Google Cloud Fundamentals: Core Infraestructure - Resource and access in the cloud -> Cloud identity

When new Google Cloud customers start using the platform, it’s common to log in to the Google Cloud Console with a Gmail account and then use Google Groups to collaborate with teammates who are in similar roles. Although this approach is easy to start with, it can present challenges later because the team’s identities are not centrally managed.

This can be problematic if, for example, someone leaves the organization. With this setup, there’s no easy way to immediately remove a user’s access to the team’s cloud resources.

With a tool called Cloud Identity, organizations can define policies and manage their users and groups using the Google Admin Console. Admins can log in and manage Google Cloud resources using the same usernames and passwords they already use in existing Active Directory or LDAP systems. Using Cloud Identity also means that when someone leaves an organization, an administrator can use the Google Admin Console to disable their account and remove them from groups.

Cloud Identity is available in a free edition and also in a premium edition that provides capabilities to manage mobile devices. If you’re a Google Cloud customer who is also a Google Workspace customer, this functionality is already available to you in the Google Admin Console.