diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index 146fa56c8d..99b45ebcb9 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -37,19 +37,19 @@ To test federation, the following prerequisites must be met: ## Configure Google Workspace as an IdP for Microsoft Entra ID -1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges +1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges. 1. Select **Apps > Web and mobile apps** -1. Select **Add app > Search for apps** and search for *microsoft* -1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select** +1. Select **Add app > Search for apps** and search for *microsoft*. +1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**. :::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app."::: -1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later -1. On the **Service provider detail's** page - - Select the option **Signed response** - - Verify that the Name ID format is set to **PERSISTENT** - - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping.\ - If using Google autoprovisioning, select **Basic Information > Primary email** - - Select **Continue** -1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes +1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later. +1. On the **Service provider detail's** page: + - Select the option **Signed response**. + - Verify that the Name ID format is set to **PERSISTENT**. + - Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping. + If using Google autoprovisioning, select **Basic Information > Primary email**. + - Select **Continue**. +1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes. |Google Directory attributes|Microsoft Entra attributes| |-|-| @@ -58,7 +58,7 @@ To test federation, the following prerequisites must be met: > [!IMPORTANT] > You must ensure that your Microsoft Entra user account's email matches that in your Google Workspace. -1. Select **Finish** +1. Select **Finish**. Now that the app is configured, you must enable it for the users in Google Workspace: @@ -139,4 +139,4 @@ From a private browser session, navigate to https://portal.azure.com and sign in 1. The user is redirected to Google Workspace to sign in 1. After Google Workspace authentication, the user is redirected back to Microsoft Entra ID and signed in -:::image type="content" source="images/google/google-sso.gif" alt-text="A GIF that shows the user authenticating the Azure portal using a Google Workspace federated identity."::: + :::image type="content" source="images/google/google-sso.gif" alt-text="A GIF that shows the user authenticating the Azure portal using a Google Workspace federated identity.":::