Google workspace external identity configuration issue

Question

Google workspace external identity configuration issue

HK G 466

I have a configuration problem with using Google workspace as external identity provider in Azure B2B. The Microsoft official document only have ADFS as example. I looked at both the MS doc and Google doc and could not find some consistent instructions on doing do.

Anyway, I created a SAML\WS-Fed external provider configuration using the metadata from Google workspace. I also created a Web\Mobile app using the build-in Microsoft 365 template in the Google workspace admin console. When I tried the test SAML login from the app. configuration, I got the following error.

AADSTS50107: The requested federation realm object 'https://accounts.google.com/o/saml2?idpid=xxxxxxxxx' does not exist.

I am not sure where do I start my troubleshooting from here.

Anyone has done this before? Any help will be appreciated.

Thanks

Marilee Turscak-MSFT 24,231 Reputation points Microsoft Employee

2022-04-14T00:10:15.073+00:00

There is a blog post here that documents how to set up Google workspace as a third party identity provider. That error usually means that there's something missing in the integration setup or attribute mapping as discussed here.
HK G 466 Reputation points

2022-04-28T20:33:58.427+00:00

Thanks for the reply.

I think I looked at the blog. My scenario is using Google workspace as Idp with the Azure B2B External Identity Provider setup. I got mixed information from both the Office MS and Google doc.. MS said do not setup verified domain for external Idp, Google said to create verified domain in Azure. I think the information from the Google instructions is abit out-date in regarded to the B2B saml setup. But it still didn't work if I don't setup a verified domain in the Azure side.

For the attributes, I believed I used the correct one. But then, I have no way to tell based on the error message.
Vishal Patel 6 Reputation points

2022-08-17T19:36:12.223+00:00

@HK G wondering if you were able to resolve this error?
AADSTS50107: The requested federation realm object 'https://accounts.google.com/o/saml2?idpid=xxxxxxxxx' does not exist.
@Marilee Turscak-MSFT any other suggestion to resolve the error?

This is for Google Workspace Domain federation, adding Google as IDP to AAD.

Marilee Turscak-MSFT 24,231 Reputation points Microsoft Employee

2022-04-14T00:10:15.073+00:00

There is a blog post here that documents how to set up Google workspace as a third party identity provider. That error usually means that there's something missing in the integration setup or attribute mapping as discussed here.
HK G 466 Reputation points

2022-04-28T20:33:58.427+00:00

Thanks for the reply.

I think I looked at the blog. My scenario is using Google workspace as Idp with the Azure B2B External Identity Provider setup. I got mixed information from both the Office MS and Google doc.. MS said do not setup verified domain for external Idp, Google said to create verified domain in Azure. I think the information from the Google instructions is abit out-date in regarded to the B2B saml setup. But it still didn't work if I don't setup a verified domain in the Azure side.

For the attributes, I believed I used the correct one. But then, I have no way to tell based on the error message.
Vishal Patel 6 Reputation points

2022-08-17T19:36:12.223+00:00

@HK G wondering if you were able to resolve this error?
AADSTS50107: The requested federation realm object 'https://accounts.google.com/o/saml2?idpid=xxxxxxxxx' does not exist.
@Marilee Turscak-MSFT any other suggestion to resolve the error?

This is for Google Workspace Domain federation, adding Google as IDP to AAD.

Google workspace external identity configuration issue

Activity