Forum Discussion

microtech's avatar
microtech
Copper Contributor
Feb 24, 2026

Federating Two Domains to Single Google Workspace Org — IssuerUri Conflict

Problem: I'm federating two custom domains (domainA.com and domainB.com) in the same Entra tenant to Google Workspace as the IdP using New-MgDomainFederationConfiguration. Cloud-only tenant, no on-p...
Josimar-Hedler's avatar
Josimar-Hedler
MCT
Feb 28, 2026

microtech​ 

Hello

Today, Entra requires that IssuerUri be globally unique per tenant for each federated domain. This validation is applied at the internalDomainFederation object level and not just per individual domain.

Google Workspace, in turn, always uses the same Issuer/EntityID for all SAML applications within the same organization. This value is fixed and cannot be customized per domain or per application.

As a result, when attempting to federate a second domain in the same tenant pointing to the same Google Workspace organization, Entra detects that the IssuerUri is already in use and returns the error:

409 — Request_MultipleObjectsWithSameKeyValue

The -SupportMultipleDomain parameter, available in the New-MgDomainFederationConfiguration and Update-MgDomainFederationConfiguration cmdlets, does not resolve this scenario. This parameter only allows multiple domains when the IdP supports distinct IssuerUri per domain, which is not the case with Google Workspace.

Because the Google Workspace Issuer is global and immutable per organization, there is currently no supported way to federate multiple domains in the same tenant. Sign in to the same Google Workspace organization using standard domain federation.