Use your existing Google account to access partner resources.
Microsoft recently announced the public preview of Google ID support for B2B collaboration. So what is B2B firstly? It’s short for Business-to-business which in Active Directory or Azure Active Directory terms means
Collaboration with any partner organization, small or large. With or without Azure AD. Partners use their own credentials.
Up until now, Azure AD B2B Guests are either Employees with work or school accounts, partners with work or school accounts, or any email address. A gmail address, for example, when the invitation was redeemed, would create a “shadow” account in the inviting organisation’s Azure AD tenant, with password to be set by the guest upon redemption.
With the new Google ID federation support, gmail users (unfortunately this doesn’t include G-Suite users yet) don’t need to create a shadow account with ANOTHER password to manage, instead, Azure AD will federate with Google and allow you to log in with your normal Google authentication mechanism.
The experience is similar to accessing other systems with your google account. This is known as federation. Federation means you (in this case your Azure AD tenant) establish a trust/agreement with a third party Identity Provider (IdP) and use them for authentication. This “Trust” relationship needs to be created before you can utilise this feature. Or offer this to guests to your organisation’s Azure AD tenant. In the next post, I will walk through setting up this federation.
The great thing about this feature, even though not generally available yet, demonstrates the ability for Azure AD to federate with social Identity Providers, for example Facebook, LinkedIn, Amazon, Google etc. I bet the next social ID provider (IdP) to be supported in Azure AD will be Facebook.
If you can’t wait to see how to configure the Google Account federation in your Azure AD tenant, jump to the Microsoft instructions. You will need a group Google account to create a project.