In the first session of our Google Workspace webinar series, we focused on how to apply Cloud Identity best practices and guidance with Goldy Arora. 

In this blog, we share the session recording and written questions and answers from the event so you can refer back to them at any time. If you have any further questions, please add a comment below and we’d be happy to help! 

With this series, it's our goal to provide a trusted space where you can receive support and guidance along your cloud journey. So if you have any feedback or topic requests for our next sessions, please let us know in the comments or by submitting the feedback form.

Session recording and slides

Watch the recording: https://youtu.be/c6ddHRc_f0M

Cloud Identity questions and answers

1. Can you show us Google Cloud Identity service in action as a user tries to access an application?

Check out this reference integration from @goldyarora. 

2. How does the Google Cloud Identity Platform integrate with existing Google Identity data used by a company? When should I use each of them?

When using an application that will be used by internal users, use Cloud Identity. When using an application that will be used by customers, use Google Cloud Identity Platform. 

3. What is the difference between the Google Cloud Identity Platform and Cloud Identity? When should I use each of them for user management in my apps?

Check out this video to understand the difference between Identity Platform and Cloud Identity.

4. Does pooled shared drive storage exist? (e.g. a space common to all and owned by the organization, but not owned by a particular user)

Shared drive should meet your needs. Shared drives are folders in Google Drive that you can use to store, search, and access files with a team. Shared drive files belong to the team instead of the individual. Even if members leave, the files stay in the shared drive so your team can keep sharing information and work anywhere from any device. Learn more here. 

5. What is the difference between the Google user directory (the one you get in your admin console with your licenses) and the cloud directory? And why, if any, is there any difference at all? Does it mean we need to purchase licenses for one and the other?

There is no difference. The directory is used by products/services like Workspace, Google Cloud, etc. Different directory users would have rights/features based on the respective licenses and authorization assigned. Learn more here.

6. What is the limit on how many users you can have in the Free Version of Cloud Identity? What are the Add-On Security Features available in Cloud Identity Premium in comparison to the Free Version?

Your Cloud Identity free edition user cap is the total number of free Cloud Identity users you can add. When you sign up for a free Cloud Identity account, your user cap increases by 50. Therefore, you can add up to 50 more Cloud Identity users. If you purchase additional licenses for paid Google Cloud services, such as Google Workspace, your user cap automatically increases. If you reach your user cap, you'll get an error message when you try to add users, but you can submit a request to increase this cap here. 

Compare the security feature differences between Cloud Identity free and Cloud Identity premium edition here.

You can compare all the Cloud Identity features between the free and premium editions in more detail here.

7. I would like to use Google SAML IDP to transition away from on-premises, but there seems to be no way to add overrides per SAML SP. We often have to force signing/encryption off/on per vendor. Any advice?

You should go for SAML if the service provider (SP) supports SAML. Otherwise, consider leveraging options like OpenID Connect (OIDC) or Secure LDAP based on your authentication needs.

8. Is it possible to use the provisioning/deprovisioning capabilities of Cloud Identity without switching away from our current SAML SSO authentication system? As an extremely large enterprise, switching our SSO system for all our systems is pretty much a nonstarter.

Yes, authentication and provisioning are separate modules. You can certainly use them standalone.

9. Can I get some pointers on how to use Google login on a Windows 10 PC?

Check out this help article for pointers. 

10. For education accounts, are suspended users automatically deleted after a while? or do they stay in system forever?

They're not automatically deleted. They're kept in a suspended state until you delete or restore them. Learn more here.

11. Are there any plans to improve the Windows 10 Endpoint Management functionality to deploy software, scripts, etc. to be more in line with other MDM providers? MDM for Windows 10 is very limited.

You can configure devices under Windows device management with custom settings, leveraging this help article.

12. Is there a table I can see somewhere that describes the various Cloud Identity features and integrations in terms of beta vs. production? I'm leery of building any business processes around any service that Google might later deem unnecessary and eliminate.

Cloud Identity is a base service, and other products/services like Workspace, Google Cloud, Analytics, etc. rely on it for identity and authentication. Cloud Identity is an area with active investment. Compare Cloud Identity features here.

13. Is there a way to use secondary email ID for notifications? Meaning, if the primary email is not associated with an email inbox, is it possible to use a secondary email ID for notifications or alerts?

You may want to consider adding a group within the admin console, then add members and secondary emails, and then use this group for alerts/notifications delivery.