Cloud Identity Overview

Identity as a Service solution used for managing users, groups, and security settings from a centralized location.
Single SignOn
SAMLbased SSO through a 3rd party identity provider (IdP) where Google acts as the service provider
Google, Active Directory or LDAP using GCDS
Access thirdparty cloud apps but their credentials aren’t stored with the 3rd party
MultiFact or Authentication
2factor authentication
Physical security keys
Google prompt
Google authenticator app
Backup codes
Text message or phone call
Mobile Device Management
Enforce policies for personal and corporate devices
Create a whitelist of approved apps
Requirement of company managed apps
Federate with OnPremises Active Directory
Cloud Identity maps (or federates) AD accounts to Cloud Identity accounts. Mapping = Federation
Google Cloud Directory Sync (GCDS)
How GCDS Synchronizes with AD/LDAP
Performs a one-way synchronization LDAP server is never updated or altered.
Ensures Google domain data matches Active Directory or LDAP server.
Allows rule configuration for custom mapping (users, groups, nonemployee contacts, user profiles, aliases, calendar resources, and exceptions.
No external access to your LDAP directory server.