question

HKG-7714 avatar image
0 Votes"
HKG-7714 asked HKG-7714 answered

Adding Google Workspace as external identity provider in Azure

I am trying to setup a SAML federation partnership between Azure and Google Workspace with Workspace being the Idp.

I am looking for some good step by step guide and could not find any that I can follow. I think the high level steps are to create a Google Workspce SAML Identity providers in Azure and then create a M365\custom web\mobile app in the Workspace admin console. There are some parameters such as attribute mapping and etc which I am not sure how to configure.

Any help will be appreciated.

Thanks

azure-active-directoryazure-ad-b2b
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

HKG-7714 avatar image
0 Votes"
HKG-7714 answered

I also wanted to add that this will be like B2B collaboration. User sign-in with their Workspace account to the Azure tenant and access the resource from there. The account should be added to Azure Active Directory once an invitation is sent. And there is not need to do any account synchronization or pre-creation.

Thanks.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TakahitoIwasa avatar image
0 Votes"
TakahitoIwasa answered

Hi, @HKG-7714

The following may be helpful.
The email address is specified in the SAML attribute mapping.

https://www.misuzilla.org/Blog/2019/07/26/FederatingGSuiteWithAzureActiveDirectory

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HKG-7714 avatar image
0 Votes"
HKG-7714 answered

Hi Takahitolwasa,

Thanks for the reply. I did look at the links that you provided but it doesn't seem to provide what I need. I am actually looking at adding Google Gsuite as an Identity provider in Azure. With this, I should be able to invite guest (Microsoft accounts, Azure account from other tenants) to my tenant without needing to configure the ImmutableID and\or changing the authentication mode for the specific domain in Azure. The documentation I can find so far is for Google gmail but not for Gsuite.

Thanks again.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.