Cloud Identity offers a free subscription option as well as a premium option with additional enterprise features for larger organizations.
Choose between free & premium service
- Cloud Identity Free—Core identity and endpoint management for users who don’t need Google Workspace services, such as Gmail and Google Calendar.
- Cloud Identity Premium—Additional enterprise security, application management, and device management services.
Compare instead: Google Workspace editions
- Billing & support
- Endpoint management
- Directory
- Security & data protection
- 3rd-party app integration
- Reports & log events
- Drive and Docs editors
- Chrome browser
Billing & support
|
Cloud Identity Free |
Cloud Identity Premium | ||
|---|---|---|---|
| Subscription & license management | ✔ | ✔ | |
| Support | Find support with other Google Cloud & Google Workspace users in Google Cloud Communities. | 24x7 Email, Phone, Chat | |
| SLA | 99.9% | ||
| Billing | ✔ |
Endpoint management
License requirements are by user, not by device. Any users who want to sign in to a managed device must have a supported license for a feature to apply.
Device security settings
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Basic passcode enforcement (mobile) | ✔ | ✔ |
| Google Credential Provider for Windows (standalone) | ✔ | ✔ |
| Network management (ChromeOS, Meet hardware) | ✔ | ✔ |
| Advanced endpoint management* | ||
| Strong passcode enforcement | ✔ | |
| Network management (mobile) | ✔ | |
| Mobile device security policies | ✔ | |
| Android work profiles | ✔ | |
| Enterprise endpoint management* | ||
| iOS data protection | ✔ | |
| Mobile device certificates | ✔ | |
| Control access based on user and device context (Context-Aware Access) |
✔ | |
* Feature set requires enabling advanced mobile management.
Device management
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Basic mobile device management | ✔ | ✔ |
| Fundamental management for computers | ✔ | ✔ |
| Endpoint verification | ✔ | ✔ |
| Company-owned device inventory (endpoints) | ✔ | ✔ |
| Remote account sign-out | ✔ | ✔ |
| Remote account wipe (mobile) | ✔ | ✔ |
| Block devices | ✔ | ✔ |
| Drive for desktop | ✔ | ✔ |
| Advanced endpoint management* | ||
| Advanced mobile management | ✔ | |
| Zero-touch enrollment for Android devices | ✔ | |
| Admin approval of devices | ✔ | |
| Remote device wipe | ✔ | |
| Windows device management | ✔ | |
| Enterprise endpoint management* | ||
| Company-owned device inventory (Android & iOS) | ✔ | |
| Mobile device management rules | ✔ | |
| BeyondCorp Alliance partner integrations | ✔ | |
* Feature set requires enabling advanced mobile management.
Mobile app management
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Public and private app management (Android) | ✔ | ✔ |
| Advanced endpoint management* | ||
| Public app management (iOS) | ✔ | |
| Android app runtime permissions | ✔ | |
| Selectively distribute mobile apps to users | ✔ | |
| Publish private Android web apps | ✔ | |
| Managed Android app settings configurations | ✔ | |
| Enterprise endpoint management* | ||
| Private iOS app management | ✔ | |
* Feature set requires enabling advanced mobile management.
Device details
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Basic device details (mobile) | ✔ | ✔ |
| Basic endpoint details (computer & smart home devices) |
✔ | ✔ |
| Basic device reports (ChromeOS & mobile) | ✔ | ✔ |
| Advanced endpoint management* | ||
| Advanced device reports (mobile) | ✔ | |
| Enterprise endpoint management* | ||
| Device log events | ✔ | |
* Feature set requires enabling advanced mobile management.
Directory
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Basic directory management | ✔ | ✔ |
| Organizational units & groups | Unlimited | Unlimited |
| User lifecycle management | ✔ * | ✔ |
| Manage groups for your organization | ✔ | ✔ |
| Groups for Business | ✔ | ✔ |
| Google Cloud Directory Sync (Synchronize Active Directory & LDAP directories with Google) |
✔ | ✔ |
| Admin roles & privileges | ✔ | ✔ |
| Google Admin app for Android | ✔ | ✔ |
| Google Admin app for iOS | ✔ | ✔ |
| Automate tasks with Apps Script & APIs | ✔ | ✔ |
| Secure LDAP: Connect LDAP-based apps & services | ✔ |
* Cloud Identity Free increases your user cap by 50. To learn more, go to Your Cloud Identity free edition user cap.
Security & data protection
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| 2-Step Verification | ✔ | ✔ |
| Security keys for 2-Step Verification | ✔ | ✔ |
| Password monitoring & strength control | ✔ | ✔ |
| Collaboration with trusted external domains | ✔ | ✔ |
| Self-service password recovery | ✔ | ✔ |
| Set session length for Google Cloud services | ✔ | ✔ |
| Data exports | ✔ | ✔ |
| Data loss prevention (DLP) | ✔* | |
| Control access based on user & device context (Context-Aware Access) | ✔ | |
| Set session length for Google services | ✔ | |
| Security center: Security dashboard | ✔** | |
| Security center: Security investigation tool | ✔** | |
| Security center: Security health page | ✔** |
* DLP for Drive is available to Cloud Identity Premium users who are also licensed for Google Workspace editions that include Drive log events.
** Some Security center features are not available in Cloud Identity Premium. For example, data related to Gmail and Google Drive.
3rd-party app integration
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Set up SSO using Google as an IdP to access third-party SAML apps | ✔ | ✔ |
| Set up SSO using Google as an IdP to access custom SAML apps | ✔ | ✔ |
| Set up SSO using a third-party IdP with Google as a service provider | ✔ | ✔ |
| Automated user provisioning | ✔ |
Reports & log events
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Admin log events | ✔ | ✔ |
| User log events | ✔ | ✔ |
| User reports: Security | ✔ | ✔ |
| SAML log events | ✔ | ✔ |
| Groups log events | ✔ | ✔ |
| OAuth log events | ✔ | ✔ |
| Apps reports | ✔ | ✔ |
| User reports: Accounts | ✔ | ✔ |
| Device log events | ✔ | |
| Automatically export log events to BigQuery | ✔ |
Drive and Docs editors
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Storage per user | None, but users can use Google Workspace pooled storage | 15 GB times the number of End Users (pooled) |
| Drive sharing permissions | ✔ | ✔ |
| Google Drive for desktop | ✔ | ✔ |
| Connected Sheets | ✔ | ✔ |
| Advanced Drive auditing and reports (Drive audit log) | ✔ | ✔ |
| Turn Docs creation on or off | ✔ | ✔ |
| Shared drives | Viewer only* | Viewer only* |
| Smart chip data extraction | ✔ | |
| Drive inventory export | ✔ |
* They can comment on and edit files that are directly shared with them from shared drives.
Chrome browser
| Cloud Identity Free |
Cloud Identity Premium |
|
|---|---|---|
| User policies & reporting | ✔ | ✔ |
| Chrome sync | ✔ | ✔ |
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.