Enterprise-grade access control
Cloud Identity & Access Management (Cloud IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups, and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.
Leverage Cloud Identity, Google Cloud’s built-in managed identity to easily create or sync user accounts across applications and projects. Cloud Identity makes it easy to provision and manage users and groups, set up single sign-on, and configure multi-factor authentication directly from the Google Admin Console. With Cloud Identity you get access to the GCP Organization, which enables you to centrally manage projects via the Cloud Resource Manager.
Cloud IAM provides the right tools to manage resource permissions with minimum fuss and high automation. Map job functions within your company to groups and roles. Users get access only to what they need to get the job done, and admins can easily grant default permissions to entire groups of users.
Cloud IAM enables you to grant access to cloud resources at fine-grained levels, well beyond project-level access.
Create more granular access control policies to resources based on attributes like device security status, IP address, resource type, and date/time. These policies help ensure that the appropriate security controls are in place when granting access to cloud resources. Sign up for the Cloud IAM conditions private beta here.
We recognize that an organization’s internal structure and policies can get complex fast. Projects, workgroups, and managing who has authorization to do what all change dynamically. Cloud IAM is designed with simplicity in mind: a clean, universal interface lets you manage access control across all Google Cloud Platform resources consistently. So you learn it once, then apply everywhere.
A full audit trail history of permissions authorization, removal, and delegation gets surfaced automatically for your admins. Cloud IAM lets you focus on business policies around your resources and makes compliance easy.
Control resource permissions using a variety of options: graphically from the Cloud Platform console, programmatically via Cloud IAM methods, or using the gcloud command line interface.
CLOUD IDENTITY & ACCESS MANAGEMENT FEATURES
Fine-grained access control and visibility for centrally managing cloud resources.
Cloud IAM provides a simple and consistent access control interface for all Cloud Platform services. Learn one access control interface and apply that knowledge to all Cloud Platform resources.
Grant access to users at a resource level of granularity, rather than just project level. For example, you can create a Cloud IAM access-control policy that grants the Subscriber role to a user for a particular Cloud Pub/Sub topic.
Control access to resources based on contextual attributes like device security status, IP address, resource type, and date/time. Sign up for the Cloud IAM conditions private beta here..
Prior to Cloud IAM, you could only grant Owner, Editor, or Viewer roles to users. A wide range of services and resources now surface additional Cloud IAM roles out of the box. For example, the Cloud Pub/Sub service exposes Publisher and Subscriber roles in addition to the Owner, Editor, and Viewer roles.
Create and manage Cloud IAM policies using the Cloud Platform Console, the Cloud IAM methods, and the gcloud tool.
To ease compliance processes for your organization, a full audit trail is made available to admins without any additional effort.