Google provides optionality in how its customers manage users and endpoints. In fact, it recommends JumpCloud for organizations that are migrating from a standalone Active Directory instance.
JumpCloud provides single sign-on (SSO) to all of your resources from web apps to network devices. It also includes cross-OS device management and built-in options for patch management and remote access.
Simply put, Google and JumpCloud are better together.
Demo Overview
There are two main integration options: use a pre-built OAuth2 integration that’s included in JumpCloud’s open directory, or use a SAML connector.
To be honest, you’ll get the most out of JumpCloud if you do both. For instance, it becomes possible to adopt phishing-proof modern authentication and a zero trust security strategy built around your assets. Admins save time by doing their tasks in a single interface and users gain a consistent experience for accessing all their JumpCloud and Google Workspace resources.
We’re focused on the pre-built method for this walkthrough, because you’ll be able to keep Google as your source of truth and pick a few lucky “volunteers” without affecting production.
Prerequisites
Not every step here is necessary to complete this tutorial. However, if you want to experience your evaluation of this (and other) feature as if you’re implementing the product, we recommend the following:
- Complete the following walkthroughs (or have set up your instance with the appropriate assets on your own):
- Creating JumpCloud Admins
- Google WorkSpace account with the appropriate administrative rights and licenses to authorize the directory synchronization.
Demo Walkthrough
Are you a visual learner? Try this simulation instead!
Step 1: Create a Directory Integration
- Use the left-hand navigation menu to select Cloud Directories
- Hit the plus ( + ) sign and select Google WorkSpace from the dropdown menu
- Name the directory and hit authorize sync, which will redirect you to Google.
Resources: Google Workspace Sync
Step 2: Authorizing the Sync
- Log in as a super admin that has a strong, static password (changing passwords will break the sync)
- Allow access for JumpCloud to manage the provisioning of users on your domain; you’ll then be redirected back to JumpCloud’s admin console.
Resources: Google Workplace Integration Overview, Sync User Attributes with Google Workspace, FAQ: Google Workspace Directory Integration, Troubleshoot: Google Workspace Integration
Step 3: Select and Activate Users
- Select the users that you want to import. JumpCloud will become the password authority for those users once they login to the JumpCloud User Portal. JumpCloud manages the user and updates Google when changes to attributes or passwords are made.
- Users won’t be ready to manage until their user state is set to ‘active’.
Users will continue to log into Google WorkSpace directly, using Google’s MFA. Actions such as adding or suspending users can be performed in either platform, because it’s a directory sync.
Here’s a few more activities for your testing:
- Export JumpCloud user into WorkSpace
- Sync attributes and passwords
- provision/deprovision a user
This tutorial will show you how to do it all.
Bonus Simulations
Simulation: User Portal Password Reset
Final Results
JumpCloud is now available to manage Google users. The open directory platform makes it possible for WorkSpace users to coexist with Active Directory or Entra ID identities, or even users from another IdP like Okta. All of your users will be managed from one location.
Setting up a SAML integration will make JumpCloud the default IdP. Your users will be redirected from Google to JumpCloud for access to resources, including WorkSpace, and can be assigned to managed devices. We didn’t do that today to avoid any global changes.
Get prepped now
Download the admin app to test out on-the-go features such as password resets.
