question

HKG-7714 avatar image
0 Votes"
HKG-7714 asked VishalPatel-0826 commented

Google workspace external identity configuration issue

I have a configuration problem with using Google workspace as external identity provider in Azure B2B. The Microsoft official document only have ADFS as example. I looked at both the MS doc and Google doc and could not find some consistent instructions on doing do.

Anyway, I created a SAML\WS-Fed external provider configuration using the metadata from Google workspace. I also created a Web\Mobile app using the build-in Microsoft 365 template in the Google workspace admin console. When I tried the test SAML login from the app. configuration, I got the following error.

AADSTS50107: The requested federation realm object 'https://accounts.google.com/o/saml2?idpid=xxxxxxxxx' does not exist.

I am not sure where do I start my troubleshooting from here.

Anyone has done this before? Any help will be appreciated.

Thanks

azure-active-directoryazure-ad-saml-ssoazure-ad-b2b
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

There is a blog post here that documents how to set up Google workspace as a third party identity provider. That error usually means that there's something missing in the integration setup or attribute mapping as discussed here.


0 Votes 0 ·
HKG-7714 avatar image HKG-7714 MarileeTurscak-MSFT ·

Thanks for the reply.

I think I looked at the blog. My scenario is using Google workspace as Idp with the Azure B2B External Identity Provider setup. I got mixed information from both the Office MS and Google doc.. MS said do not setup verified domain for external Idp, Google said to create verified domain in Azure. I think the information from the Google instructions is abit out-date in regarded to the B2B saml setup. But it still didn't work if I don't setup a verified domain in the Azure side.

For the attributes, I believed I used the correct one. But then, I have no way to tell based on the error message.

0 Votes 0 ·

@HKG-7714 wondering if you were able to resolve this error?
AADSTS50107: The requested federation realm object 'https://accounts.google.com/o/saml2?idpid=xxxxxxxxx' does not exist.
@MarileeTurscak-MSFT any other suggestion to resolve the error?

This is for Google Workspace Domain federation, adding Google as IDP to AAD.

0 Votes 0 ·

0 Answers