Adding Google Workspace as external identity provider in Azure

Question

I am trying to setup a SAML federation partnership between Azure and Google Workspace with Workspace being the Idp.

I am looking for some good step by step guide and could not find any that I can follow. I think the high level steps are to create a Google Workspce SAML Identity providers in Azure and then create a M365\custom web\mobile app in the Workspace admin console. There are some parameters such as attribute mapping and etc which I am not sure how to configure.

Any help will be appreciated.

Thanks

Answer 1

I also wanted to add that this will be like B2B collaboration. User sign-in with their Workspace account to the Azure tenant and access the resource from there. The account should be added to Azure Active Directory once an invitation is sent. And there is not need to do any account synchronization or pre-creation.

Thanks.

Answer 2

Hi, @HK G

The following may be helpful.
The email address is specified in the SAML attribute mapping.

https://www.misuzilla.org/Blog/2019/07/26/FederatingGSuiteWithAzureActiveDirectory

Answer 3

Hi Takahitolwasa,

Thanks for the reply. I did look at the links that you provided but it doesn't seem to provide what I need. I am actually looking at adding Google Gsuite as an Identity provider in Azure. With this, I should be able to invite guest (Microsoft accounts, Azure account from other tenants) to my tenant without needing to configure the ImmutableID and\or changing the authentication mode for the specific domain in Azure. The documentation I can find so far is for Google gmail but not for Gsuite.

Thanks again.