Solved: Re: Unable to access Cloud Connect Community

Nova1 · 05-03-2023 04:10 PM

This is a shot in the dark, posted by a complete and clueless newb, but here it goes....

I'm trying to access a help resource via a link:
https://www.cloudconnectcommunity.com/ccc/ls/community/cloud-identity

A new tab opens "LumApps" where a spinner displays:
"Something is taking longer than usual..."

Is there anything I can do to address this?

Thanks!

Mike

goldyarora

Yes, you would need google workspace if you want to give your users access to apps like Gmail, but if your messaging and collaboration runs anywhere else (e.g office 365), and you only want to use GCP, then cloud identity free licenses should be good enough.

You need an identity for users in our system*, and for that you can either use google workspace or cloud identity.

* Unless you use workforce identity federation.

View solution in original post

Willie_Turney

Hi @Nova1, thanks for joining the Google Cloud Community! 👋

That link is for our former community site. We migrated all the information from there to here a few years back. Is there something specific you are looking for from the old site? Thanks!

Nova1

It's a bit of a story. We started with G-Suit and used it for the ability to manage Chromebooks in Kiosk mode. I have G-Suit setup for SAML using Azure AD as the IdP, and it auto provisions so that admins don’t need to create the identity in G-Suit (or is that Workspace? Forgive me, I don't honestly know).

Now the devs want to use Google Maps, and we've started with it. I had to setup a billing method so we could create a project and I wanted to use the G-Suit side to control access into the project. The devs were able to create API keys and such, they seem happy.

During the process to join Google Compute to our G-suite it seemed like I had to setup a trail license for Google Identity (I'm a bit fuzzy there, I was leaving for vacation). Now it seems the trail license is over.

So the question: Should I care? Do I need to get the free version of Google Identity? Is my G-suite setup the Identity and I never really needed Google Identity to begin with?

Just a little concerned and confused about how Google Identity was involved and given that the free trail expired, do I need to do something to avoid disaster.

Thanks for any insights you can provide.

Cheers,

Mike

Willie_Turney

Thanks Mike. Full disclaimer - I don't have the expertise to help with this one but maybe @goldyarora or @icrew can help with this one?

icrew

Sorry @Willie_Turney and @Nova1 , I'm out of my depth on this one.

About the only thing I can help with is to explain that GSuite was rebranded to Google Workspace back in October 2020. They didn't really change anything about the product, just its name.

I know that @KAM has mentioned Cloud Identity Free a number of times, so maybe he knows something?

Cheers,

Ian

KAM

@Nova1 Interesting. I'm afraid this is something I would look more into it such as this KB; https://cloud.google.com/identity/docs/editions -KAM

goldyarora

@Nova1 - free version of google cloud identity is enough if you simply want broad authorization (e.g users of this orgUnit can access GCP, others can't).

If you need context based authorization (e.g only allow access to xyz set of users IF they are coming from a specific geo location / IP range and have company owned devices etc), then you would need cloud identity premium.

Also, not sure if your Azure subscription includes conditional access, but if it does, one option can be to first check conditions there, and only send SAML response to Google if those conditions are met, this way google cloud identity free should be enough.

Nova1

Hi @goldyarora ,

Thanks for looking at this. Yes, Azure provides all the conditional access features via SAML, so we're good there.

Now it comes to the current state - the trial license for Google Identity has expired. Do I need to do anything (like add the free version), will the G-Suite identities still work? Basically, I want G-suite identities to work when assigned the GCP roles (roles created when GCP was connected to G-Suit).

I haven’t heard anyone scream about it, but we're kind of dispersed too. Is there a deluge of help requests in my future?

Thanks for you insights.

Cheers,
Mike

goldyarora

If you already have Google Workspace (formerly G Suite), then you can simply add Google Cloud Identity free subscription to it (reference video here https://youtu.be/BFwgb36ENuA)

Once you have it, its upto you to give your users just the cloud identity free licenses (or also give Google workspace licenses if they need messaging and collaboration).

Google Cloud Identity is good enough if you only need to access GCP, and have your email/collaboration somewhere else.

Here is some optional reading if you want to learn more about google cloud identity https://www.goldyarora.com/google-cloud-identity/

Nova1

Ok,

Let me take a stab at this:
If I have Workspace Licenses, I do not need Google Identity for GCP

If I want to grant access to GCP without burning up a Workspace License, I can assign/create/whatever the user with the free Google Identity service.

Is this true?

Thanks
Mike

goldyarora

Yes, you would need google workspace if you want to give your users access to apps like Gmail, but if your messaging and collaboration runs anywhere else (e.g office 365), and you only want to use GCP, then cloud identity free licenses should be good enough.

You need an identity for users in our system*, and for that you can either use google workspace or cloud identity.

* Unless you use workforce identity federation.

Nova1

Awsome, thanks for your patience! I did manage to get hold of one of the devs, he reported all is working fine.

Cheers to you @goldyarora!
Mike