deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Pencil fix

Browse Source
This commit is contained in:
Padma Jayaraman 2024-12-02 17:59:23 +05:30 committed by GitHub
parent 423ee46560
commit 39deb112cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
education/windows/configure-aad-google-trust.md
View File

@ -37,19 +37,19 @@ To test federation, the following prerequisites must be met:
## Configure Google Workspace as an IdP for Microsoft Entra ID
1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges
1. Sign in to the [Google Workspace Admin Console](https://admin.google.com) with an account with *super admin* privileges.
1. Select **Apps > Web and mobile apps**
1. Select **Add app > Search for apps** and search for *microsoft*
1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**
1. Select **Add app > Search for apps** and search for *microsoft*.
1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**.
:::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app.":::
1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later
1. On the **Service provider detail's** page
- Select the option **Signed response**
- Verify that the Name ID format is set to **PERSISTENT**
- Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping.\
If using Google autoprovisioning, select **Basic Information > Primary email**
- Select **Continue**
1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes
1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it's used to set up Microsoft Entra ID later.
1. On the **Service provider detail's** page:
- Select the option **Signed response**.
- Verify that the Name ID format is set to **PERSISTENT**.
- Depending on how the Microsoft Entra users have been provisioned in Microsoft Entra ID, you might need to adjust the **Name ID** mapping.
If using Google autoprovisioning, select **Basic Information > Primary email**.
- Select **Continue**.
1. On the **Attribute mapping** page, map the Google attributes to the Microsoft Entra attributes.
|Google Directory attributes|Microsoft Entra attributes|
|-|-|
@ -58,7 +58,7 @@ To test federation, the following prerequisites must be met:
> [!IMPORTANT]
> You must ensure that your Microsoft Entra user account's email matches that in your Google Workspace.
1. Select **Finish**
1. Select **Finish**.
Now that the app is configured, you must enable it for the users in Google Workspace:
@ -139,4 +139,4 @@ From a private browser session, navigate to https://portal.azure.com and sign in
1. The user is redirected to Google Workspace to sign in
1. After Google Workspace authentication, the user is redirected back to Microsoft Entra ID and signed in
:::image type="content" source="images/google/google-sso.gif" alt-text="A GIF that shows the user authenticating the Azure portal using a Google Workspace federated identity.":::
:::image type="content" source="images/google/google-sso.gif" alt-text="A GIF that shows the user authenticating the Azure portal using a Google Workspace federated identity.":::