Beyond Corp isn't a product, it's a security model where you treat everything as a publically accessible resource without any special intranets, VPNs or other gateways.
Employees use your apps the same way your customers do. Internal apps would obviously be limited to company accounts, but this simplifies security and deployment by reusing the same infrastructure and oversight across both public and private apps.
Disclaimer: I work at ScaleFT - we offer BeyondCorp-like access controls as a service for servers (SSH & RDP) and internal web apps.
Exactly right... BeyondCorp is more of a reference architecture than a product. Google's own internal implementation is what the research papers focus on, but we're seeing more companies adopt similar models by shifting access controls to the application layer, where a request can be independently authenticated (corporate IdP) and authorized (RBAC, policies) against more dynamic conditions - such as the security posture of the user's device.
The Identity piece is a critical component to the system as the user system of record, but really just one of the inputs in a BeyondCorp-like environment.
Sure. It's not a BeyondCorp product but a way to implement the BeyondCorp security model.
These are all separate pieces of architecture:
1) Corporate user database with access rights and permissions. This can be Google's G-Suite if you're already using it or this new Cloud Identity product.
2) Access to external corporate apps (like Salesforce) using OpenID or SAML connections with the above mentioned user system.
3) Access to internal or custom-built corporate apps (like a sales dashboard). You can use the APIs and build it into your app or use the IAP product to act as a smart firewall that will handle the authentication for you and just give your app a simple HTTP header with the user's name/email so you don't need to build any user auth in the app itself.
Employees use your apps the same way your customers do. Internal apps would obviously be limited to company accounts, but this simplifies security and deployment by reusing the same infrastructure and oversight across both public and private apps.