MattChatt.co.za

Where Matt Chats about things

Sign-in

/ Azure

Google B2B sign-in for Azure AD

Use your existing Google account to access partner resources.

Microsoft recently announced the public preview of Google ID support for B2B collaboration. So what is B2B firstly? It’s short for Business-to-business which in Active Directory or Azure Active Directory terms means

Collaboration with any partner organization, small or large. With or without Azure AD. Partners use their own credentials.

Example of a B2B Guest experience when accessing shared resources for the first time.

Up until now, Azure AD B2B Guests are either Employees with work or school accounts, partners with work or school accounts, or any email address. A gmail address, for example, when the invitation was redeemed, would create a “shadow” account in the inviting organisation’s Azure AD tenant, with password to be set by the guest upon redemption.

Guest account creation before Google B2B federation

With the new Google ID federation support, gmail users (unfortunately this doesn’t include G-Suite users yet) don’t need to create a shadow account with ANOTHER password to manage, instead, Azure AD will federate with Google and allow you to log in with your normal Google authentication mechanism.

Google user allowed to sign in with existing google account

The experience is similar to accessing other systems with your google account. This is known as federation. Federation means you (in this case your Azure AD tenant) establish a trust/agreement with a third party Identity Provider (IdP) and use them for authentication. This “Trust” relationship needs to be created before you can utilise this feature. Or offer this to guests to your organisation’s Azure AD tenant. In the next post, I will walk through setting up this federation.

The great thing about this feature, even though not generally available yet, demonstrates the ability for Azure AD to federate with social Identity Providers, for example Facebook, LinkedIn, Amazon, Google etc. I bet the next social ID provider (IdP) to be supported in Azure AD will be Facebook.

Google shown as the source of authority (IdP) for a gmail user in Azure AD

If you can’t wait to see how to configure the Google Account federation in your Azure AD tenant, jump to the Microsoft instructions. You will need a group Google account to create a project.

https://docs.microsoft.com/en-us/azure/active-directory/b2b/google-federation

 

Leave a Reply

Your email address will not be published. Required fields are marked *