ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
29 September 2018

A first look at Azure AD B2B Google federation

Marcus Idle

Microsoft + Google = seamless collaboration with your business partners.

Microsoft Azure AD B2B offers the promise of seamless federation with your business partners, giving you the ability to share web applications without storing credentials, and all without the hassle of ADFS.

This is all well and good if your business partners use Office 365 (AKA Azure Active Directory). However, if they use other types of directories, they have to create new credentials within Microsoft’s infrastructure – essentially a Microsoft account – to start sharing your web applications.

Well Microsoft have now made a big dent in that problem by introducing federation with one of the biggest external directories out there – Google.

 

Setting up Google federation

In this article we ‘unbox’ Google federation and show you how to set it up (note that at time of writing the feature is in private preview, so some steps may change).

Step 1

The first thing you need to do is create a Google OAuth API Project.

As a pre-requisite, you need to set up Google as an IdP (Identity Provider) for Azure AD. For this, you need a Google account (best to create a shared account for your IT admins).

Once you have this in place, login to https://console.developers.google.com, and create a new (API) project:

Step 2

Once this has been done, you will need to configure the OAuth consent screen:

Step 3

Then add the credentials used for federating:

Once you have done all of this, the steps on the Azure Active Directory (AAD) side are pretty simple.

Step 4

Head over to ‘Organizational Relationships’ under your AAD settings in the Azure Portal (remember – at the time of writing, unless you have the private preview, you won’t see this) and then click ‘Identity providers’ in the left column navigation and then ‘+Google’:

Add the Client ID and Client Secret, and click ‘Save’.

Step 5

Now you have Google federation installed, it’s time to add a new guest user:

At this point the new guest invitation will be sent. This looks just like any B2B invitation and says “you’ve been invited to access applications in [Organisation]” with a link to “Get Started”.

In my case, the “Get Started” link took the external user to a Google account chooser (this is hosted at https://accounts.google.com).

Once the Google account has been selected, control returns to Microsoft, where the user is asked to accept a Terms of Service screen (see picture below) before continuing on to your organisation’s MyApps page – in other words, before they get the standard B2B experience.

Screen shot asking you to accept Terms of Service related to Google Federation blog.

 

Conclusion

This is a slick implementation of federation.

The difference it makes to the end user – if they are a Gmail/Google account holder – is that they will not have to create new credentials in order to collaborate with your organisation.

The feature uses the OAuth protocol as a basis for establishing a trust between Azure AD and Google, and it all works pretty seamlessly.

It will be interesting to see further developments along these lines, such as integration with MSA (Microsoft Account), Facebook and Amazon.

Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies enable seamless user creation journeys.

Or download the identity trends e-Guide to learn what’s driving demand for modern IAM.

You may also like...

Blog

Cloud identity updates from Paris: Microsoft B2C and B2B Collaboration

Blog

4 ways to improve customer engagement in retail – without using an emoji

Recent Blog Articles

View All
Author
Marcus Idle
Head of CIAM and IP Development
Learn More

Identity and Access Management Envisioning Workshop

Automate the management of users, control corporate access and achieve business security. Book your free half-day Identity and Access Management Envisioning Workshop today.

Apply for a free workshop
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.

ThirdSpace

Welcome to ThirdSpace, the new home (and new name) for Oxford Computer Group UK.

Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".

Continue to ThirdSpace
ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.