Hey mate, thanks for the video. When I click on Authorize I am being prompted to choose a google account and then instead of granting access and test the connectivity I am simply logged into the Google Cloud. Any idea why?
Does your Google account have necessary admin privileges? If you are setting up provisioning, Microsoft will include the scopes that it's requesting in OAuth consent. If your account does not have those, we have seen some odd behaviours.
great video thanks for posting. will this setup also handle password reset and how will that work? i.e. can an user reset password in google and will that sync back to AD and vice versa?
My guess would be no but I'd like to be proven wrong. I've been told SAML doesn't sync password information. You'd need a SCIM system to do that which I'm not sure Google supports Disclaimer: I'm not an expert on this. Just learning as I go.
Correct. AD directory writeback is not supported. Google does support SCIM but only for account creation in Entra ID. GCDS/Directory Sync is one way synchronization from AD to Google.
Thanks for the great video. i have a question when you enable the SSO on Google, every user will be unable to login, unless they are assigned to the Connector on Azure?, or will the unassigned users will be able to login the traditional way and the users with the connector will use the SSO?
Thank you for putting this together.
Thank you for this still relevant today.
thank you! i needed to set this up for my organization and this video helped me a lot!
Hey mate, thanks for the video. When I click on Authorize I am being prompted to choose a google account and then instead of granting access and test the connectivity I am simply logged into the Google Cloud. Any idea why?
Does your Google account have necessary admin privileges? If you are setting up provisioning, Microsoft will include the scopes that it's requesting in OAuth consent. If your account does not have those, we have seen some odd behaviours.
great video thanks for posting. will this setup also handle password reset and how will that work? i.e. can an user reset password in google and will that sync back to AD and vice versa?
My guess would be no but I'd like to be proven wrong. I've been told SAML doesn't sync password information. You'd need a SCIM system to do that which I'm not sure Google supports
Disclaimer: I'm not an expert on this. Just learning as I go.
Correct. AD directory writeback is not supported. Google does support SCIM but only for account creation in Entra ID. GCDS/Directory Sync is one way synchronization from AD to Google.
How about the other way around?
ruclips.net/video/LjsVO7ApYJ4/видео.html this video explains the process.
Thanks for the great video. i have a question when you enable the SSO on Google, every user will be unable to login, unless they are assigned to the Connector on Azure?, or will the unassigned users will be able to login the traditional way and the users with the connector will use the SSO?
You can now use partial SSO/SSO profile to exclude users from having to use SSO.
Brilliant, thank you... Do you have a video that shows how to configure azure identity provider for gcp workload identity federation?
Did you got any step i tried with steps given in gcp documentation it wasn't working
Haven't had a need to configure it but I would start with Google cloud documentation.
cloud.google.com/iam/docs/workforce-sign-in-azure-ad
Thanks