Cloud Identity & Access Management
Fine-grained access control and visibility for centrally managing cloud resources.
Try It FreeEnterprise-grade access control
Cloud Identity & Access Management (Cloud IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups, and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.
Enterprise identity made easy
Leverage Cloud Identity, Google Cloud’s built-in managed identity to easily create or sync user accounts across applications and projects. Cloud Identity makes it easy to provision and manage users and groups, set up single sign-on, and configure multi-factor authentication directly from the Google Admin Console. With Cloud Identity you get access to the GCP Organization, which enables you to centrally manage projects via the Cloud Resource Manager.
The right roles
Cloud IAM provides the right tools to manage resource permissions with minimum fuss and high automation. Map job functions within your company to groups and roles. Users get access only to what they need to get the job done, and admins can easily grant default permissions to entire groups of users.
Granular resource control
Cloud IAM enables you to grant access to cloud resources at fine-grained levels, well beyond project-level access.
Context-aware access
Create more granular access control policies to resources based on attributes like device security status, IP address, resource type, and date/time. These policies help ensure that the appropriate security controls are in place when granting access to cloud resources. Sign up for the Cloud IAM conditions private beta here.
Simplicity first
We recognize that an organization’s internal structure and policies can get complex fast. Projects, workgroups, and managing who has authorization to do what all change dynamically. Cloud IAM is designed with simplicity in mind: a clean, universal interface lets you manage access control across all Google Cloud Platform resources consistently. So you learn it once, then apply everywhere.
Built-in audit trail
A full audit trail history of permissions authorization, removal, and delegation gets surfaced automatically for your admins. Cloud IAM lets you focus on business policies around your resources and makes compliance easy.
Access control your way
Control resource permissions using a variety of options: graphically from the Cloud Platform console, programmatically via Cloud IAM methods, or using the gcloud command line interface.
Cloud Identity & Access Management Features
Fine-grained access control and visibility for centrally managing cloud resources.
- Single access control interface
- Cloud IAM provides a simple and consistent access control interface for all Cloud Platform services. Learn one access control interface and apply that knowledge to all Cloud Platform resources.
- Fine-grained control
- Grant access to users at a resource level of granularity, rather than just project level. For example, you can create a Cloud IAM access-control policy that grants the Subscriber role to a user for a particular Cloud Pub/Sub topic.
- Context-aware access
- Control access to resources based on contextual attributes like device security status, IP address, resource type, and date/time. Sign up for the Cloud IAM conditions private beta here.
- Flexible roles
- Prior to Cloud IAM, you could only grant Owner, Editor, or Viewer roles to users. A wide range of services and resources now surface additional Cloud IAM roles out of the box. For example, the Cloud Pub/Sub service exposes Publisher and Subscriber roles in addition to the Owner, Editor, and Viewer roles.
- Web, programmatic, and command-line access
- Create and manage Cloud IAM policies using the Cloud Platform Console, the Cloud IAM methods, and the gcloud tool.
- Built-in audit trail
- To ease compliance processes for your organization, a full audit trail is made available to admins without any additional effort.
- Support for Cloud Identity
- Cloud IAM supports standard Google accounts. Create Cloud IAM policies granting permission to a Google group, a Google-hosted domain, a service account, or specific Google account holders using Cloud Identity. Centrally manage users and groups through the Cloud Identity Admin Console.
- Free of charge
- Cloud IAM is offered at no additional charge for all Cloud Platform customers. You will be charged only for use of other Cloud Platform services. For information on the pricing of other Cloud Platform services, see the Cloud Platform Pricing Calculator.
“ Cloud IAM will give Snapchat the ability to grant fine-grained access control to resources within a project. This allows us to compartmentalize access based on workgroups and to manage sensitive resources around individual access needs. ”
Subhash Sankuratripati Snapchat
Cloud Identity & Access Management Pricing
Cloud IAM is available to you at no additional charge.
Products or features listed on this page are in beta. For more information on our product launch stages, see here.
