GCP Identity Platform with Google IDP

0
votes

I have a web app deployed in Google Cloud Platform

In this web app, we need to setup authenticate users on google identity and authorize them based on their roles.

We tookup SAML based approach which involves

  1. Creating a SAML App to act as an Identity Provider
  2. Setup an SAML Assertion Consumer Service (ACS)
  3. Consume the Identities in the webapp via ACS

Now rather than developing an explicit ACS, can we

  1. Enable the Identity Platform in GCP
  2. Setup a SAML Provider and use it as an ACS with Google IDP

Is using Identity Platform with SAML App(Google IDP) is an established GCP Pattern????

1
google-cloud-platformgoogle-authenticationclaims-based-identitygoogle-identity
Why to use SAML instead of OAuth2???guillaume blaquiere
@guillaumeblaquiere we need both authentication and authorization(based on custom roles) in our app.. so with saml we have set the roles as sign-in attributes.. on authentication, we read the sign-in attribute and authorize the usersKalyan Chakravarthy S
Ok, got it!! I misunderstood your use case at my first glance.guillaume blaquiere

1 Answers

2
votes

Cloud Identity Platform is simply a packaging of Firebase auth in Cloud Platform. So, this authentication mechanism and protocol are well established and used broadly on internet and especially in MobileApp.

Therefore, YES, using Cloud Identity Platform with a SAML IDP is a good pattern if you handle the authorization and the authentication in the same platform/system.