Google has various products and technologies that provide identity andaccess management capabilities. This page lists some of these products, to helpyou understand what these products offer and how they differ from one another.
If you need help with understanding a specific authentication use case, seeAuthentication and authorization use cases.
Product list
- Chrome Enterprise Premium
- Cloud Identity
- Firebase Authentication
- Google Identity Services
- Google Workspace
- Identity and Access Management (IAM)
- Identity-Aware Proxy (IAP)
- Identity Platform
- Workforce Identity Federation
- Workload Identity Federation for GKE
- Workload Identity Federation
Chrome Enterprise Premium
Chrome Enterprise Premium is a zero-trust solution that letsyou provide secure access with integrated threat and data protection. You canprovide an organization's workforce access to web applications securely fromanywhere, without the need for a VPN. Chrome Enterprise Premium includesIAP, Endpoint Verification, and Chrome Enterprise.
For more information about Chrome Enterprise Premium, see theChrome Enterprise Premium overview.
Cloud Identity
Cloud Identity is an Identity as a Service (IDaaS) solution thatcentrally manages users and groups. It's built in to both Google Cloudand Google Workspace. If you are not adoptingGoogle Workspace, Cloud Identity is available as astandalone product.
For information about Cloud Identity, seeOverview of Cloud Identity.
Cloud Identity is not related toIdentity Platform.
Firebase Authentication
Firebase Authentication is the authenticationsolution provided by Firebase, a backend platform for building Web,Android, and iOS applications. Firebase Authentication includes authentication supportfor a wide array of user account types.
Identity Platform and Firebase Authentication are both based on Google Identity Services. Firebase Authentication is targeted toward consumer applications. Identity Platform is ideal for users who want to be their own identity provider, or who need the enterprise-ready functionality Identity Platform provides. For more information about the differences between these products, see Differences between Identity Platform and Firebase Authentication.
For information about Firebase Authentication, seeWhere do I start with Firebase Authentication?
For a comparison between end-user authentication options, seeAuthenticate application users.
Google Identity Services
Google Identity Services is a suite ofidentity products that support user authentication using Google Accounts,for mobile apps and web platforms. Google Identity Services include theSign In With Googlebutton, the One Tap sign-in module, and authentication libraries you can use toimplement OAuth 2.0 flows in your application.
If you're creating applications that use Google Cloud APIs and resourcesexclusively, consider using Identity Platform,which is based on Google Identity Services, instead.
For a comparison between end-user authentication options, seeAuthenticate application users.
Google Workspace
Google Workspace is a suite of businessproductivity and collaboration tools based on Google identities (GoogleAccounts). Google Workspace includes the functionality provided byCloud Identity for user management.Google Accounts provide access toGoogle's products and services, including Google Cloud.
Identity and Access Management (IAM)
IAM provides fine-grained access control forGoogle Cloud resources.
For information, see the IAM overview.
Identity-Aware Proxy (IAP)
Identity-Aware Proxy provides a centralized way to support authentication andauthorization for your applications and virtual machines (VMs).IAP can be used for applications running in Google Cloudor on-premises.
For information, seeIdentity-Aware Proxy overview.
For a comparison between end-user authentication options, seeAuthenticate application users.
Identity Platform
Identity Platform is a customer identity andaccess management (CIAM) platform that lets users sign in to your applicationsand services. Identity Platform supports a variety of ways to sign in,including email and password, Google, Facebook, and Apple.Identity Platform also supports SMS-based multi-factor authentication(MFA).
For information about authentication using Identity Platform,see Authentication.
Identity Platform is not related toCloud Identity or Identity-Aware Proxy.
Identity Platform and Firebase Authentication are both based on Google Identity Services. Firebase Authentication is targeted toward consumer applications. Identity Platform is ideal for users who want to be their own identity provider, or who need the enterprise-ready functionality Identity Platform provides. For more information about the differences between these products, see Differences between Identity Platform and Firebase Authentication.
For a comparison between end-user authentication options, seeAuthenticate application users.
Workforce Identity Federation
Workforce Identity Federation is anIAM feature that lets you configure and secure granular accessfor your workforce—employees and partners—by federating identitiesfrom an external identity provider (IdP).
Workforce Identity Federation is not the same asWorkload Identity Federation.Workforce Identity Federation and Workload Identity Federationboth aggregate identities; Workforce Identity Federation aggregates humanusers, whereas Workload Identity Federation aggregates machine workloads.
Workload Identity Federation for GKE
Workload Identity Federation for GKElets a Kubernetes service account in your GKEcluster act as an IAM service account. Workload Identity Federation for GKEis the recommended way for your workloads running on GKE toaccess Google Cloud services in a secure and manageable way.
Workload Identity Federation for GKE is not related to Workload Identity Federation.
Workload Identity Federation
Workload Identity Federation letsyou grant on-premises or multicloud workloads access to Google Cloudresources. It does so by federating identities from an external IdP, withoutrequiring a service account key.
Workload Identity Federation is not related to Workload Identity Federation for GKE.
Workload Identity Federation is not the same asWorkforce Identity Federation. Workload Identity Federation andWorkforce Identity Federation both aggregate identities;Workload Identity Federation aggregates machine workloads, whileWorkforce Identity Federation aggregates human users.
What's next
- Review a list of authentication and authorization use cases.