question

matekubi-7768 avatar image
2 Votes"
matekubi-7768 asked JacobDaniel-7622 commented

Integration between Azure and Google - SSO and User Provisioning from Google to Azure

Hello,

Scenario:
We have G Suite as an identity provider in our company. Some of users also use Azure and Office 365. We want to be able to login by using Google account to Azure Ad and later have this account in AD and assign roles and groups in AD and whole Azure. We want to change passwords in Google etc.

1) How to setup SSO from Google to Azure?

2) Is that possible to user provisioning from Google to Azure?

azure-active-directory
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

You need to integrate Google Cloud (G Suite) Connector with Azure Active Directory.

To do this, you need:

  • An Azure AD subscription.

  • Google Cloud (G Suite) Connector single sign-on (SSO) enabled subscription.

  • A Google Apps subscription or Google Cloud Platform subscription.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial

You can provision users from Azure to Google but not the other way around.

https://cloud.google.com/solutions/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

matekubi-7768 avatar image
0 Votes"
matekubi-7768 answered JacobDaniel-7622 commented

Hello,

Thanks for your response.

Mentioned by you tutorial describes the integration process in another way. From Azure to Google. As below:

  • Control in Azure AD who has access to Google Cloud (G Suite) Connector.

  • Enable your users to be automatically signed-in to Google Cloud (G Suite) Connector with their Azure AD accounts.

  • Manage your accounts in one central location - the Azure portal.

I'm looking for a solution in another way - from Google (this is an identity provider) to Azure. Can you help with this?



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Were you able to complete this? I'm also curious about signing into InTune managed machines using the identities in Google.

0 Votes 0 ·

Were YOU able to do this? we are in the same spot.

0 Votes 0 ·

Sorry using a different screenname. Yes, once you federate Google to Microsoft you'll be able to see your Google accounts in Azure AD. There are multiple ways to federate. Federation allows you to use your Google Workspace accounts in all Microsoft applications.

In order to login into your workstation with your google workspace email address, you'll have to install Google Credential Provider for Windows: https://support.google.com/a/answer/9250996?hl=en

Unfortunately it's a bit buggy so I didn't use it firmwide. My users still login with their onmicrosoft accounts initially, but then use Google credentials for everything else.

We're migrating from Google to Azure anyway.

Let me know if you have any other questions.

0 Votes 0 ·
JeevanDesarda-0592 avatar image
0 Votes"
JeevanDesarda-0592 answered

As you would like to use G Suite as IDP you need to follow this article. This article talks about how you configure Office 365 for SAML IDP.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp

This should help you get this integration working.

Thanks,

Jeevan Desarda

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.