Google Apps is one of the most popular service providers for business of any size, but the tools provided by Google to manage user accounts and groups don’t give system administrators the flexibility and capabilities a specialized identity management product can offer.
With Soffid, you can configure Google Apps as one of the identity consumers of your organizations. You can decide to give Google accounts to every user on your organization, restrict them to a selected organization unit or user type, or write down a rule to enable or disable access depending on user attributes. In such a way, you can integrate mail groups and mail alias in your whole account life cycle, managing how users join or leave groups.
You can tell Soffid to maintain mail groups based on a mix of users, business units groups and information system entitlements.
Leveraging Soffid, you will also get synchronized password management. When a user changes its password, it’s immediately pushed to Google Apps.
More and more, you can deploy Soffid Identity Provider. With Soffid IdP, Google will no longer ask users for a password. Instead, Google will redirect the password request to Soffid Idp which will identify the user based on its password, digitial certificates or any other enabled mechanism. Google will receive a signed and cyphered authentication token issued by Soffid Idp, letting the user log in.
The most relevant benefits of using Soffid Idp + Soffid GoogleApps connector are:
- You don’t need to give Google access to your directory.
- Users logs in on your system first, keeping a live access log on your site.
- You can easily customize how users are created on Google, using simple expressions.
- You can use complex rules to set who can use Google services and who not.
- Every change is audited at the highest level available.
To learn more about how to configure it, please visit our wiki. .