Most organizations manage their users’ access with Active Directory. Many organizations are moving business applications to the cloud. The most cloudy application so far seems to be email, dominated by Google and Microsoft.
We have covered BPOS & Microsoft 365 (and Office 365) at length but have only cursorily touched on how Active Directory can manage Google Apps. And that is really because you don’t have to do anything different. All Google Apps wants from AD is name, email address, a password and object type. If you have all of that in Active Directory, then GADS (Google Active Directory Sync) does the heavy lifting.
You still control the user in Active Directory (for important things like, for example, signing on to the network!). You make sure the email attribute is populated because that is what Google Apps needs, and boom, you have a user in Google Apps thanks to GADS.
But what about groups? GADS triggers off of that email attribute, so if you have a distribution group (obviously with email populated), it will resolve the membership and create a group in Google Apps. If it is a security group, it will sync any that are email enabled; otherwise, Google Apps really doesn’t care and won’t sync it. Pretty darned simple isn’t it?
But that’s where the trickiness comes in to play. Google Apps has pretty crappy tools for managing these groups so it’s best to do it in Active Directory. This way you can have security controls in place, the ability to manage membership by the group owner(s), and have users opt in and opt out of groups with workflow. You can even have groups expire and track the history of all changes to the group.
And that’s just self service. What about your dynamic groups? Not QBDL’s, those suck. I’m talking about dynamically managing the membership of actual Active Directory groups (security or distribution). You can query Active Directory attributes or even other data sources (for example, union code might be kept in a SQL database).
Of course, I’m talking about Imanami GroupID managing your groups in Active Directory. Then Google make it easy to sync that with Google Apps. All of your groups are accurate and you don’t have to manage email. No wonder email has become the cloudiest app out there.
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.