Forum Discussion
Intune with G suite
Dman74 yep, it's about the identity part. If the user accounts don't exist in Azure, you cannot assign licenses and therefore also cannot MDM enroll devices.
The SSO integration enables you to do a couple of things (copy/paste):
- Control in Azure AD who has access to Google Cloud / G Suite Connector by Microsoft.
- Enable your users to be automatically signed-in to Google Cloud / G Suite Connector by Microsoft with their Azure AD accounts.
- Manage your accounts in one central location - the Azure portal.
So the SSO simply enables Azure AD users to do SSO when signing in to Google with a Azure account. From what I understand reading the https://cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on, It seems to me that you will have to create user accounts in Azure and map them with accounts in Google workspace (by email address or by UPN)
I would test this in a test tenant to make sure it works like you want.
Hope this helps.
- thanks bud, So just to confirm at the very least the g suite users will need accounts setup from new in Azure AD irrespective of whether I add SSO capability
- as i have a gsuite user that's been invited - so appearing in Azure Ad as a guest. I've also applied the relevant license but i cant enrol to intune with their @gmail.com as it says i cant enrol with a personal account
Dman74 As far as I know, you will need to use an Azure AD account with the correct license, to enroll a device with Intune. This case is very interesting. I never had to deal with G suite and Intune combined before.
So I'm inviting @Rudy_Ooms_MVP, @NielsScheffers, @Moe_Kinani, @Oliver Kieselbach, @Harm_Veenstra and @Mr_Helaas, Hope you guys don't mind me spamming you with this but I know you all are very experienced with MEM too. Perhaps one of you had to deal with this kind of setup/config before.
Regards
Oktay