G-Suite as Identity Provider
Gsuite is a collection of tools and web appliction which is used to help businesses to improve productivity, collabrotion and data security.
Google has number of feature which makes it important for department, team and special-interest groups to manage their own group memberships and participate in online discussions. There is the admin console in G-Suite which supports mapping of the user when G Suite is set up for single sign-on.
Mapping allows you to automate changes to user attribute, roles, groups based on conditions that you define.It enables the user to access the application based on their attributes stored in a directory.
It will automate a one time sync from G-Suite to miniOrange even if the changes are made in the miniOrange then it will get mapped with the G-Suite automatically.
Google Groups is a service which provides discussion groups for people sharing common interests.It allows any user to freely conduct and access threaded discussions, via web interface or e-mail.
An identity and access management service provides administrators a single place where they can manage all users and cloud applications.
If you are using G Suite as user directory, you may want to use Google Group membership to determine miniOrange security levels (through group membership) or app access (through roles).
In Google apps individual can be easily mapped but when group mapping is concerned, some restrictions are imposed. these restrictions are listed below:
- Google Groups for Business limits message activity, group size, invitations, and membership. The number of transactions are restricted as well. If you reach one of the limits, your activity is temporarily restricted.
- If user exceed G-Suite gmail sending limit, they will see an error message so user can not send new messages up to 24 hours.After this suspension period, sending limits are automatically reset and the user can resume sending mail.
- Also, Google provides the API which supports only retrieving the list of groups that the user is directly a part of and not the parent groups of a user.( Suppose the user is part of Group A and the same user is a part of Group B as well which is parent group for the user. Then only the user's Group A can be retrieved.)
miniOrange with Directory Integration of G Suite
With miniOrange you can take complete control over application access, user provision and deprovision in real time and you can also add second factor authentication. Our Identity and access management system is rooted in G Suite which provides an identity for authentication. G Suite end-users will enjoy miniOrange single sign-on across desktop, web, mobile, two-factor authentication as well as the approval of applications.
Directory is a specialized database that is specially made for storage of the users and the other attributes. Directories typically store data that does not change often such as employee information, user policies, and group membership on the office network. It will automatically import the user accounts from G Suite into miniOrange, so you don't have to import them by manually. Users can synchronize with G Suite in real time so that any changes in roles, groups are reflected directly into G-Suite. It will continuously monitor G Suite for new or updated users and instantly creating/updating those users in miniOrange.
Select Google if you want to continue to use G Suite as your directory and authentication source. In this case, your users passwords will be managed by G Suite, and miniOrange authenticates users against their G Suite credentials. It will keep miniOrange updated whenever users are added or updated in G suite. New users are passed to miniOrange in the real-time after authentication using G Suite credentials. Also, G suite gets updated whenever users are added or updated in miniOrange.