Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Custom Federation broker on azure and google

Tags:

What could be an alternative to custom federation broker on aws in azure and google. In AWS I am able to create a url that permits federated user to login and access resources like this -

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

How we could create the same in azure and google?

like image 941
prasoon Avatar asked Jan 08 '19 10:01

prasoon

1 Answers

This answer covers Google Cloud Platform.

The basic foundational identity for Google Cloud (GCP) is Google Accounts. This means that the users are required to have a Google Identity before you can setup federation / SSO. GCP IAM permissions are assigned to email addresses (User, Service Account, G-Suite Group, etc.).

Where AWS requires a custom URL for SSO, Google implements OAuth. This means once authenticated, users can just use Google services without needing special URL entry points. In this respect Google's SSO is smoother for end users.

GCP supports SAML 2.0 SSO. Google acts as the service provider and the third party (AD, Okta, etc.) act as the Identity Provider. This requires you to setup Google Cloud Identity.

I went thru this process and just like AWS, it can be complicated. One item to think about. Do you plan to use GCP as your primary cloud plaform or one of the other vendors. The reason is that if GCP is your primary platform, then everything will be a lot easier if you also implement G Suite first. However, if you are a Microsoft shop where you want Active Directory to be your Identity Provider, then SAML is the implementation path. Just be prepared that you will need to setup directory synchronization (connectors). Google has a good connector for Azure Active Directory. This video provides a good introduction to extending Active Directory to GCP IAM.

This article will take you step by step thru setting up the correct Google services, SAML SSO, setting up Identity Providers, etc.

Using your existing identity management system with Google Cloud Platform

Additional Reading:

Google Cloud Identity

Setup SSO

Set up your own custom SAML application

like image 141
John Hanley Avatar answered Sep 29 '22 04:09

John Hanley
Sign in to Comment

Related questions

How to get an authentication token for Google Cloud Translation API within browser (chrome extension)
Accessing kube-dns outside of kubernetes cluster
Depending on Data on Firebase - build buttons including Images and Data
Google Cloud Global Forwarding: Invalid value for field resource.IPAddress
How to add password to google cloud memorystore
How to access Google Cloud Platform Firestore triggers from Python runtime cloud functions
How to load .zip files into BigQuery?
Apache Beam pipeline running on Dataflow failed to read from KafkaIO: SSL handshake failed
Google cloud function with wand stopped working
Updating FirebaseUser DisplayName (email auth) isn't updating instance CurrentUser
How to package python3 modules for google app engine
Exception during xgboost prediction: can not initialize DMatrix from DMatrix
BigQuery Standard SQL: Setting a value to positive or negative infinity
How to add firebase crashlytics into android projects
Android: Firebase Cloud Messaging not sending notification to build .apk
BigQuery complains after one too many UNION ALL operations - why does it happen and what are my options?
Firebase what should I do after idToken expires
How to Refresh Google AccessToken in Firebase? #AskFirebase
Best practice for production and test environments in Google App Engin
Setting up SSL for Google Cloud Storage static website?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!