Solved: GCDS (Google Cloud Directory Sync) - Page 2

abrarbilalkhan · 06-22-2022 06:39 AM

Hello,

Can you please help and guide me to answer my Question will be very thankful to you

1). I want to know Does GCDS (Google Cloud Directory Sync) provide User authentication & authorization on GCP or it is done on On-premises Active Directory ?

2). If On-premise is Down GCDS will work or not means GCDS will provide User authentication & authorization ?

3). As GCDS is providing synchronize services i.e. User, Groups, User profiles, Shared contacts etc. so Does GCDS provide AD local Computer sync or not to GCP ?

alexmoore

1. By itself, no it does not, GCDS is a synchronisation tool that replicates identity configuration into Cloud Identity. See: https://support.google.com/a/answer/106368?hl=en - You can then use Cloud Identity to perform authentication directly in the cloud using password sync (see: https://support.google.com/a/topic/2611858?hl=en&ref_topic=7293935). Or you can optionally use it in conjunction with Single Sign On with Active Active Directory Federation Services (or other 3rd party IdP) if you need, see: https://cloud.google.com/architecture/identity/federating-gcp-with-active-directory-introduction

2. If on premises access to active directory is down then GCDS will no longer be able to synchronise changes into Cloud Identity - for example group membership changes. If you are using Cloud Identity directly for authentication, then authentication should continue to work. If however you have federated with ADFS for SSO, then if connectivity to ADFS is interrupted then at this point authentication would be interrupted also.

3. I am not 100% clear on this question, do you mean AD computer objects? In which case, no, these are not replicated as they are not relevant in Cloud Identity, see here to see what is replicated: https://support.google.com/a/answer/6120130?hl=en&ref_topic=2679497

View solution in original post