JIT Groups, or what's next for the JIT Access projectWith Privileged Access Manager in public preview now, there’s little reason to maintain an open-source project that largely provides the same capabilities. But that doesn’t mean JIT Access is going away – instead, the project is changing focus, and its name too. Continue »
Best practices for securing SSH access to VM instancesAllowing users to connect to Google Cloud VMs using SSH is convenient and often unavoidable. But it’s not without risks. Continue »
Using libssh2 with CryptoNG and ECDSAUntil recently, libssh2’s CryptoNG backend didn’t support ECDSA. But now it does. Continue »
Consent screens and the impact of administrative controlsWhen users sign in to an application that uses Google OAuth or OpenID Connect, they typically see a consent screen. But there’s more than one type of consent screen, and the type of consent screen that users end up seeing not only depends on the publisher, but also on the administrative controls applied on the consumer side Continue »
Authenticating to Google Cloud from Azure App ServicesUsing workload identity federation, we can let Azure-hosted applications authenticate to Google Cloud using their managed identity. That also works for Azure App Services, but it requires a little extra work. Continue »
Microsoft recommending IAP DesktopMicrosoft might not be the premier source of information about Google Cloud, but their cloud security benchmark (MCSB) turns out to provide some sound advice. Continue »
Using Integrated Windows Authentication over a Google Cloud load balancerModern web applications typically use OAuth or OpenID Connect to authenticate users, but older intranet applications often still rely on Integrated Windows Authentication to deliver a single sign-on experience for users. When we migrate such an application to Google Cloud, we must be careful to choose the right load balancer, otherwise authentication might fail in subtle ways. Continue »