A major milestone in your Google Cloud Platform (GCP) is setting up your organization by establishing the authentication and authorization process. That can be done using Google’s own solution called Cloud Identity, an identity-as-a-service (IDaaS) solution. The solution can be federated with Azure Active Directory, Active Directory, and other identity providers. The goal is to ensure that your source of truth for all GCP-related work comes from Cloud Identity instead of asking tons of identity providers around (including personal accounts in Google Cloud Platform).
Cloud Identity has two flavors: Free and Premium. When using GCP, we can get away with using the free version. However, as a Google Cloud customer, there is a process to request additional Cloud Identity licenses at no cost. By default, you start with 50 premium licenses assigned automatically.
Google documentation (the diagram below is part of Google’s official documentation) has the Google Identity as the main process to authenticate corporate and consumer accounts. When we create our account to access Gmail or any of their services at the personal level, we create a consumer account. When we create an organization and start creating accounts, we are using managed accounts, and that type of account is used by both Cloud Identity and Google Workspace.
The Cloud Identity and Google Workspace share a common technical platform, including the same APIs, and even Google documentation states that they are equivalent. When we talk about Google Workspace, we discuss the former G Suite, the platform equivalent to Microsoft 365 for a Microsoft Azure cloud administrator.
In this area, Microsoft Azure has a robust and single solution: Azure AD, which has native integration with the on-premises solution that Microsoft has been developing for decades now, so for an Azure cloud administrator, this Google Identity is a little more convoluted product than we are used to.
Establishing your GCP Organization
I will be honest here. In my humble opinion, during the process, I thought it was easier to learn Burmese for fun than following the three volumes of Encyclopedia Britannica provided by Google to establish a new organization.
Logged in the GCP Console (the step where we stopped in the previous article). When ready and rested, click on Go to the Checklist (Item 2). We will select IAM & Admin, then Identity & Organization (Item 1) from the menu, and a brief description will be provided on configuring your Google Cloud and creating the organization.
A small list of 10 steps will be opened (just the first impression). The good thing is that the wizard is smart and checks your current user (Item 1), but we will focus on the first step of the list in this article (Item 2). A new blade will be displayed, and the blade has a lot of information.
The wizard has some value for sure, and it gives permissions to execute the future steps, and keep in mind that all text on the right side is just half of the story for that first step.
The other third of the same page (still on step 1) gives an option to change the documentation accordingly. We will start a greenfield deployment, and we will be selecting I’m a new customer, and then we will click on Sign up for Cloud Identity (Item 2)
Creating your Cloud Identity
This step is crucial, and we will be creating the Cloud Identity and connecting the dots in upcoming articles. On the Cloud Identity page, a welcome page explaining what the Cloud Identity can do will be displayed. Click on Next.
The second question is just gathering information about your business, name, and the number of employees. Click on Next.
The following question is to establish which country your business is located from the Cloud Identity perspective. Google does use your current IP to establish your location.
You need to define your email address, and that is not related to administration. You should use the current email that you are logged on to.
In the What’s your business’s domain name, provide your domain name FQDN (fully qualified domain name) and click Next.
On the Use this domain to set up the account page, type in the domain that we are going to use for this deployment (in our example, pconsolidated.ca).
On the What’s your name page, this question seems to be a dumb question, but they are trying to create a new administrator account. Well, it still doesn’t make sense to me, but if you want to create a new admin user, say it, right? The wizard is a little bit confusing, well, perhaps a little bit more than that...
On the How you’ll sign-in page. More confusion ahead. On this page, they want to configure a new account under the new domain, which will be the first account in the Cloud Identity. This account will be the administrator. We are going to use a different account ([email protected]).
The next question will ask for a secondary email. This email should not be in the same domain that you are configuring for GCP, in my case, anything but pconsolidated.ca.
The next few questions is Google asking permission to send you emails and for all your users (that’s right!). If you don’t feel comfortable with this as much as I do, make sure that you select No Thanks on the next two pages.
After that, you need to prove that you are human, which may not be that easy in some cases, by going through a captcha test. When they confirm that you are a carbon algorithm (aka human), click on Agree and create the account.
A final page stating that your account was created will be displayed. Click on Go to Setup to start setting up the process (Yes! So far, all those 32 questions were to get you signed up in the Cloud Identity).
Moving to Google Cloud Platform: Understand the challenges
Although the GCP interface has a nice design, the decision tree process, end-user experience, added by the sheer size of documentation to perform simple tasks, and some other glitches here and there, it might sometimes be challenging to get it right at the first time. Still, I hope the steps described in this article series will help you complete the organization process.
A Microsoft Azure guy like me definitely gets lost using GCP Console, and Microsoft makes the flow from point A to point B much easier. But fasten your seatbelts: Our Google Cloud Platform journey is just beginning!
Featured image: Shutterstock
More Google Cloud Platform Journey articles
- Google Cloud Platform journey: Logs, monitoring, and security settings
- Google Cloud Platform journey: Creating and setting up the hierarchy
- Google Cloud Platform journey: Validating your domain
- Google Cloud Platform journey by a longtime Azure Guy