Understand the Difference Between the Google Workspace Integration and SAML Connector

There are two ways you can connect Google Workspace to JumpCloud: our Google Workspace Integration and our Google Workspace SAML Connector.  Read this article to learn more about the benefits and use cases for each and how they can be used together.

Key Differences

The following are key differences between the directory integration and SAML connector:

Google Workspace Directory Integration

• Is an OAuth2-based integration.
• Gives you the option to manage user from JumpCloud. You can provision users, manage their attributes, and suspend them in JumpCloud or Google.
• Allows users to log into Google Workspace directly.
• Requires you to configure Multi-factor Authentication (MFA) in Google.
• Establishes JumpCloud as the password authority once users login to the JumpCloud user portal; whenever the user password or attributes change in JumpCloud, JumpCloud then updates Google Workspace.

Google Workspace SAML Connector

• Is an SAML 2.0-based integration.
• Requires you to manage users in JumpCloud. Every Google Workspace user must also be a JumpCloud user to log in to Google Workspace.
• Directs users to log in from a JumpCloud login page. Users no longer directly log in to Google Workspace. Users can launch Google Workspace from the JumpCloud User Portal.  If a user attempts to log in directly, they are redirected to sso.jumpcloud.com.
• Requires you to configure Multi-Factor Authentication in JumpCloud.
• Never updates the user’s password/attributes in Google Workspace; users are always forced to authenticate against JumpCloud.

About Google Workspace Integration

JumpCloud’s Google Workspace Integration uses OAuth to create a secure, persistent connection between Google Workspace and JumpCloud. JumpCloud becomes the authoritative source of identity, which lets you: 

• Import existing Google Workspace users.
• Export new JumpCloud users to Google Workspace. 
• Sync user attributes and passwords between JumpCloud and Google Workspace.
• Centralize user provisioning and deprovisioning.
• Give users one set of credentials to access JumpCloud, Google Workspace, and other resources you’ve integrated with JumpCloud, like systems, RADIUS, and LDAP.

We recommend our Google Workspace Integration if you want to centralize user identity and lifecycle management in JumpCloud while still having the flexibility of creating users in either JumpCloud or Google Workspace.  You can provision, update, and deprovision users in Google Workspace from JumpCloud.  You  can also provision users in Google Workspace and import them into JumpCloud.  Accounts and user profiles remain in sync.  Users only need to remember one password to access all their JumpCloud and Google resources.

About Google Workspace SAML Connector

The Google Workspace SAML Connector uses the Security Assertion Markup Language (SAML 2.0) to authenticate JumpCloud users to Google Workspace. Connect the Google Workspace SAML connector to JumpCloud to:

• Manage user access to Google Workspace.
  • You can authorize user access to Google Workspace, and you can suspend or delete user access to Google Workspace.
  • You can’t import or export user accounts with our SAML connectors. 
• Map user attributes between JumpCloud and Google Workspace so that you can customize user permissions and roles. 
• Give users one set of credentials to access JumpCloud, Google Workspace, and other resources you’ve integrated with JumpCloud, like systems, RADIUS, and LDAP.

We recommend our Google Workspace SAML connector for controlling access to Google Workspace from JumpCloud. This allows you to centralize access management from JumpCloud.  Users benefit by having a consistent experience for accessing all JumpCloud managed resources and all Google resources.    

Benefits of Using Both

We recommend our Google Workspace Integration if you want to centralize user identity and lifecycle management in JumpCloud while still having the flexibility of creating users in either JumpCloud or Google Workspace.  You can provision, update, and deprovision users in Google Workspace from JumpCloud.  You  can also provision users in Google Workspace and import them into JumpCloud.  Accounts and user profiles remain in sync.  Users only need to remember one password to access all their JumpCloud and Google resources.