Plan the onboarding process for your corporate identities
Stay organized with collections
Save and categorize content based on your preferences.
Last reviewed 2024-06-26 UTC
The documents in the Assess and plan section help you assess your
requirements and develop a plan for onboarding your corporate identities to
Cloud Identity or Google Workspace.
Managing corporate identities is often one of the key responsibilities of
enterprise IT departments. But each organization is unique, and the way you
manage corporate identities in your organization is likely to be unique, too. To
determine the best way to use
Cloud Identity
or
Google Workspace
to manage corporate identities in your organization, it's important that you
assess your requirements.
Before you begin
Before you begin to assess and plan your Cloud Identity or
Google Workspace deployment, make sure that you do the following:
Understand the
domain model
that underpins Cloud Identity and Google Workspace.
To assess and plan your Cloud Identity or Google Workspace
deployment, follow these steps:
If you selected an architecture that uses an external IdP, learn how to
map the logical model of your external IdP to Cloud Identity or
Google Workspace.
If you use Active Directory, refer to
Federating with Active Directory
to learn how to map forests, domains, users, and groups and learn which
configuration options to consider.
Similarly, if you plan to federate with Azure Active Directory (AD), see
Federate Google Cloud with Microsoft Entra ID
for more details on how you can map tenants, domains, users, and groups.
Identify and assess existing user accounts. If you haven't been using
Google Workspace or Cloud Identity, it's possible that your
organization's employees have been using consumer accounts to access Google
services. Before you set up Google Workspace or
Cloud Identity, we recommend that you analyze user accounts that
exist and how to best deal with them.
For more details on the different sets of user accounts you might have and
how they can impact your deployment, see
Assess existing user accounts.
Settle on a high-level plan for onboarding identities to
Cloud Identity or Google Workspace. In
Assess onboarding plans,
you can find a selection of proven onboarding plans, along with guidance on
how to select the plan that best suits your needs.
If you plan to use an external IdP and have identified user accounts
that need to be migrated, you might need to consider additional
requirements when configuring your external IdP. For more details, see
Assess user account consolidation impact on federation.
When you have completed your assessment and created a plan, you will be ready to
onboard your corporate identities to Cloud Identity or
Google Workspace.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-06-26 UTC."],[[["\u003cp\u003eThis section focuses on assessing requirements and planning the onboarding of corporate identities to Cloud Identity or Google Workspace.\u003c/p\u003e\n"],["\u003cp\u003eBefore starting, it is recommended to understand the domain model, determine the need for single or multiple Google Cloud organizations, and review relevant reference architectures.\u003c/p\u003e\n"],["\u003cp\u003eThe assessment process involves mapping external Identity Provider (IdP) logical models, such as Active Directory or Azure AD, to Cloud Identity or Google Workspace.\u003c/p\u003e\n"],["\u003cp\u003eIt's crucial to identify and analyze existing user accounts, especially if employees have been using consumer accounts, and determine how they will affect your deployment.\u003c/p\u003e\n"],["\u003cp\u003eA high-level plan for onboarding identities should be established, utilizing proven onboarding plans and considering the impact of external IdP usage and potential user account migrations.\u003c/p\u003e\n"]]],[],null,["# Plan the onboarding process for your corporate identities\n\nThe documents in the **Assess and plan** section help you assess your\nrequirements and develop a plan for onboarding your corporate identities to\nCloud Identity or Google Workspace.\n\nManaging corporate identities is often one of the key responsibilities of\nenterprise IT departments. But each organization is unique, and the way you\nmanage corporate identities in your organization is likely to be unique, too. To\ndetermine the best way to use\n[Cloud Identity](/identity)\nor\n[Google Workspace](https://gsuite.google.com/)\nto manage corporate identities in your organization, it's important that you\nassess your requirements.\n\nBefore you begin\n----------------\n\nBefore you begin to assess and plan your Cloud Identity or\nGoogle Workspace deployment, make sure that you do the following:\n\n- Understand the [domain model](/architecture/identity/overview-google-authentication) that underpins Cloud Identity and Google Workspace.\n- Determine whether you need a single Google Cloud organization or multiple Google Cloud organizations for your deployment. For help with this decision, see [Best practices for planning accounts and organizations](/architecture/identity/best-practices-for-planning).\n- Review the [Reference architectures](/architecture/identity/reference-architectures) article and select the architecture that most closely matches your requirements.\n- If you selected an architecture that [uses an external identity provider (IdP)](/architecture/identity/reference-architectures#using_an_external_idp), review [Best practices for federating Google Cloud with an external identity provider](/architecture/identity/best-practices-for-federating) so that you can incorporate these best practices in your design.\n\nAssess and planning your deployment\n-----------------------------------\n\nTo assess and plan your Cloud Identity or Google Workspace\ndeployment, follow these steps:\n\n1. If you selected an architecture that uses an external IdP, learn how to\n map the logical model of your external IdP to Cloud Identity or\n Google Workspace.\n\n If you use Active Directory, refer to\n [Federating with Active Directory](/architecture/identity/federating-gcp-with-active-directory-introduction)\n to learn how to map forests, domains, users, and groups and learn which\n configuration options to consider.\n\n Similarly, if you plan to federate with Azure Active Directory (AD), see\n [Federate Google Cloud with Microsoft Entra ID](/architecture/identity/federating-gcp-with-azure-active-directory)\n for more details on how you can map tenants, domains, users, and groups.\n2. Identify and assess existing user accounts. If you haven't been using\n Google Workspace or Cloud Identity, it's possible that your\n organization's employees have been using consumer accounts to access Google\n services. Before you set up Google Workspace or\n Cloud Identity, we recommend that you analyze user accounts that\n exist and how to best deal with them.\n\n For more details on the different sets of user accounts you might have and\n how they can impact your deployment, see\n [Assess existing user accounts](/architecture/identity/assessing-existing-user-accounts).\n3. Settle on a high-level plan for onboarding identities to\n Cloud Identity or Google Workspace. In\n [Assess onboarding plans](/architecture/identity/assessing-onboarding-plans),\n you can find a selection of proven onboarding plans, along with guidance on\n how to select the plan that best suits your needs.\n\n If you plan to use an external IdP and have identified user accounts\n that need to be migrated, you might need to consider additional\n requirements when configuring your external IdP. For more details, see\n [Assess user account consolidation impact on federation](/architecture/identity/assessing-consolidation-impact-on-federation).\n\nWhen you have completed your assessment and created a plan, you will be ready to\nonboard your corporate identities to Cloud Identity or\nGoogle Workspace."]]
