AUTOMATING ONBOARDING STUDENTS AND USING MICROSOFT TO MANAGE G SUITE: PART 1

August 28, 2019/

 

 

Part 1: Configuring SSO for G Suite in Azure AD

Problem

The typical IT admin in this scenario requires their School Information System (SIS) to synchronize student data their on-prem AD, Azure AD, and G-Suite. Currently, they feel that neither Microsoft nor Google has provided them with a convenient method with which to both effectively and efficiently manage the identities in these seemingly disparate environments

Objective

By integrating Azure Active Directory with G-suite, we will be able to administratively manage an organization's on-prem AD, Azure AD, and G-suite identities from a single portal. In addition, with G-suite's identity management being delegated to Azure AD, we can redirect the SIS's synchronization from G-suite to either the on-prem AD or Azure AD.

In this way, we will have a continuous stream of data flowing from one entry point, that is reflected in all relevant directories. Such a seamless system will make the provisioning of identities, access permissions, and group memberships a simple process for IT administrators.

Part I: Configuring Single Sign-On for G Suite in Azure AD

Let’s begin by reviewing the different facets of the configuration of Single Sign-On in Azure:

 

1

 

The 3 areas of focus for setting up SSO integration with G Suite for our students will include

  • Configuring SSO parameters in Azure and G Suite
  • Enabling Automatic User provisioning from Azure AD to G Suite
  • Creating Conditional Access policies to further secure G Suite identities once they are tied to Azure AD identities

To integrate G Suite with Azure AD, we first need to navigate to Enterprise Applications in our Azure portal, and add G Suite (which will be a collective of all the apps under the G Suite umbrella):

 

2

 

After adding the G Suite app platform, we will select SAML for our Single Sign-On experience, which will then provide us with the information we need to configure the SSO options in G Suite:

 

3

 

Armed with that information, we can enable SSO with third party identity providers in G Suite and fill out the required fields based on the information supplied to us in our respective SAML page:

 

4

 

Once we have established the SSO connection between Azure and G Suite, we will need some users assigned to our G Suite app platform:

 

5-1

 

Now that we have assigned users to the G Suite app platform, let us continue into setting the Provisioning Mode to Automatic, and provide the Google admin credentials needed to authorize Azure AD to create accounts in G Suite.

 

6

 

And lastly, once we have integrated Azure SSO with G Suite, we can create conditional access policies that protect identities that exist in G Suite because they are authenticated through Azure AD during sign-in:

 

7

This concludes part 1 of our series on Automating Onboarding Students and Using Microsoft To Manage G Suite.

CREATE CONDITIONS FOR LEARNING- LEARN MORE ABOUT INTUNE FOR EDUCATION

DOWNLOAD THE INTUNE FOR EDUCATION INFOGRAPHIC