Google LLC today extended the identity and access management features of its public cloud computing platform to developers, allowing them to build the same capabilities into their own applications.

It’s also bringing those features to more traditional applications, enabling secure access to these via a single identity and access management platform. The updates build on the release of Google’s Cloud Identity service, which helps its customers manage devices and apps from a single console, and provides a way for users to easily login to Google apps and services from multiple devices.

Now Google is bringing those capabilities to its users’ own apps and services with the upcoming beta release of “Cloud Identity for Customers and Partners.” The service is designed to add “Google-grade identity and access management functionality” to developers’ apps, protect their users’ accounts and help them to “scale with confidence,” Karthik Lakshminarayanan, Google’s director of product management for Cloud Identity, wrote in a blog post.

The premise is that developers can implement CICP in order to avoid building their own identity and access management systems, which Lakshminarayanan said requires considerable expertise, effort and cost.

“Based on the widely adopted Firebase and Google’s identity platforms, CICP provides a drop-in, customizable authentication service that manages the UI flows for user sign-up and sign-in,” Lakshminarayanan wrote.

Google is also tackling the more complicated problem of securely logging into traditional, or legacy, applications that rely on older infrastructure such as virtual private network servers and the Lightweight Directory Access Protocol. LDAP, as its known, provides a way to securely access traditional applications over a network, but it also requires maintaining two identity management systems because it’s not compatible with modern cloud services such as Google’s G Suite and other software-as-a-service apps.

To eliminate that complexity, has created a new feature called Secure LDAP in Cloud Identity, which enables users to access to traditional LDAP-based applications using the same credentials as they use with their Google Cloud and SaaS apps. It will roll out in coming weeks.

“With secure LDAP, Cloud Identity can now help to unify the management of cloud and on-prem identities as well as SaaS and traditional apps,” Lakshminarayanan said. “This can help to decrease complexity and cost by simplifying day-to-day work for IT, reducing the dependency on legacy identity infrastructure such as Microsoft Active Directory, and improving security by having a single place for identity and app policies.”

Holger Mueller, vice president and principal analyst at Constellation Research Inc., said next-generation applications are not easy to build, so executives will welcome any new scalable building blocks that can help them with this.

“Identity management is one of them, so being able to have access to an industry-grade identity management system is a key accelerator for faster creation and support of next-generation applications,” Mueller said. “But with building blocks comes also the danger of lock-in, so CxOs need to weigh the benefits and make the right decision for their enterprise.”

Finally, Google is also announcing new context-aware access capabilities for customers using its Cloud Identity-Aware Proxy or IAP service, which incorporates elements of its BeyondCorp approach to security. BeyondCorp is a “zero trust” security framework that shifts access controls from the perimeter to individual devices and users, allowing employees to work securely from any location without the need for a traditional virtual private network.

Cloud IAP, which is Google’s implementation of BeyondCorp for customers, now can manage access to web apps hosted on its cloud via context, including location and device security status, in addition to user identity. So for example, admins can now restrict access to applications from specific countries, rather than restricting access to specific users alone.

The context-aware access capabilities for Cloud IAP are available in beta now.

Featured image: Succo/Pixabay