Google's new enterprise collaboration suite includes security to let companies tie it into their existing corporate directories and extend single sign-on to the online provider's hosted applications.

The result is that corporations can manage users of hosted applications just as they manage users behind the firewall.

Google is teaming with Sxip to provide Sxip Access, an identity-management platform for managing authentication, authorisation, single sign-on and provisioning/de-provisioning.

Sxip Access, which is priced on a subscription basis, can be run itself as a hosted service or deployed within the corporate network and linked to corporate directories. The hosted version is US$5 per user, per year. The appliance is $5,000, which includes a pair of appliances, plus $5 per user, per year.

Google Apps Premier is a suite that includes e-mail, document editor, spreadsheet and other collaboration tools. It is being targeted at corporate users and as an alternative to Microsoft Office even though the Google package offers no where near the feature set of Office.

With Google's security features, corporate users can evaluate the platform without worrying about having to manage users in two different places.

"The problem is that the enterprise has been working on identity management, so it can centrally manage all of its users across applications and have one directory for storing all that data," says Dick Hardt, founder and CEO of Sxip. "But then they go acquire an application that is hosted, which has its own set of profile data, authentication and provisioning. So we built Sxip Access to essentially integrate the application in the sky with what an enterprise is doing in the directory."

Hardt says when users add someone to a group in the directory that Sxip Access detects it and provisions the users.

"When the user is deleted, we do the de-provisioning on the hosted application. So the enterprise is always the authoritative source around whether or not a user's security credentials are valid," Hardt says.

Sxip is providing the service to about 22 companies running, a popular hosted CRM application.

Sxip Access, which can be used with Google Apps Premier or Education Edition, supports the use of tokens based on the Security Assertion Markup Language ( SAML ). Sxip uses something it calls "delegated authentication," which essentially relies on the corporate network to provide credentials.

The model is advantageous for companies, because they can provide those credentials in the form of a SAML token, which means a user's true corporate authentication/authorisation credentials never move beyond the walls of the company.

In addition to having Sxip host the identity service, companies can deploy a high-availability appliance at the edge of their network or run the Sxip software on a VMware Player virtual machine running on an internal server.

Last week, Google unveiled Google Apps Premier for $50 per user, per year, which includes integration with Google Docs & Spreadsheets, support for Gmail on BlackBerry mobile devices, 10GB of e-mail storage per user, round-the-clock phone support and service-level agreements promising 99.9 percent uptime. It also includes a set of APIs for integrating the tools of the suite with other corporate data sources.