Google has various products and technologies that provide identity and access management capabilities. This page lists some of these products, to help you understand what these products offer and how they differ from one another.
If you need help with understanding a specific authentication use case, see Authentication and authorization use cases.
Product list
- Chrome Enterprise Premium
- Cloud Identity
- Firebase Authentication
- Google Identity Services
- Google Workspace
- Identity and Access Management (IAM)
- Identity-Aware Proxy (IAP)
- Identity Platform
- Workforce Identity Federation
- Workload Identity Federation for GKE
- Workload Identity Federation
Chrome Enterprise Premium
Chrome Enterprise Premium is a zero-trust solution that lets you provide secure access with integrated threat and data protection. You can provide an organization's workforce access to web applications securely from anywhere, without the need for a VPN. Chrome Enterprise Premium includes IAP, Endpoint Verification, and Chrome Enterprise.
For more information about Chrome Enterprise Premium, see the Chrome Enterprise Premium overview.
Cloud Identity
Cloud Identity is an Identity as a Service (IDaaS) solution that centrally manages users and groups. It's built in to both Google Cloud and Google Workspace. If you are not adopting Google Workspace, Cloud Identity is available as a standalone product.
For information about Cloud Identity, see Overview of Cloud Identity.
Cloud Identity is not related to Identity Platform.
Firebase Authentication
Firebase Authentication is the authentication solution provided by Firebase, a backend platform for building Web, Android, and iOS applications. Firebase Authentication includes authentication support for a wide array of user account types.
Identity Platform and Firebase Authentication are both based on Google Identity Services. Firebase Authentication is targeted toward consumer applications. Identity Platform is ideal for users who want to be their own identity provider, or who need the enterprise-ready functionality Identity Platform provides. For more information about the differences between these products, see Differences between Identity Platform and Firebase Authentication.
For information about Firebase Authentication, see Where do I start with Firebase Authentication?
For a comparison between end-user authentication options, see Authenticate application users.
Google Identity Services
Google Identity Services is a suite of identity products that support user authentication using Google Accounts, for mobile apps and web platforms. Google Identity Services include the Sign In With Google button, the One Tap sign-in module, and authentication libraries you can use to implement OAuth 2.0 flows in your application.
If you're creating applications that use Google Cloud APIs and resources exclusively, consider using Identity Platform, which is based on Google Identity Services, instead.
For a comparison between end-user authentication options, see Authenticate application users.
Google Workspace
Google Workspace is a suite of business productivity and collaboration tools based on Google identities (Google Accounts). Google Workspace includes the functionality provided by Cloud Identity for user management. Google Accounts provide access to Google's products and services, including Google Cloud.
Identity and Access Management (IAM)
IAM provides fine-grained access control for Google Cloud resources.
For information, see the IAM overview.
Identity-Aware Proxy (IAP)
Identity-Aware Proxy provides a centralized way to support authentication and authorization for your applications and virtual machines (VMs). IAP can be used for applications running in Google Cloud or on-premises.
For information, see Identity-Aware Proxy overview.
For a comparison between end-user authentication options, see Authenticate application users.
Identity Platform
Identity Platform is a customer identity and access management (CIAM) platform that lets users sign in to your applications and services. Identity Platform supports a variety of ways to sign in, including email and password, Google, Facebook, and Apple. Identity Platform also supports SMS-based multi-factor authentication (MFA).
For information about authentication using Identity Platform, see Authentication.
Identity Platform is not related to Cloud Identity or Identity-Aware Proxy.
Identity Platform and Firebase Authentication are both based on Google Identity Services. Firebase Authentication is targeted toward consumer applications. Identity Platform is ideal for users who want to be their own identity provider, or who need the enterprise-ready functionality Identity Platform provides. For more information about the differences between these products, see Differences between Identity Platform and Firebase Authentication.
For a comparison between end-user authentication options, see Authenticate application users.
Workforce Identity Federation
Workforce Identity Federation is an IAM feature that lets you configure and secure granular access for your workforce—employees and partners—by federating identities from an external identity provider (IdP).
Workforce Identity Federation is not the same as Workload Identity Federation. Workforce Identity Federation and Workload Identity Federation both aggregate identities; Workforce Identity Federation aggregates human users, whereas Workload Identity Federation aggregates machine workloads.
Workload Identity Federation for GKE
Workload Identity Federation for GKE lets a Kubernetes service account in your GKE cluster act as an IAM service account. Workload Identity Federation for GKE is the recommended way for your workloads running on GKE to access Google Cloud services in a secure and manageable way.
Workload Identity Federation for GKE is not related to Workload Identity Federation.
Workload Identity Federation
Workload Identity Federation lets you grant on-premises or multicloud workloads access to Google Cloud resources. It does so by federating identities from an external IdP, without requiring a service account key.
Workload Identity Federation is not related to Workload Identity Federation for GKE.
Workload Identity Federation is not the same as Workforce Identity Federation. Workload Identity Federation and Workforce Identity Federation both aggregate identities; Workload Identity Federation aggregates machine workloads, while Workforce Identity Federation aggregates human users.
What's next
- Review a list of authentication and authorization use cases.