MidPoint and Google Cloud Connector - Atricore
Introducing our MidPoint connector that bridges identity management with Google Cloud Platform, enabling centralized permission management for hybrid cloud environments.
Bridging Identity Management with Google Cloud Platform
Companies operating hybrid cloud environments face a common challenge: Google Workspace users need access to Google Cloud Platform (GCP) resources, but managing permissions across multiple systems becomes complex, risky, and time-consuming.
We’ve developed a MidPoint connector that solves this problem by bridging identity management directly with GCP.
The Challenge
When your organization uses both Google Workspace and GCP, you typically end up managing user permissions in multiple places:
- Google Workspace Admin Console for email and collaboration tools
- Google Cloud Console for infrastructure and platform resources
- Your identity governance platform for everything else
This fragmentation leads to:
- Inconsistent access controls across systems
- Audit difficulties when tracking who has access to what
- Delayed provisioning as changes must be made in multiple systems
- Security risks from orphaned accounts and excessive permissions
The Solution: Centralized GCP Permission Management
Our MidPoint connector for Google Cloud Platform brings GCP IAM under centralized identity governance. Instead of managing permissions in the Google Cloud Console, you manage them through MidPoint alongside all your other identity data.
Key Benefits
1. Centralized Permission Management
GCP permissions are managed through MidPoint rather than the Google Cloud Console. Your identity team uses a single interface for all access management, reducing complexity and training requirements.
2. Google Workspace Integration
Assign GCP permissions directly to your existing Workspace users without creating separate GCP accounts. The connector maps Workspace identities to GCP IAM seamlessly.
3. Complete Roles and Permissions Support
The connector handles both standard GCP roles and custom roles you’ve defined. It works at project or organization levels with automatic synchronization when changes occur in MidPoint.
4. Service Account Control
Manage both service account and human user permissions through unified workflows. Apply the same governance policies to automated systems that you apply to human users.
5. Policy Caching and Backup
Built-in performance optimization with audit trails and recovery capabilities. The connector maintains a cache of IAM policies, enabling faster operations and providing a backup in case of issues.
How It Works
When roles are assigned or removed in MidPoint, the connector automatically synchronizes GCP IAM policies. Your systems stay updated with organizational changes without manual intervention.
The connector uses a GCP service account with appropriate IAM permissions, following the principle of least privilege. Setup follows standard MidPoint connector procedures, making deployment straightforward for teams familiar with MidPoint.
Getting Started
The connector is available on GitHub at github.com/atricore/midpoint-connector-gcp.
Requirements:
- A GCP service account with appropriate IAM permissions
- A project linked to a Google Workspace domain
- MidPoint 4.4 or later
Contact us for implementation assistance or questions about integrating GCP with your identity governance program.