Cloud Identity offers a free subscription option as well as a premium option with additional enterprise features for larger organizations.
Choose between free & premium service
- Cloud Identity FreeโCore identity and endpoint management for users who donโt need Google Workspace services, such as Gmail and Google Calendar.
- Cloud Identity PremiumโAdditional enterprise security, application management, and device management services.
Compare instead: Google Workspace editions
- Billing & support
- Endpoint management
- Directory
- Security & data protection
- 3rd-party app integration
- Reports & log events
- Drive and Docs editors
- Chrome browser
Billing & support
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Subscription & license management | โ | โ |
| Support | Find support with other Google Cloud & Google Workspace users in Google Cloud Communities. | 24x7 Email, Phone, Chat |
| SLA | 99.9% | |
| Billing | โ |
Endpoint management
License requirements are by user, not by device. Any users who want to sign in to a managed device must have a supported license for a feature to apply.
Device security settings
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Basic passcode enforcement (mobile) | โ | โ |
| Google Credential Provider for Windows (standalone) | โ | โ |
| Network management (ChromeOS, Meet hardware) | โ | โ |
| Advanced endpoint management* | ||
| Strong passcode enforcement | โ | |
| Network management (mobile) | โ | |
| Mobile device security policies | โ | |
| Android work profiles | โ | |
| Enterprise endpoint management* | ||
| iOS data protection | โ | |
| Mobile device certificates | โ | |
| Control access based on user and device context (Context-Aware Access) |
โ | |
* Feature set requires enabling advanced mobile management.
Device management
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Basic mobile device management | โ | โ |
| Fundamental management for computers | โ | โ |
| Endpoint verification | โ | โ |
| Company-owned device inventory (endpoints) | โ | โ |
| Remote account sign-out | โ | โ |
| Remote account wipe (mobile) | โ | โ |
| Block devices | โ | โ |
| Drive for desktop | โ | โ |
| Advanced endpoint management* | ||
| Advanced mobile management | โ | |
| Zero-touch enrollment for Android devices | โ | |
| Admin approval of devices | โ | |
| Remote device wipe | โ | |
| Windows device management | โ | |
| Enterprise endpoint management* | ||
| Company-owned device inventory (Android & iOS) | โ | |
| Mobile device management rules | โ | |
| BeyondCorp Alliance partner integrations | โ | |
* Feature set requires enabling advanced mobile management.
Mobile app management
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Public and private app management (Android) | โ | โ |
| Advanced endpoint management* | ||
| Public app management (iOS) | โ | |
| Android app runtime permissions | โ | |
| Selectively distribute mobile apps to users | โ | |
| Publish private Android web apps | โ | |
| Managed Android app settings configurations | โ | |
| Enterprise endpoint management* | ||
| Private iOS app management | โ | |
* Feature set requires enabling advanced mobile management.
Device details
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Fundamental endpoint management | ||
| Basic device details (mobile) | โ | โ |
| Basic endpoint details (computer & smart home devices) |
โ | โ |
| Basic device reports (ChromeOS & mobile) | โ | โ |
| Advanced endpoint management* | ||
| Advanced device reports (mobile) | โ | |
| Enterprise endpoint management* | ||
| Device log events | โ | |
* Feature set requires enabling advanced mobile management.
Directory
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| Basic directory management | โ | โ |
| Organizational units & groups | Unlimited | Unlimited |
| User lifecycle management | โ * | โ |
| Manage groups for your organization | โ | โ |
| Groups for Business | โ | โ |
| Google Cloud Directory Sync (Synchronize Active Directory & LDAP directories with Google) |
โ | โ |
| Admin roles & privileges | โ | โ |
| Google Admin app for Android | โ | โ |
| Google Admin app for iOS | โ | โ |
| Automate tasks with Apps Script & APIs | โ | โ |
| Secure LDAP: Connect LDAP-based apps & services | โ |
* Cloud Identity Free increases your user cap by 50. To learn more, go to Your Cloud Identity free edition user cap.
Security & data protection
| Cloud Identity Free | Cloud Identity Premium | |
|---|---|---|
| 2-Step Verification | โ | โ |
| Security keys for 2-Step Verification | โ | โ |
| Password monitoring & strength control | โ | โ |
| Collaboration with trusted external domains | โ | โ |
| Self-service password recovery | โ | โ |
| Set session length for Google Cloud services | โ | โ |
| Data exports | โ | โ |
| Data loss prevention (DLP) | โ* | |
| Control access based on user & device context (Context-Aware Access) | โ | |
| Set session length for Google services | โ | |
| Security center: Security dashboard | โ** | |
| Security center: Security investigation tool | โ** | |
| Security center: Security health page | โ** |
* DLP for Drive is available to Cloud Identity Premium users who are also licensed for Google Workspace editions that include Drive log events.
** Some Security center features are not available in Cloud Identity Premium. For example, data related to Gmail and Google Drive.
3rd-party app integration
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Set up SSO using Google as an IdP to access third-party SAML apps | โ | โ |
| Set up SSO using Google as an IdP to access custom SAML apps | โ | โ |
| Set up SSO using a third-party IdP with Google as a service provider | โ | โ |
| Automated user provisioning | โ |
Reports & log events
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Admin log events | โ | โ |
| User log events | โ | โ |
| User reports: Security | โ | โ |
| SAML log events | โ | โ |
| Groups log events | โ | โ |
| OAuth log events | โ | โ |
| Apps reports | โ | โ |
| User reports: Accounts | โ | โ |
| Device log events | โ | |
| Automatically export log events to BigQuery | โ |
Drive and Docs editors
|
Cloud Identity Free |
Cloud Identity Premium | |
|---|---|---|
| Storage per user | None, but users can use Google Workspace pooled storage | 15 GB times the number of End Users (pooled) |
| Drive sharing permissions | โ | โ |
| Google Drive for desktop | โ | โ |
| Connected Sheets | โ | โ |
| Advanced Drive auditing and reports (Drive audit log) | โ | โ |
| Turn Docs creation on or off | โ | โ |
| Shared drives | Viewer only* | Viewer only* |
| Smart chip data extraction | โ | |
| Drive inventory export | โ |
* They can comment on and edit files that are directly shared with them from shared drives.
Chrome browser
| Cloud Identity Free |
Cloud Identity Premium |
|
|---|---|---|
| User policies & reporting | โ | โ |
| Chrome sync | โ | โ |
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.