My organization has cloud-only users in Azure AD. We also have a GSuite tenant that we use for email. The GSuite tenant has multiple domains associated with it and there are user accounts in each of these domains. My question is, is it possible to configure Azure AD SSO with my GSuite tenant and exclude specific domains from SSO? Or does Azure AD SSO apply to all of the users in my GSuite tenant no matter what?
Hi Mike! According to documentation for configuring SSO with Azure AD and G Suite, you can only have one identity provider for the tenant. Based on this, it sounds like all of your domains will either have to use Azure AD or all use Google as the IDP.
Q: Can I enable single sign-on for only a subset of my G Suite users?
A: No, turning on single sign-on immediately requires all your G Suite users to authenticate with their Azure AD credentials. Because G Suite doesn't support having multiple identity providers, the identity provider for your G Suite environment can either be Azure AD or Google -- but not both at the same time.