Identity and Access Management (IAM) is a tool to manage fine-grained authorization for Trusted Cloud by S3NS. It lets you control who can do what on which resources. This page describes the differences between the Trusted Cloud and Google Cloud versions of IAM.
For more detailed information about IAM, see the IAM overview and the rest of the IAM documentation.
Key differences
There are some differences between the Trusted Cloud version of IAM and the Google Cloud version. Some notable differences include the following:
- Only Workforce Identity Federation and Workload Identity Federation identities can be used as principal identifiers.
- Policy Intelligence capabilities are unavailable.
- Principal access boundary (PAB) policies are unavailable.
- Privileged Access Manager (PAM) is unavailable.
A more detailed list of differences is provided in the rest of this section. If you are already familiar with Google Cloud, we recommend that you review these differences carefully, particularly before designing an application to run on Trusted Cloud. We also recommend reviewing the general differences between Trusted Cloud and Google Cloud.
If you would like to use a particular IAM feature that isn't currently available in Trusted Cloud, contact Trusted Cloud support. To be notified when new features roll out in Trusted Cloud, subscribe to the release notes.
Integrations
| Organization Policy Service | Organization Policy gives you centralized, programmatic control over your organization's resources. In Trusted Cloud, predefined organization policies are provided and can be used; however, you can't do the following:
|
Security and access control
| Identity federation | Only Workforce Identity Federation and Workload Identity Federation identities can be used as principal identifiers when creating policies in Trusted Cloud. |
| Principal access boundary policies | Principal access boundary policies let you define the resources that principals can access. These policies are unavailable in Trusted Cloud. |
| Privileged Access Manager | You can use Privileged Access Manager to control just-in-time temporary privilege elevation for select principals, and to view audit logs afterwards to find out who had access to what and when. This feature is unavailable in Trusted Cloud. |
Insights and observability
| Policy Intelligence | Policy Intelligence tools help you understand and manage your policies to proactively improve your security configuration. Policy Intelligence tools are unavailable in Trusted Cloud. As a result, the following features are unavailable:
|
Related guides
The following information might also affect how you use and design for IAM in Trusted Cloud by S3NS. These guides include general information about working in Trusted Cloud, including documentation, security and access control, billing, tooling, and service usage.
For details about other services and features in Trusted Cloud and their differences from their Google Cloud counterparts, see the product list.