Google’s enterprise collaboration suite unveiled last week includes security options that let companies tie it into their existing corporate directories and extend single sign-on to the online provider’s hosted applications.

The result is that corporations can manage users of hosted applications just like they manage users behind the firewall.

Google is teaming with Sxip to provide Sxip Access, an identity-management platform for managing authentication, authorization, single sign-on and provisioning/deprovisioning.

Sxip Access, which is priced on a subscription basis, can be run itself as a hosted service or deployed within the corporate network and linked to corporate directories. The hosted version is $5 per user, per year. The appliance is $5,000, which includes a pair of appliances, plus $5 per user, per year.

Google Apps Premier is a suite that includes e-mail, document editor, spreadsheet and other collaboration tools. It is being targeted at corporate users and as an alternative to Microsoft Office even though the Google package offers no where near the feature set of Office.

With Google’s security features, corporate users can evaluate the platform without worrying about having to manage users in two different places.

“The problem is that the enterprise has been working on identity management, so it can centrally manage all of its users across applications and have one directory for storing all that data,” says Dick Hardt, founder and CEO of Sxip. “But then they go acquire an application that is hosted, which has its own set of profile data, authentication and provisioning. So we built Sxip Access to essentially integrate the application in the sky with what an enterprise is doing in the directory.”

Hardt says when users add someone to a group in the directory that Sxip Access detects it and provisions the users.

“When the user is deleted, we do the deprovisioning on the hosted application. So the enterprise is always the authoritative source around whether or not a user’s security credentials are valid,” Hardt says.

Sxip is providing the service to about 22 companies running Salesforce.com, a popular hosted CRM application.

Sxip Access, which can be used with Google Apps Premier or Education Edition, supports the use of tokens based on the Security Assertion Markup Language (SAML). Sxip uses something it calls “delegated authentication,” which essentially relies on the corporate network to provide credentials.