question

joshfertita avatar image
0 Votes"
joshfertita asked joshfertita commented

AAD - Google Cloud User Provisioning by UPN AND Alternate (alias) email

We are planning to use the Google Cloud/G Suite Connector by Microsoft to provision Azure AD users into a new Google Cloud Instance.

For consistency reasons, we plan to map users by UPN so that they can seamlessly log into Google Cloud using their same Azure UPN.

However, their Azure AD UPN is non-routable, so can't be used as a day-to-day business email. So we also plan to provision each user with an alias email, which will be used for sending any needed Google Cloud notifications and emails.

Planned configuration:
Azure AD
UPN: employee@nonroutabledomain.com
Email: employee@domain.com

Google Cloud
Primary Email (ID): employee@nonroutabledomain.com
Alternate Email (Alias): employee@domain.com
Google Cloud will be configured with both nonroutabledomain.com and domain.com as verified primary and secondary domains.

By looking at the documentation and tutorials about the Google Cloud/G Suite Connector by Microsoft, it's not clear if it's possible to map the AAD Email field directly into the Google Cloud Alternate Email (Alias).

Do you know if this is supported by the app, or what would be the other possible options to achieve that?

Thanks!


azure-ad-user-provisioning
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ZollnerD avatar image
0 Votes"
ZollnerD answered joshfertita commented

We've got a tutorial document that includes a list of attributes in the integration: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/g-suite-provisioning-tutorial

I see primaryEmails and also two other attributes, emails.[type eq "home"].address and emails.[type eq "other"].address - I'm not intimately familiar with how each of those is consumed by Google and what the target on the API equates to in their UI/UX, but I'd suggest testing and seeing if those three attributes represent the different locations that you would need to populate data into.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ZollnerD thanks for your input.
Indeed, the tutorial provides the extensive list of target attributes. Google indeed enables to add several "Contact Info" for work, address and other. But these are just informational fields that don't serve the purpose of an alias email, which is to mirror all emails sent to the primary email to that alias.


0 Votes 0 ·