Google SSO – Multi-Factor Identity and Authentication
Google SSO – Multi-Factor Identity and Authentication – aBIZinaBOX brings the ability to deploy advanced identity and authentication tools to our clients platforms using “best of breed” products including Okta Multi-Factor SSO and the recently released single sign on capabilities contained in Google Apps for Work. [The following discussion in contained in a recently released Google White Paper which you can download directly from here.
Google Apps for Work offers core identity services across all editions that make it simple, secure and reliable for users to log in and for administrators to manage usage across the organization. These core features fall into six main areas, where we focus.
• Single sign-on (SSO)
• Directory administration
• Multi-factor authentication
• Reporting and Analytics
• Endpoint management
SSO Security (SAML 2.0)
Google Apps SSO is based on SAML 2.0, an XML standard that allows secure web domains to exchange user authentication and authorization data. For additional security, SSO accepts public keys and certificates generated with either the RSA or DSA algorithm.
OAuth 2.0 and OpenID Connect (OIDC)
Google Apps supports OAuth 2.0 and OIDC, an open protocol for authentication and authorization.This allows customers to configure one SSO for multiple cloud solutions. Users can log on to thirdparty applications through Google Apps without re-entering their credentials or sharing sensitive password information
Users are the core of any identity platform and easily creating those users is important for administrators. Google Apps for Work makes user creation and provisioning easy with the unified Google Apps Admin console and APIs. Organizations moving from Active Directory can use Google Apps Directory Services (GADS) to migrate or sync data. Once a useris provisioned, user details automatically flow throughout Google Apps and are available to third-party apps or custom apps that need user attributes. For more advanced needs, third-party solutions like Ping Identity can add additional federation and integration into existing cloud or on premise services.
The Google Apps Admin console makes it easy to manage users. Everything from setting permissions to resetting passwords is in one location so administrators can quickly complete common tasks. Individual Google services and third-party services can beenabled at an individual or organizational unit level. This makes it easy to manage unique app permissions for different departments, like marketing and finance.
For advanced needs, Google SSO identity directory provides a user management API to create, retrieve, update and delete users. The user object is extensible and the Admin console/API provides rich search on various core and extensible user attributes so administrators can add and find details that are unique to their needs.
Google SSO builds security into our structure, technology, operations and approach to customer data. Our robust security infrastructure and systems become the default for each and every Google Apps customer. And beyond these measures, users are actively empowered to enhance and customize their individual security settings to meet their business needs through dashboards and account security wizards. Google Apps also offers administrators full control to configure infrastructure, applications and system integrations in a single dashboard via our Admin console — regardless of the size of the organization. This approach simplifies administration and configuration.
2-step verification adds an extra layer of security to Google Apps accounts by requiring users to enter a verification code in addition to their username and password when they sign in. This can greatly reduce the risk of unauthorized access if a user’s password is compromised. Verification codes are delivered on a one-time basis to a user’s Android, BlackBerry, iPhone, or other mobile phone. Administrators can choose to turn on 2-step verification for their domain at any time.