The documents in the Assess and plan section help you assess your requirements and develop a plan for onboarding your corporate identities to Cloud Identity or Google Workspace.
Managing corporate identities is often one of the key responsibilities of enterprise IT departments. But each organization is unique, and the way you manage corporate identities in your organization is likely to be unique, too. To determine the best way to use Cloud Identity or Google Workspace to manage corporate identities in your organization, it's important that you assess your requirements.
Before you begin
Before you begin to assess and plan your Cloud Identity or Google Workspace deployment, make sure that you do the following:
- Understand the domain model that underpins Cloud Identity and Google Workspace.
- Determine whether you need a single Google Cloud organization or multiple Google Cloud organizations for your deployment. For help with this decision, see Best practices for planning accounts and organizations.
- Review the Reference architectures article and select the architecture that most closely matches your requirements.
- If you selected an architecture that uses an external identity provider (IdP), review Best practices for federating Google Cloud with an external identity provider so that you can incorporate these best practices in your design.
Assess and planning your deployment
To assess and plan your Cloud Identity or Google Workspace deployment, follow these steps:
If you selected an architecture that uses an external IdP, learn how to map the logical model of your external IdP to Cloud Identity or Google Workspace.
If you use Active Directory, refer to Federating with Active Directory to learn how to map forests, domains, users, and groups and learn which configuration options to consider.
Similarly, if you plan to federate with Azure Active Directory (AD), see Federating with Azure AD for more details on how you can map tenants, domains, users, and groups.
Identify and assess existing user accounts. If you haven't been using Google Workspace or Cloud Identity, it's possible that your organization's employees have been using consumer accounts to access Google services. Before you set up Google Workspace or Cloud Identity, we recommend that you analyze user accounts that exist and how to best deal with them.
For more details on the different sets of user accounts you might have and how they can impact your deployment, see Assess existing user accounts.
Settle on a high-level plan for onboarding identities to Cloud Identity or Google Workspace. In Assess onboarding plans, you can find a selection of proven onboarding plans, along with guidance on how to select the plan that best suits your needs.
If you plan to use an external IdP and have identified user accounts that need to be migrated, you might need to consider additional requirements when configuring your external IdP. For more details, see Assess user account consolidation impact on federation.
When you have completed your assessment and created a plan, you will be ready to onboard your corporate identities to Cloud Identity or Google Workspace.