ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
29 September 2018

A first look at Azure AD B2B Google federation

Profile photo for Marcus Idle - Head of CIAM.
Written by Marcus Idle

Microsoft + Google = seamless collaboration with your business partners.

Microsoft Azure AD B2B offers the promise of seamless federation with your business partners, giving you the ability to share web applications without storing credentials, and all without the hassle of ADFS.

This is all well and good if your business partners use Office 365 (AKA Azure Active Directory). However, if they use other types of directories, they have to create new credentials within Microsoft’s infrastructure – essentially a Microsoft account – to start sharing your web applications.

Well, Microsoft have now made a big dent in that problem by introducing federation with one of the biggest external directories out there – Google.

Setting up Google federation

In this article we ‘unbox’ Google federation and show you how to set it up (note that at time of writing the feature is in private preview, so some steps may change).

Step 1

The first thing you need to do is create a Google OAuth API Project.

As a pre-requisite, you need to set up Google as an IdP (Identity Provider) for Azure AD. For this, you need a Google account (best to create a shared account for your IT admins).

Once you have this in place, login to, and create a new (API) project:

Step 2

Once this has been done, you will need to configure the OAuth consent screen:

Step 3

Then add the credentials used for federating:

Once you have done all of this, the steps on the Azure Active Directory (AAD) side are pretty simple.

A buyer’s guide to Microsoft Enterprise Security

A buyer’s guide to Microsoft Enterprise Security

Remove the complexity from Microsoft’s comprehensive security technology ecosystem. Download the 43-page e-Guide today and understand:

  • What Microsoft security technologies exist – and their key features and benefits
  • How each technology integrates and works together to maximise your security
  • Microsoft 365 licensing requirements – including a handy infographic
Download e-Guide

Step 4

Head over to ‘Organizational Relationships’ under your AAD settings in the Azure Portal (remember – at the time of writing, unless you have the private preview, you won’t see this) and then click ‘Identity providers’ in the left column navigation and then ‘+Google’:

Add the Client ID and Client Secret, and click ‘Save’.

Step 5

Now you have Google federation installed, it’s time to add a new guest user:

At this point the new guest invitation will be sent. This looks just like any B2B invitation and says “you’ve been invited to access applications in [Organisation]” with a link to “Get Started”.

In my case, the “Get Started” link took the external user to a Google account chooser (this is hosted at

Once the Google account has been selected, control returns to Microsoft, where the user is asked to accept a Terms of Service screen (see picture below) before continuing on to your organisation’s MyApps page – in other words, before they get the standard B2B experience.

Screen shot asking you to accept Terms of Service related to Google Federation blog.


This is a slick implementation of federation.

The difference it makes to the end user – if they are a Gmail/Google account holder – is that they will not have to create new credentials in order to collaborate with your organisation.

The feature uses the OAuth protocol as a basis for establishing a trust between Azure AD and Google, and it all works pretty seamlessly.

It will be interesting to see further developments along these lines, such as integration with MSA (Microsoft Account), Facebook and Amazon.

Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies enable seamless user creation journeys.

Or download the identity trends e-Guide to learn what’s driving demand for modern IAM.

Want more great identity management content? Subscribe to the ThirdSpace mailing list!

Want more great identity management content? Subscribe to the ThirdSpace mailing list!

Keep your finger on the pulse of identity and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.

Profile photo for Marcus Idle - Head of CIAM.

About Marcus Idle

Head of CIAM and IP Development

Marcus Idle is our Head of External Identity. Expert in Microsoft’s Azure AD B2B and B2C technologies, Marcus is passionate about bringing cloud and external identity to life to solve business...


You may also like...


Azure AD B2B vs B2C: What are the key differences between Microsoft’s external access products?


How to reduce membership friction and stay secure with Azure AD B2C


Secure application sign-in with Azure AD B2C

Recent Blog Articles

View All
Related topics

A buyer’s guide to Microsoft security

Understand what each Microsoft technology does and how they all integrate.

Download 43-page Guide

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.