Google has expanded its cloud-based identity service yet again, this time offering a developer-focused identity management system. The cloud computing giant introduced the service, called Cloud Identity for Customers and Partners (CICP), last week at its Cloud Next event in London.
CICP follows a series of announcements from Google around identity management in the cloud this year. In March, it launched its Cloud Identity service, an identity management service designed to let administrators authenticate users with a range of third-party apps, alongside Google’s own. In July, at its Next 18 conference, it boosted that service with context-aware identity management, which monitors a users’ location and the context of their request when authenticating them. Google has been building this context-aware access management for six years and using it internally in a project called BeyondCorp.
This week’s announcement opens up identity and access management as a service to developers by providing them with a set of APIs to authenticate users for their own applications, while tying into Google’s infrastructure to do it reliably, at scale.
The service offers several features to developers, including a user authentication service based on the Firebase Auth multi-platform sign-in service that it acquired along with the rest of web development software company Firebase in 2014. It supports several client-side platforms including iOS, Android and web access, and also supports server-side SDKs including Node.js, Java and Python.
Developers can use SAML and OpenID Connect Federation, which is the optional add-on to the OpenID Connect authentication standard that enables sets of OpenID providers to verify information about other providers and their participants. They can use email/password verifications, and authentications by social media providers. Finally, they can also authenticate users based on phone number and SMS.
CICP also integrates with Google’s threat intelligence service to help identify accounts that are acting suspiciously and detect compromised accounts.
The service is in alpha now, and developers will be able to test it for free when it goes into public beta soon. When it reaches general availability it will be available on a subscription basis, free for those verifying with fewer than 50,000 monthly active users via social media or email/password, and for those with under 50 SAML/OpenID verifications per month. The first 10,000 phone or text-based authentications will also be free, but the service will be charged above those thresholds.
The GA version will include technical support and an SLA, and will also support two-factor authentication, which Google has invested in heavily of late. It launched its own Titan hardware-based 2FA dongle in July at Next ‘18 conference.
At the same event, Google also announced the introduction of secure LDAP access as part of Cloud Identity, enabling admins to authenticate customers to LDAP-compatible apps alongside cloud-based SaaS apps. It isn’t clear if this, or the context-aware authentication that the company has been pushing for its other identity management services, will be part of CICP at launch.