cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Sign-in with Google social IDs is now generally available for Azure AD B2B Collaboration
By
Alex Simons (AZURE)
Published Nov 20 2019 09:00 AM 9,938 Views
Alex Simons (AZURE)
Microsoft
‎Nov 20 2019 09:00 AM

Sign-in with Google social IDs is now generally available for Azure AD B2B Collaboration

‎Nov 20 2019 09:00 AM

Howdy folks,


Yet another Ignite follow up blog to share with you today! Sign-in with Google social IDs for B2B users is now generally available—making the experience for your invited Gmail users more seamless and secure.


Azure AD B2B Collaboration continues to be a hugely popular tool for organizations of every size to collaborate with guest users. Azure AD’s support for Google social IDs makes collaboration even more seamless, enabling your partners to securely use their existing Google identities to collaborate with you. No need for them to create and manage a new account!

 

Sign in with Google social IDs is now generally available for Azure AD B2B Collaboration 1.png

 

In addition, since our public preview announcement, we studied your feedback and made a few key enhancements:

  • @googlemail.com users are now supported. In addition to @gmail.com users, invited @googlemail.com users can also sign-in with their Google social IDs.
  • Microsoft Teams support for Google users on all clients. Google users can seamlessly sign-in and collaborate on all four clients of Teams: desktop, web browser, iOS, and Android.
  • Teams support for Google users across common and tenanted authentication endpoints, like teams.microsoft.com.

You can enable signing in with Google social IDs for B2B users by going to portal.azure.com > Organizational Relationships > Identity Providers. Explore our documentation to learn more!

 

Please let us know what you think in the comments below. We look forward to hearing from you!

 

Best regards,

Alex Simons (@Alex_A_Simons)

Corporate VP of Program Management

Microsoft Identity Division

5 Comments
wroot
Silver Contributor
‎Nov 20 2019 11:25 AM
‎Nov 20 2019 11:25 AM

I'm baffled. What is Google's social ID? Do you mean Google+ or just Google ID? Google and social don't go together in my book :)

0 Likes
Like
Daniel Niccoli
Steel Contributor
‎Nov 20 2019 01:16 PM
‎Nov 20 2019 01:16 PM

Do I miss a key component or do I misunderstand the concept here? We're talking about regular, private @gmail.com users, not B2B Google Suite federation?

 

So SSO for Gmail users -- without having to create a Microsoft account -- does only work, if the user is doing all of the following? And the administrator of the inviting party then has to also configure his side of the trust relation ship? In that case I'd tell the invited party to just create a Microsoft account. It's easier for both him and our IT.

 

I really do not see the advantage of having this, when it has to be enabled per user. Especially not, if the invited party basically needs to have IT administration expertise.

 

clipboard_image_0.png

0 Likes
Like
Eric Davis
Bronze Contributor
‎Nov 22 2019 08:34 PM
‎Nov 22 2019 08:34 PM

Is this functionality coming for G Suite accounts, or is this limited to Gmail.com accounts only?

0 Likes
Like
Plenzke
Microsoft
‎Nov 25 2019 06:33 AM
‎Nov 25 2019 06:33 AM

Hi folks, let me answer the previous comments. 

 

@wroot in this context it is a gmail.com or googlemail.com address where your B2B partner signs in to an existing Google consumer / social identity.

@Daniel Niccoli This is really for the scenarios where you want to do B2B collaboration with the small 3-5 user shops which don´t have IT but already using gmail.com accounts and you do not have to ask them to create additional Microsoft accounts just for this purpose.

@Eric Davis you can do B2B federation with G-Suite users by using Azure AD B2B direct federation. You have to setup a federation trust for the specific domain your partner is using and pointing it to G-Suite for SAML / WS-Fed federation. https://docs.microsoft.com/en-us/azure/active-directory/b2b/direct-federation  

 

Cheers Peter

0 Likes
Like
ph_ly
Steel Contributor
‎Nov 27 2019 11:17 AM
‎Nov 27 2019 11:17 AM

@Plenzke  What is the expected login process for @gmail users with this enabled?

During my initial testing, it seemed like if the user followed the original emailed link (for example, when being added to a Team), then it appeared to work.


If they try to visit teams.microsoft.com and log in, then it says it can't find their account, and instead prompts to send a One Time Passcode.

 

If they try to log in via the Teams app, it's the same experience.  Should the user have to use the One Time Passcode option every time they log in w/ their Gmail account in this manner?

0 Likes
Like
Version history
Last update:
‎Jul 24 2020 01:29 AM
Updated by: