Not Monitored
Tag not monitored by Microsoft.
43,241 questions
Remove SSO from federated Provision users from Google to Azure AD without SSO?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 77%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Seth Clark
0
Reputation points
I work at a school that uses Google for everything. In the past I used Intune to manage our Windows devices, but it is inconvenient for our staff to have both Windows and Google accounts to remember. Last year I followed https://www.goldyarora.com/g-suite-to-office-365-sso/ and set up user provisioning from Google to MS365. The problem is that also set up SSO, which broke the ability to sign into Windows with work accounts (MS redirects to Google, but can't do that for login, so cannot authenticate for new logins). This also meant that Intune users were not logging in, and therefore not getting policies. I ended up switching to GCPW for logins, but I really miss Intune and Autopilot deployments.
If I unfederate my domain in MS365, will that leave my current users and future user provisioning in place? All I want is to have my handful of staff users replicated in MS365 and have Google manage identities (and passwords!). This Google article looks like what I should have followed at the beginning, and this Microsoft article looks like it will undo it, but I don't know what that will do to my current users. I'm looking to make this change during the summer in case something goes wrong, but I wanted advice about anything I may be misunderstanding.
Oh, and we don't have local AD.
Thanks!
Sign in to answer