Home

Google auth in AAD but different domains

%3CLINGO-SUB%20id%3D%22lingo-sub-289324%22%20slang%3D%22en-US%22%3EGoogle%20auth%20in%20AAD%20but%20different%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-289324%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20an%20O365%20domain%20(contoso.org).%20I%20have%20a%20separate%20Google%20domain%20(northwind.org).%20Currently%20I%20sync%20users%2Fpasswords%20from%20O365%20to%20Google%20and%20the%20authentication%20is%20handled%20by%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%20Google%20respectively.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%20I%20want%20to%20integrate%20my%20Google%20auth%20into%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%20let%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ehandle%20the%20login%20-%20but%20I%20want%20to%20keep%20my%20Google%20users%20in%20their%20northwind.org%20domain.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20possible%3F%20I%20know%20I%20can%20have%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EAAD%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ehandle%20Google%20authentication.%20What%26nbsp%3BI%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Edon't%20know%20is%20can%20I%20have%202%20separate%20domains%20in%20my%20O365%20tenant%20-%20one%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efor%20O365%20users%20and%20one%20for%20Google%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-289324%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-290281%22%20slang%3D%22en-US%22%3ERe%3A%20Google%20auth%20in%20AAD%20but%20different%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-290281%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1726%22%20target%3D%22_blank%22%3E%40Craig%20Debbo%3C%2FA%3E!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20I%20understood%20correctly%2C%20you%20want%20to%20authenticate%20against%20AAD%20and%20keep%20your%20existing%20Google%20and%20O365%20emails%3F%20I%20haven't%20tried%20that%20but%20sure%2C%20it%26nbsp%3Bis%20a%20supported%20scenario.%20You%20do%20need%20to%20register%20(and%20verify)%20both%20domains%20to%20AAD%2C%20configure%20Google%20SSO%20to%20use%20AAD%2C%20and%20add%20Google%20App%20to%20AAD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheck%20this%20for%20more%20details%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fgoogle-apps-tutorial%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fsaas-apps%2Fgoogle-apps-tutorial%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20are%20looking%20for%20a%20scenario%2C%20where%20your%20emails%20are%20in%20Office%20365%20and%20you%20want%20your%20users%20to%20be%20able%20to%20login%20with%20their%20Google%20account%2C%20that%20is%20also%20supported%20scenario%20(and%20tested%20by%20me.)%20A%20bit%20more%20tricky%20to%20setup%20but%20doable.%20Let%20me%20know%20if%20you'd%20like%20know%20more%20about%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-289407%22%20slang%3D%22en-US%22%3ERe%3A%20Google%20auth%20in%20AAD%20but%20different%20domains%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-289407%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don't%20think%20so%2C%20the%20recently%20introduced%20Google%20federation%20feature%20should%20cover%20the%20auth%20process%20but%20that's%20pretty%20much%20limited%20to%20Azure%20AD%20-%20none%20of%20the%20Office%20365%20services%20will%20%22know%22%20how%20to%20handle%20such%20users.%20Though%20in%20all%20fairness%2C%20you%20can%20actually%20create%20mailboxes%20for%20%40outlook.com%20users%20now%20in%20O365%20(requires%20some%20tinkering)%20or%20give%20them%20Admin%20rights%2C%20I%20simply%20haven't%20bothered%20to%20check%20the%20Google%20scenario%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Craig Debbo
Contributor

I have an O365 domain (contoso.org). I have a separate Google domain (northwind.org). Currently I sync users/passwords from O365 to Google and the authentication is handled by AAD and Google respectively.

 

Now I want to integrate my Google auth into AAD and let AAD handle the login - but I want to keep my Google users in their northwind.org domain.

 

Is this possible? I know I can have AAD handle Google authentication. What I don't know is can I have 2 separate domains in my O365 tenant - one for O365 users and one for Google users.

2 Replies

I don't think so, the recently introduced Google federation feature should cover the auth process but that's pretty much limited to Azure AD - none of the Office 365 services will "know" how to handle such users. Though in all fairness, you can actually create mailboxes for @outlook.com users now in O365 (requires some tinkering) or give them Admin rights, I simply haven't bothered to check the Google scenario :)

Highlighted

Hi @Craig Debbo!

 

If I understood correctly, you want to authenticate against AAD and keep your existing Google and O365 emails? I haven't tried that but sure, it is a supported scenario. You do need to register (and verify) both domains to AAD, configure Google SSO to use AAD, and add Google App to AAD.

 

Check this for more details: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial

 

If you are looking for a scenario, where your emails are in Office 365 and you want your users to be able to login with their Google account, that is also supported scenario (and tested by me.) A bit more tricky to setup but doable. Let me know if you'd like know more about this.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies