deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updated Google federation doc

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-02-24 09:35:16 -05:00
parent c670a88212
commit c09f694135
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
education/windows/configure-aad-google-trust.md
View File

@ -1,7 +1,7 @@
--- ---
title: Configure federation between Google Workspace and Azure AD title: Configure federation between Google Workspace and Azure AD
description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD. description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
ms.date: 02/10/2023 ms.date: 02/24/2023
ms.topic: how-to ms.topic: how-to
--- ---
@ -24,7 +24,8 @@ To test federation, the following prerequisites must be met:
1. A Google Workspace environment, with users already created 1. A Google Workspace environment, with users already created
> [!IMPORTANT] > [!IMPORTANT]
> Users require an email address defined in Google Workspace, which is used to match the users in Azure AD > Users require an email address defined in Google Workspace, which is used to match the users in Azure AD.
> For more information about identity matching, see [Identity matching in Azure AD](federated-sign-in.md#identity-matching-in-azure-ad).
1. Individual Azure AD accounts already created: each Google Workspace user will require a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example: 1. Individual Azure AD accounts already created: each Google Workspace user will require a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example:
- School Data Sync (SDS) - School Data Sync (SDS)
- Azure AD Connect sync for environment with on-premises AD DS - Azure AD Connect sync for environment with on-premises AD DS
@ -38,14 +39,14 @@ To test federation, the following prerequisites must be met:
1. Select **Add app > Search for apps** and search for *microsoft* 1. Select **Add app > Search for apps** and search for *microsoft*
1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select** 1. In the search results page, hover over the *Microsoft Office 365 - Web (SAML)* app and select **Select**
:::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app."::: :::image type="content" source="images/google/google-admin-search-app.png" alt-text="Screenshot showing Google Workspace and the search button for Microsoft Office 365 SAML app.":::
1. On the *Google Identity Provider details* page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it will be used to setup Azure AD later 1. On the **Google Identity Provider details** page, select **Download Metadata** and take note of the location where the **IdP metadata** - *GoogleIDPMetadata.xml* - file is saved, as it will be used to setup Azure AD later
1. On the *Service provider details* page 1. On the **Service provider detail*s** page
- Select the option **Signed response** - Select the option **Signed response**
- Verify that the Name ID format is set to **PERSISTENT** - Verify that the Name ID format is set to **PERSISTENT**
- Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping.\ - Depending on how the Azure AD users have been provisioned in Azure AD, you may need to adjust the **Name ID** mapping.\
If using Google auto-provisioning, select **Basic Information > Primary email** If using Google auto-provisioning, select **Basic Information > Primary email**
- Select **Continue** - Select **Continue**
1. On the *Attribute mapping* page, map the Google attributes to the Azure AD attributes 1. On the **Attribute mapping** page, map the Google attributes to the Azure AD attributes
|Google Directory attributes|Azure AD attributes| |Google Directory attributes|Azure AD attributes|
|-|-| |-|-|

BIN
education/windows/images/federation/user-match-lookup-failure.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 666 KiB