Azure AD B2B– Google Federation

By Default when inviting guests in Azure AD you can natively invite a gmail account. However what happens is when you accept the invitation you will be instructed to set a password and it will create a Microsoft Account.

image

To simplify this experience i am going to show you how to federate with google so that B2B users can sign in directly with their gmail account without having to set a password for a Microsoft account as well.

image

  • Ensure Your Project is selected
  • Navigate to OAuth Consent Screen
  • Enter an Application name
  • Under Authorized Domains add “Microsoftonline.com”
  • Click Save

image

SNAGHTML1f30f376

  • Choose Credentials from the Menu
  • Click Create Credentials
  • Select OAuth Client ID

image

SNAGHTML1f37e1ef

  • You will then be shown a screen with your client ID and Secret, keep this screen ready as we will need it when we enter the azure ad portal.

image

  • Navigate to Azure Active Directory (https://Portal.azure.com)
  • Choose Organizational Relationships
  • Select Identity Providers
  • Click +Google

image

  • Copy the Client ID and Secret from the Google Portal
  • Click Save

image

End User Experience

  • Received Invite Email:

image

  • Review Permissions

image

There we have it, after federating with google we can now accept a guest invitation and sign in directly with a gmail account instead of having to create a password.

Jake Stoker

Jake Stoker

Enteprise Mobility + Security SME