diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index 60ad9dce9e..2afa86f4c1 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -1,7 +1,7 @@ --- title: Configure federation between Google Workspace and Azure AD description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD. -ms.date: 02/10/2023 +ms.date: 02/24/2023 ms.topic: how-to --- @@ -24,7 +24,8 @@ To test federation, the following prerequisites must be met: 1. A Google Workspace environment, with users already created > [!IMPORTANT] - > Users require an email address defined in Google Workspace, which is used to match the users in Azure AD + > Users require an email address defined in Google Workspace, which is used to match the users in Azure AD. + > For more information about identity matching, see [Identity matching in Azure AD](federated-sign-in.md#identity-matching-in-azure-ad). 1. Individual Azure AD accounts already created: each Google Workspace user will require a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example: - School Data Sync (SDS) - Azure AD Connect sync for environment with on-premises AD DS @@ -38,14 +39,14 @@ To test federation, the following prerequisites must be met: 1. Select **Add app > Search for apps** and search for *microsoft* 1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select** :::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app."::: -1. On the *Google Identity Provider details* page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it will be used to setup Azure AD later -1. On the *Service provider details* page +1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it will be used to setup Azure AD later +1. On the **Service provider detail*s** page - Select the option **Signed response** - Verify that the Name ID format is set to **PERSISTENT** - Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping.\ If using Google auto-provisioning, select **Basic Information > Primary email** - Select **Continue** -1. On the *Attribute mapping* page, map the Google attributes to the Azure AD attributes +1. On the **Attribute mapping** page, map the Google attributes to the Azure AD attributes |Google Directory attributes|Azure AD attributes| |-|-| diff --git a/education/windows/images/federation/user-match-lookup-failure.png b/education/windows/images/federation/user-match-lookup-failure.png new file mode 100644 index 0000000000..93fc3a4aa2 Binary files /dev/null and b/education/windows/images/federation/user-match-lookup-failure.png differ