Microsoft + Google = seamless collaboration with your business partners.
Microsoft Azure AD B2B offers the promise of seamless federation with your business partners, giving you the ability to share web applications without storing credentials, and all without the hassle of ADFS.
This is all well and good if your business partners use Office 365 (AKA Azure Active Directory). However, if they use other types of directories, they have to create new credentials within Microsoft’s infrastructure – essentially a Microsoft account – to start sharing your web applications.
Well Microsoft have now made a big dent in that problem by introducing federation with one of the biggest external directories out there – Google.
In this article we ‘unbox’ Google federation and show you how to set it up (note that at time of writing the feature is in private preview, so some steps may change).
The first thing you need to do is create a Google OAuth API Project.
As a pre-requisite, you need to set up Google as an IdP (Identity Provider) for Azure AD. For this, you need a Google account (best to create a shared account for your IT admins).
Once you have this in place, login to https://console.developers.google.com, and create a new (API) project:
Once this has been done, you will need to configure the OAuth consent screen:
Then add the credentials used for federating:
Once you have done all of this, the steps on the Azure Active Directory (AAD) side are pretty simple.
Head over to ‘Organizational Relationships’ under your AAD settings in the Azure Portal (remember – at the time of writing, unless you have the private preview, you won’t see this) and then click ‘Identity providers’ in the left column navigation and then ‘+Google’:
Add the Client ID and Client Secret, and click ‘Save’.
Now you have Google federation installed, it’s time to add a new guest user:
At this point the new guest invitation will be sent. This looks just like any B2B invitation and says “you’ve been invited to access applications in [Organisation]” with a link to “Get Started”.
In my case, the “Get Started” link took the external user to a Google account chooser (this is hosted at https://accounts.google.com).
Once the Google account has been selected, control returns to Microsoft, where the user is asked to accept a Terms of Service screen (see picture below) before continuing on to your organisation’s MyApps page – in other words, before they get the standard B2B experience.
This is a slick implementation of federation.
The difference it makes to the end user – if they are a Gmail/Google account holder – is that they will not have to create new credentials in order to collaborate with your organisation.
The feature uses the OAuth protocol as a basis for establishing a trust between Azure AD and Google, and it all works pretty seamlessly.
It will be interesting to see further developments along these lines, such as integration with MSA (Microsoft Account), Facebook and Amazon.
Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies enable seamless user creation journeys.
Or download the identity trends e-Guide to learn what’s driving demand for modern IAM.
Automate the management of users, control corporate access and achieve business security. Book your free half-day Identity and Access Management Envisioning Workshop today.Apply for a free workshop
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.