Editions
There are two editions of Cloud Identity: The premium edition and the free edition.
Cloud Identity premium edition is not required to use Google Cloud. As a Google Cloud customer, you can request additional Cloud Identity licenses at no cost. However, the premium edition has additional features not offered in the free edition.
See the tables below for the differences between Cloud Identity Premium Edition and the free edition.
Note: For a list of features for different Google Workspace editions, visit Compare Google Workspace editions.
Choose between free and premium service
Device management
Note: License requirements are by user, not by device. Any users who want to sign in to a managed device must have a supported license for a feature to apply.
Fundamental endpoint management
The following features are available by default.
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Basic mobile device management | ✔ | ✔ |
| Basic passcode enforcement (mobile) | ✔ | ✔ |
| Remote account wipe (mobile) | ✔ | ✔ |
| Fundamental management for computers | ✔ | ✔ |
| Company owned computers | ✔ | ✔ |
| Remote sign-out (computers) | ✔ | ✔ |
| Endpoint verification | ✔ | ✔ |
| Google Credential Provider for Windows | ✔ | ✔ |
| Device inventory | ✔ | ✔ |
| Basic device reports | ✔ | ✔ |
| Network management | ✔ | ✔ |
| Android app management | ✔ |
Advanced endpoint management
The following features require a Cloud Identity admin to enable advanced mobile management. Advanced endpoint management also includes all the features listed for Fundamental endpoint management.
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Advanced mobile device management | ✔ | |
| Standard and strong passcode enforcement | ✔ | |
| Mobile device security policies | ✔ | |
| iOS app management | ✔ | |
| Device approvals | ✔ | |
| Windows device management | ✔ | |
| Block devices | ✔ | |
| Remote device wipe | ✔ | |
| Android work profiles | ✔ | |
| Advanced device reports | ✔ |
Enterprise endpoint management
The following features require a Cloud Identity admin to enable advanced mobile management and are restricted to the Premium edition. Enterprise endpoint management also includes all the features listed for Fundamental endpoint management and the features listed for Advanced endpoint management.
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Company owned Android devices | ✔ | |
| Zero-touch Android enrollment | ✔ | |
| Company owned iOS devices | ✔ | |
| iOS data protection | ✔ | |
| Remote device wipe (Windows) | ✔ | |
| Devices audit log | ✔ | |
| Report inactive company owned devices | ✔ | |
| Selectively distribute mobile apps | ✔ | |
| Management rules | ✔ | |
| Mobile device certificates | ✔ | |
| Context-Aware Access | ✔ |
Directory
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Basic directory management | ✔ | ✔ |
| Organizational units and groups | Unlimited | Unlimited |
| User lifecycle management | ✔ * | ✔ |
| Admin managed groups | ✔ | ✔ |
| Groups for Business | ✔ | ✔ |
| Google Cloud Directory Sync (Synchronize Active Directory and LDAP directories with Google) |
✔ | ✔ |
| Admin roles and privileges | ✔ | ✔ |
| Google Admin App for Android | ✔ | ✔ |
| Google Admin App for iOS | ✔ | ✔ |
| Admin SDK/API | ✔ | ✔ |
| Secure LDAP | ✔ |
* The Cloud Identity free edition increases your user cap by 50. To learn more, visit Your Cloud Identity free edition user cap.
Security
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| User security management | ✔ | ✔ |
| Self-service password recovery | ✔ | ✔ |
| 2-Step verification (2SV) including security key management | ✔ | ✔ |
| 2SV enforcement controls | ✔ | ✔ |
| 2SV enforcement controls with security key management | ✔ | ✔ |
| 2SV enforcement controls with security key enforcement | ✔ | ✔ |
| Password strength alert | ✔ | ✔ |
| Password management | ✔ | ✔ |
| Data loss prevention * | ✔ * | |
| First-party session management | ✔ | |
| Google security center ** | ✔ ** | |
| Context-Aware Access | ✔ |
* DLP for Drive is available to Cloud Identity Premium users who are also licensed for Google Workspace editions that include Drive audit log.
** Some features in the security center, for example, data related to Gmail and Google Drive, aren't available with Cloud Identity Premium.
Single sign-on (SSO) and automated provisioning
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Set up SSO using Google as an identity provider (IdP) to access a pre-integrated list of third-party SAML apps | Unlimited | Unlimited |
| Set up SSO using Google as an IdP to access custom SAML apps | ✔ | ✔ |
| Set up SSO using a third-party IdP with Google as a service provider | ✔ | ✔ |
| Automated user provisioning | ✔ |
Reporting
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Admin audit log | ✔ | ✔ |
| Login audit log | ✔ | ✔ |
| Security reports | ✔ | ✔ |
| SAML audit log | ✔ | ✔ |
| Groups audit log | ✔ | ✔ |
| Token audit log | ✔ | ✔ |
| App reports | ✔ | ✔ |
| Account activity reports | ✔ | ✔ |
| Devices audit log | ✔ | |
| Auto export audit logs to BigQuery | ✔ |
Chrome Browser
| Cloud Identity Free |
Cloud Identity Premium |
|
|---|---|---|
| User Policies/Reporting | ✔ | ✔ |
| Chrome Sync | ✔ | ✔ |
Billing and support
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Billing | ✔ | |
| Subscription and license management | ✔ | ✔ |
| Support | Find support with other Google Cloud and Google Workspace users at the official Google Cloud Community. | 24x7 Email, Phone, Chat |
| SLA | 99.9% |
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.