Home

Google auth in AAD but different domains

%3CLINGO-SUB%20id%3D%22lingo-sub-289324%22%20slang%3D%22en-US%22%3EGoogle%20auth%20in%20AAD%20but%20different%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-289324%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20an%20O365%20domain%20(contoso.org).%20I%20have%20a%20separate%20Google%20domain%20(northwind.org).%20Currently%20I%20sync%20users%2Fpasswords%20from%20O365%20to%20Google%20and%20the%20authentication%20is%20handled%20by%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%20Google%20respectively.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20want%20to%20integrate%20my%20Google%20auth%20into%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%20let%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ehandle%20the%20login%20-%20but%20I%20want%20to%20keep%20my%20Google%20users%20in%20their%20northwind.org%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20possible%3F%20I%20know%20I%20can%20have%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ehandle%20Google%20authentication.%20What%26nbsp%3BI%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Edon't%20know%20is%20can%20I%20have%202%20separate%20domains%20in%20my%20O365%20tenant%20-%20one%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efor%20O365%20users%20and%20one%20for%20Google%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-289324%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-290281%22%20slang%3D%22en-US%22%3ERe%3A%20Google%20auth%20in%20AAD%20but%20different%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-290281%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1726%22%20target%3D%22_blank%22%3E%40Craig%20Debbo%3C%2FA%3E!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20understood%20correctly%2C%20you%20want%20to%20authenticate%20against%20AAD%20and%20keep%20your%20existing%20Google%20and%20O365%20emails%3F%20I%20haven't%20tried%20that%20but%20sure%2C%20it%26nbsp%3Bis%20a%20supported%20scenario.%20You%20do%20need%20to%20register%20(and%20verify)%20both%20domains%20to%20AAD%2C%20configure%20Google%20SSO%20to%20use%20AAD%2C%20and%20add%20Google%20App%20to%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheck%20this%20for%20more%20details%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fgoogle-apps-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fgoogle-apps-tutorial%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20are%20looking%20for%20a%20scenario%2C%20where%20your%20emails%20are%20in%20Office%20365%20and%20you%20want%20your%20users%20to%20be%20able%20to%20login%20with%20their%20Google%20account%2C%20that%20is%20also%20supported%20scenario%20(and%20tested%20by%20me.)%20A%20bit%20more%20tricky%20to%20setup%20but%20doable.%20Let%20me%20know%20if%20you'd%20like%20know%20more%20about%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-289407%22%20slang%3D%22en-US%22%3ERe%3A%20Google%20auth%20in%20AAD%20but%20different%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-289407%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don't%20think%20so%2C%20the%20recently%20introduced%20Google%20federation%20feature%20should%20cover%20the%20auth%20process%20but%20that's%20pretty%20much%20limited%20to%20Azure%20AD%20-%20none%20of%20the%20Office%20365%20services%20will%20%22know%22%20how%20to%20handle%20such%20users.%20Though%20in%20all%20fairness%2C%20you%20can%20actually%20create%20mailboxes%20for%20%40outlook.com%20users%20now%20in%20O365%20(requires%20some%20tinkering)%20or%20give%20them%20Admin%20rights%2C%20I%20simply%20haven't%20bothered%20to%20check%20the%20Google%20scenario%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Craig Debbo
Contributor

I have an O365 domain (contoso.org). I have a separate Google domain (northwind.org). Currently I sync users/passwords from O365 to Google and the authentication is handled by AAD and Google respectively.

 

Now I want to integrate my Google auth into AAD and let AAD handle the login - but I want to keep my Google users in their northwind.org domain.

 

Is this possible? I know I can have AAD handle Google authentication. What I don't know is can I have 2 separate domains in my O365 tenant - one for O365 users and one for Google users.

2 Replies
Highlighted

I don't think so, the recently introduced Google federation feature should cover the auth process but that's pretty much limited to Azure AD - none of the Office 365 services will "know" how to handle such users. Though in all fairness, you can actually create mailboxes for @outlook.com users now in O365 (requires some tinkering) or give them Admin rights, I simply haven't bothered to check the Google scenario :)

Hi @Craig Debbo!

 

If I understood correctly, you want to authenticate against AAD and keep your existing Google and O365 emails? I haven't tried that but sure, it is a supported scenario. You do need to register (and verify) both domains to AAD, configure Google SSO to use AAD, and add Google App to AAD.

 

Check this for more details: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial

 

If you are looking for a scenario, where your emails are in Office 365 and you want your users to be able to login with their Google account, that is also supported scenario (and tested by me.) A bit more tricky to setup but doable. Let me know if you'd like know more about this.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies