Configuring SSO for G Suite in Azure AD

August 29, 2019/
/by Akins IT

fill out the form to view the full webinar


Automating Onboarding Students and Using Microsoft to Manage G SuitE

Part 1: Configuring SSO for G Suite in Azure AD


The typical IT admin in this scenario requires their School Information System (SIS) to synchronize student data their on-prem AD, Azure AD, and G-Suite. Currently, they feel that neither Microsoft nor Google has provided them with a convenient method with which to both effectively and efficiently manage the identities in these seemingly disparate environments


By integrating Azure Active Directory with G-suite, we will be able to administratively manage an organization's on-prem AD, Azure AD, and G-suite identities from a single portal. In addition, with G-suite's identity management being delegated to Azure AD, we can redirect the SIS's synchronization from G-suite to either the on-prem AD or Azure AD.

In this way, we will have a continuous stream of data flowing from one entry point, that is reflected in all relevant directories. Such a seamless system will make the provisioning of identities, access permissions, and group memberships a simple process for IT administrators.

Part I: Configuring Single Sign-On for G Suite in Azure AD

Let’s begin by reviewing the different facets of the configuration of Single Sign-On in Azure:




The 3 areas of focus for setting up SSO integration with G Suite for our students will include

  • Configuring SSO parameters in Azure and G Suite
  • Enabling Automatic User provisioning from Azure AD to G Suite
  • Creating Conditional Access policies to further secure G Suite identities once they are tied to Azure AD identities

To integrate G Suite with Azure AD, we first need to navigate to Enterprise Applications in our Azure portal, and add G Suite (which will be a collective of all the apps under the G Suite umbrella):




After adding the G Suite app platform, we will select SAML for our Single Sign-On experience, which will then provide us with the information we need to configure the SSO options in G Suite:




Armed with that information, we can enable SSO with third party identity providers in G Suite and fill out the required fields based on the information supplied to us in our respective SAML page:




Once we have established the SSO connection between Azure and G Suite, we will need some users assigned to our G Suite app platform:




Now that we have assigned users to the G Suite app platform, let us continue into setting the Provisioning Mode to Automatic, and provide the Google admin credentials needed to authorize Azure AD to create accounts in G Suite.




And lastly, once we have integrated Azure SSO with G Suite, we can create conditional access policies that protect identities that exist in G Suite because they are authenticated through Azure AD during sign-in:



This concludes part 1 of our series on Automating Onboarding Students and Using Microsoft To Manage G Suite.



Contact Us