Unable to (provisioning) sync users from Google Workspace to Entra ID using Google Cloud / G Suite Connector by Microsoft

Question

We want to sync (provision) user from GW to Entra ID.
How to proceed? There's a lot of ways to do the inverse, bring users from Azure to Google.
But our main idP is Google, and we want to sync our users from GW to EntraID

Answer 1

Hello Rb.cw,

Thanks for your question.

Microsoft only supports provisioning of users from Entra ID to Google.

Inbound provisioning is only supported for HCM apps like Successfactors or workday as Entra ID is the Source of authority for user provisioning in azure.

https://learn.microsoft.com/en-us/entra/identity/app-provisioning/user-provisioning

For a different alternative that doesn't use SCIM provisioning, You can consider federation between Google Workspace and Microsoft Entra ID.

https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust

Regards.

Please remember, to accept answer if you found the above information useful

Answer 2

@Rb.cw There are two options you can explore:

Option 1: Use MS Graph User API and build a connector that reads changes in Google Workspace and performs appropriate create/update/enable/disable operation in Entra ID.

Option 2: Use API-driven inbound provisioning and build an automation using either Logic Apps or PowerShell or your middleware of choice to periodically send Google Workspace user data to the API provisioning endpoint. Here's how this approach is different from option 1. With this option, you can also choose to export CSV files from Google Workspace, convert it to a SCIM payload and send the data to the API-driven inbound provisioning endpoint.