ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
29 September 2018

A first look at Azure AD B2B Google federation

Marcus Idle

Microsoft + Google = seamless collaboration with your business partners.

Microsoft Azure AD B2B offers the promise of seamless federation with your business partners, giving you the ability to share web applications without storing credentials, and all without the hassle of ADFS.

This is all well and good if your business partners use Office 365 (AKA Azure Active Directory). However, if they use other types of directories, they have to create new credentials within Microsoft’s infrastructure – essentially a Microsoft account – to start sharing your web applications.

Well Microsoft have now made a big dent in that problem by introducing federation with one of the biggest external directories out there – Google.

 

Setting up Google federation

In this article we ‘unbox’ Google federation and show you how to set it up (note that at time of writing the feature is in private preview, so some steps may change).

Step 1

The first thing you need to do is create a Google OAuth API Project.

As a pre-requisite, you need to set up Google as an IdP (Identity Provider) for Azure AD. For this, you need a Google account (best to create a shared account for your IT admins).

Once you have this in place, login to https://console.developers.google.com, and create a new (API) project:

Step 2

Once this has been done, you will need to configure the OAuth consent screen:

Step 3

Then add the credentials used for federating:

Once you have done all of this, the steps on the Azure Active Directory (AAD) side are pretty simple.

Free e-Guide: The biggest trends in identity and access management

Download your e-Guide now to prepare for the identity challenges of tomorrow and gain:

  • Insights on the top five trends that are driving demand for IAM
  • Guidance on where your organisation should focus its time and resources
Get my free e-Guide

Step 4

Head over to ‘Organizational Relationships’ under your AAD settings in the Azure Portal (remember – at the time of writing, unless you have the private preview, you won’t see this) and then click ‘Identity providers’ in the left column navigation and then ‘+Google’:

Add the Client ID and Client Secret, and click ‘Save’.

Step 5

Now you have Google federation installed, it’s time to add a new guest user:

At this point the new guest invitation will be sent. This looks just like any B2B invitation and says “you’ve been invited to access applications in [Organisation]” with a link to “Get Started”.

In my case, the “Get Started” link took the external user to a Google account chooser (this is hosted at https://accounts.google.com).

Once the Google account has been selected, control returns to Microsoft, where the user is asked to accept a Terms of Service screen (see picture below) before continuing on to your organisation’s MyApps page – in other words, before they get the standard B2B experience.

Screen shot asking you to accept Terms of Service related to Google Federation blog.

 

Conclusion

This is a slick implementation of federation.

The difference it makes to the end user – if they are a Gmail/Google account holder – is that they will not have to create new credentials in order to collaborate with your organisation.

The feature uses the OAuth protocol as a basis for establishing a trust between Azure AD and Google, and it all works pretty seamlessly.

It will be interesting to see further developments along these lines, such as integration with MSA (Microsoft Account), Facebook and Amazon.

Next, watch the Microsoft identity stack demos to see how Microsoft’s key identity management technologies enable seamless user creation journeys.

Or download the identity trends e-Guide to learn what’s driving demand for modern IAM.

You may also like...

Blog

Secure application sign-in with Azure AD B2C

Blog

Azure AD B2C: Built-in flows vs custom policies. Which is right for you?

Blog

Enable secure user authentication with advanced flows in Azure AD B2C

Recent Blog Articles

View All
Author
Marcus Idle
Head of CIAM and IP Development
Learn More

Apply for a free Identity Management Workshop

Envision a secure future, with automated user management and controlled access.

Apply for free workshop
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.