Where is [Google Cloud's Identity and Access Management (IAM)](https://docs.cloud.google.com/iam/docs/overview) source code?

Google Cloud Cloud Foundations & Onboarding
1
  1. For Identity and Access Management (IAM), Does openldap solve Identity or Access or the both?
  2. How do you implement Identity and Access Management (IAM)?
  3. Have you tried to implement Google Cloud’s Identity and Access Management (IAM)?
  4. Where is Google Cloud’s Identity and Access Management (IAM) source code? I can not find it on github.com.
  5. Do you use openldap to implement Identity and Access Management (IAM)?
2

Hello @anlex_N ,

OpenLdap is more for Identity part, like Okta or Google Workspace. Mostly OpenLdap is handling “who is” part and other systems decide “can do what” and “on which resource”.

It’s broad question.

  1. Usually, I have one IDP (source of truth) where I keep all information about users.
  2. Due to fact, that IAM needs either .gmail.com or user@GOOGLE_WORKSPACE_COM accounts, I’m using SCIM for sync between my IDP and Google Workspace.
  3. I’m using PAM for Google Cloud followed by least privilege approach.
  4. I’m making security checks each 3 months to check if our automatization for Access Management is handled properly.
  5. I’m avoiding custom roles and primitive roles.

Of course :slight_smile:

Is on private repo, where nobody except Google, have access.

Nope. I’m using enterprise solutions like Okta and AAD.

cheers,
Damian | GDE for Google Cloud

3
  1. What do you use to implement access management?
  2. What is your SCIM? show me source code?
  3. What is your PAM for Google Cloud? show me source code?
  4. Show me your architecture diagram for Google Cloud’s Identity and Access Management (IAM)?
  5. What is AAD?
  6. Where is your email address or slack id or discord id?
4

Okta, Google Workspace, Terraform, Github, PAM

System for Cross-domain Identity Management (SCIM) is an open standard protocol (RFC 7644) that automates the exchange of user identity information between identity providers (IdP) and service providers (apps).

Privileged Access Manager overview  |  Identity and Access Management (IAM)  |  Google Cloud Documentation | Nope, I will not show you my source code, as it is not for public view.

This is internal property of the company I work for, so I can’t.

Azure Active Directory

I’m not using Discord. I don;t use Slack unless is needed for work. And for sure I’ll not publish my email here :slight_smile:

5

Have you tried to use OpenLDAP or other LDAP server to sign in Google Cloud or AZure or Amazon AWS console?

6

Nope.

7

Do you know how to use OpenLDAP or other LDAP server to sign in Google Cloud or AZure or Amazon AWS?

8

LDAP schema and schema.org use the different schema, for example, LDAP inetorgperson schema have a attributetype: carLicense, but scheme.org have no such attributetype (vocabulary). Have you tried to use scheme.org’s schema in the OpenLDAP or other LDAP server ?