Multi-Tenant Google Cloud Platform B2B SaaS Applications
Many of Google Cloud Platform’s customers and partners build B2B applications on GCP; some of these applications are available on other platforms, either on-premise or in the cloud (eg. SAP), while some take greater advantage of GCP’s managed services (eg. JDA, EnergyWorx, Leanplum) to implement Software as a Service (SaaS) on GCP.
This latter group of enterprises faces three interesting challenges:
- Managing authentication and authorization for the users of your customers.
- Addressing your customers’ concerns around isolation.
- Providing your customers with a holistic interface to all their services.
We’ll look at ways of addressing these challenges in the How-to Guides, but first a little more context.
Authentication and Authorization
- The users’ identities are probably not Google Cloud Identities or other supported cloud-native identities; typical enterprise identities are managed by Active Directory.
- Google Cloud Platform’s user authentication and authorization infrastructure is predicated on Google accounts (eg. Google Cloud Identities).
In many cases this can be bridged by service accounts; this is more difficult if you wish to expose some of GCP’s managed services directly to your customers’ end users, eg. upload files to Google Cloud Storage, run analytics on BigQuery.
The key is to apply Google Cloud’s defense-in-depth approach in a way which matches your customers expectations, which are often grounded in the hard shell, soft interior on-premise world.
When people think of SaaS applications, they often think of UI. However, many of your customers also require programmatic ways of being able to interact with your SaaS services (eg. Google Drive API, Google Apps Script).
Google Cloud Endpoints provides an Open API compliant way of exposing your GCP services; however, many of you either have some services which will remain on-premise, or are migrating to GCP over time, and need to provide a holistic interface to all your applications include your “legacy” applications.
Read Best Practices for Enterprise Organizations to learn more about best practices underpinning this article.
Read the following guides to understand how to implement: