The documents in the Assess and plan section help you assess your requirements and develop a plan for onboarding your corporate identities to Cloud Identity or G Suite.
Managing corporate identities is often one of the key responsibilities of enterprise IT departments. But each organization is unique, and the way you manage corporate identities in your organization is likely to be unique, too. To determine the best way to use Cloud Identity or G Suite to manage corporate identities in your organization, it's important that you assess your requirements.
Before you begin
Before you begin to assess and plan your Cloud Identity or G Suite deployment, make sure that you do the following:
- Understand the domain model that underpins Cloud Identity and G Suite.
- Determine whether you need a single Google Cloud organization or multiple Google Cloud organizations for your deployment. For help with this decision, see Best practices for planning accounts and organizations.
- Review the Reference architectures article and select the architecture that most closely matches your requirements.
- If you selected an architecture that uses an external identity provider (IdP), review Best practices for federating Google Cloud with an external identity provider so that you can incorporate these best practices in your design.
Assessing and planning your deployment
To assess and plan your Cloud Identity or G Suite deployment, follow these steps:
If you selected an architecture that uses an external IdP, learn how to map the logical model of your external IdP to Cloud Identity or G Suite.
If you use Active Directory, refer to Federating with Active Directory to learn how to map forests, domains, users, and groups and learn which configuration options to consider.
Similarly, if you plan to federate with Azure Active Directory (AD), see Federating with Azure AD for more details on how you can map tenants, domains, users, and groups.
Identify and assess existing user accounts. If you haven't been using G Suite or Cloud Identity, it's possible that your organization's employees have been using consumer accounts to access Google services. Before you set up G Suite or Cloud Identity, we recommend that you analyze user accounts that exist and how to best deal with them.
For more details on the different sets of user accounts you might have and how they can impact your deployment, see Assessing existing user accounts.
Settle on a high-level plan for onboarding identities to Cloud Identity or G Suite. In Assessing onboarding plans, you can find a selection of proven onboarding plans, along with guidance on how to select the plan that best suits your needs.
If you plan to use an external IdP and have identified user accounts that need to be migrated, you might need to consider additional requirements when configuring your external IdP. For more details, see Assessing user account consolidation impact on federation.
When you have completed your assessment and created a plan, you will be ready to onboard your corporate identities to Cloud Identity or G Suite.