and best practices.
5. Cloud and mobile work
Cloud Identity supports cloud-based and remote work with a number of features:
- Integration of your existing on-premises and cloud-based solutions
- On-premises directory expanded to the cloud with Directory Sync
- Access to traditional applications and infrastructure with secure LDAP
- Automatic synchronization of user information with HR records.
6. Simple for the user
Remote and hybrid work comes with its own set of challenges, both for the organization and for the users. Cloud Identity makes the user experience more intuitive by unifying user, device, and app management.
- A single cloud and access management console simplifies identity management for users, devices, and apps.
- One-click access to all of your employees’ work apps
- Account management available from virtually any device, anywhere.
User accounts and assigning apps
When adding users to Cloud Identity, admins need to specify each user as a member of a specific organization. Similarly, they assign apps to each organization. For example: access to CRM (Customer Relationship Management) data and apps are assigned to “Sales.” When a user is assigned to the Sales organization, they will automatically gain access to CRM apps.
7. Advanced mobile device management
Advanced management for mobile devices is an optional feature. Device approvals allow admins to check details about the device an employee uses, including the operating system, to check if the device is up-to-date and meets the requirements.
Device control systems can be done manually, through an API or using rules. Manual checks are the most granular, but they are the most time consuming. Rules are the easiest to deploy, at the cost of some granularity.
Employees must make sure their devices are updated in order to keep them compliant with the rules set up in Cloud Identity. Only devices that meet the minimum standards can access the organization’s resources.
Whitelisted work apps
Using whitelists for work apps allows the organization to manage work apps employees have on their personal mobile devices. At the same time, users retain all control over their personal apps.
If your company wants to create a list of whitelisted apps for employees to use, the admins can select apps from App Store or Google Play store and add them to a whitelist. Admins will need to create a separate list for iOS devices and a separate one for mobile devices running on Android. You can distribute apps to users in your organization or a group in Google Groups.
User notifications
IT lets employees know that their mobile devices are managed, and they’ll see prompts to enroll their devices in advanced management using their Cloud Identity credentials.
To enroll, users who have Android devices install the Google Apps Device Policy app and a work profile. Users with iOS devices install the Google Device Policy app and a device policy profile. The app and profile verify the device complies with the policies that IT sets. Only enrolled devices can sync corporate data.
How to sign up for Cloud Identity?
Cloud Identity management is available for Google Workspace admins through one of two plans. You can sign up for the service using either the free tier or the premium one.
Cloud Identity Free
You will need your company’s domain name and admin credentials (username and password) to your domain registrar. You will find detailed instructions how to proceed on Google’s dedicate site.
Cloud Identity Premium
Advanced mobile device management features offered by Google Mobile Management are available in the premium edition. You will need your organization’s domain name to get started. If you don’t have one, you will be able to purchase it during sign-up.
In the Admin console, go to Menu and then find Billing.
Clock on “Get more services” and then on “Cloud Identity.” Next to Cloud Identity Premium, click Start Free Trial.
More information about Cloud Identity
If you want to find out how to configure common security settings, you can find all the instructions on setting up and the basic functions in Google knowledge resources. Here is an overview of how to set up Cloud Identity and how to proceed from there.
If you want to ask FOTC cloud engineers any questions you may have, set up a call.
