fill out the form to view the full webinar
Automating Onboarding Students and Using Microsoft to Manage G SuitE
Part 1: Configuring SSO for G Suite in Azure AD
The typical IT admin in this scenario requires their School Information System (SIS) to synchronize student data their on-prem AD, Azure AD, and G-Suite. Currently, they feel that neither Microsoft nor Google has provided them with a convenient method with which to both effectively and efficiently manage the identities in these seemingly disparate environments
By integrating Azure Active Directory with G-suite, we will be able to administratively manage an organization's on-prem AD, Azure AD, and G-suite identities from a single portal. In addition, with G-suite's identity management being delegated to Azure AD, we can redirect the SIS's synchronization from G-suite to either the on-prem AD or Azure AD.
In this way, we will have a continuous stream of data flowing from one entry point, that is reflected in all relevant directories. Such a seamless system will make the provisioning of identities, access permissions, and group memberships a simple process for IT administrators.
Part I: Configuring Single Sign-On for G Suite in Azure AD
Let’s begin by reviewing the different facets of the configuration of Single Sign-On in Azure:
The 3 areas of focus for setting up SSO integration with G Suite for our students will include
- Configuring SSO parameters in Azure and G Suite
- Enabling Automatic User provisioning from Azure AD to G Suite
- Creating Conditional Access policies to further secure G Suite identities once they are tied to Azure AD identities
To integrate G Suite with Azure AD, we first need to navigate to Enterprise Applications in our Azure portal, and add G Suite (which will be a collective of all the apps under the G Suite umbrella):
After adding the G Suite app platform, we will select SAML for our Single Sign-On experience, which will then provide us with the information we need to configure the SSO options in G Suite:
Armed with that information, we can enable SSO with third party identity providers in G Suite and fill out the required fields based on the information supplied to us in our respective SAML page:
Once we have established the SSO connection between Azure and G Suite, we will need some users assigned to our G Suite app platform:
Now that we have assigned users to the G Suite app platform, let us continue into setting the Provisioning Mode to Automatic, and provide the Google admin credentials needed to authorize Azure AD to create accounts in G Suite.
And lastly, once we have integrated Azure SSO with G Suite, we can create conditional access policies that protect identities that exist in G Suite because they are authenticated through Azure AD during sign-in:
This concludes part 1 of our series on Automating Onboarding Students and Using Microsoft To Manage G Suite.