Azure B2B Inviting Google ID's into Teams?

%3CLINGO-SUB%20id%3D%22lingo-sub-270019%22%20slang%3D%22en-US%22%3EAzure%20B2B%20Inviting%20Google%20ID's%20into%20Teams%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-270019%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20recently%20added%20google%20federation%20to%20our%20Azure%20AD%20tenant%20as%20described%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fb2b%2Fgoogle-federation%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%26nbsp%3B%20We%20are%20able%20to%20invite%20guests%20to%20join%20Office%20365%20groups.%26nbsp%3B%20When%20logging%20into%20SharePoint%20Online%20the%20login%20experience%20works%20as%20expected.%26nbsp%3B%20The%20guest%20user%20is%20redirected%20from%20Azure%20AD%20to%20Google%20for%20authentication%20and%20then%20redirected%20back%20into%20SharePoint%20Online.%26nbsp%3B%26nbsp%3BWhen%20trying%20to%20access%20teams.microsoft.com%20the%20authentication%20flow%26nbsp%3B%20is%20as%20follows%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%26nbsp%3B%20Guest%20user%20clicks%20open%20teams%20web%20app.%3C%2FP%3E%3CP%3E2.%26nbsp%3B%20They%20are%20redirected%20to%20Azure%20AD.%3C%2FP%3E%3CP%3E3.%26nbsp%3B%20They%20enter%20their%20user%40gmail.com%20and%20are%20redirected%20to%20accounts.google.com%20for%20authentication.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20308px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F56035i24CFD387A5A5C81F%2Fimage-dimensions%2F308x288%3Fv%3D1.0%22%20width%3D%22308%22%20height%3D%22288%22%20alt%3D%22gmail%20auth.PNG%22%20title%3D%22gmail%20auth.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E4.%26nbsp%3B%20After%20authenticating%20they%20are%20brought%20to%20teams.microsoft.com%20(purple%20loading%20screen).%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20249px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F56036i1CBAB5EFC5926E44%2Fimage-dimensions%2F249x210%3Fv%3D1.0%22%20width%3D%22249%22%20height%3D%22210%22%20alt%3D%22teams-load.PNG%22%20title%3D%22teams-load.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E5.%26nbsp%3B%20They%20are%20redirected%20back%20to%20Azure%20AD%20and%20are%20presented%20with%20the%20following%20password%20prompt.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20280px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F56033i6F8B044EFCFD7369%2Fimage-dimensions%2F280x219%3Fv%3D1.0%22%20width%3D%22280%22%20height%3D%22219%22%20alt%3D%22Azure%20AD%20pw%20prompt.PNG%22%20title%3D%22Azure%20AD%20pw%20prompt.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E6.%26nbsp%3B%20Entering%20any%20password%20and%20clicking%20next%20brings%20you%20the%20following%20error%20screen%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20403px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F56034i7042EA145D44C321%2Fimage-dimensions%2F403x158%3Fv%3D1.0%22%20width%3D%22403%22%20height%3D%22158%22%20alt%3D%22azure%20AD%20err.PNG%22%20title%3D%22azure%20AD%20err.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E7.%26nbsp%3B%20Looking%20in%20Azure%20AD%20the%20gmail%20user%20account%20does%20exist%20as%20a%20guest%20sourced%20from%20Google.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20Teams%20support%20Google%20federated%20users%20as%20guests%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We recently added google federation to our Azure AD tenant as described here.  We are able to invite guests to join Office 365 groups.  When logging into SharePoint Online the login experience works as expected.  The guest user is redirected from Azure AD to Google for authentication and then redirected back into SharePoint Online.  When trying to access teams.microsoft.com the authentication flow  is as follows:

 

1.  Guest user clicks open teams web app.

2.  They are redirected to Azure AD.

3.  They enter their user@gmail.com and are redirected to accounts.google.com for authentication.

gmail auth.PNG

4.  After authenticating they are brought to teams.microsoft.com (purple loading screen).

teams-load.PNG

5.  They are redirected back to Azure AD and are presented with the following password prompt.

Azure AD pw prompt.PNG

6.  Entering any password and clicking next brings you the following error screen:

azure AD err.PNG

7.  Looking in Azure AD the gmail user account does exist as a guest sourced from Google.

 

Does Teams support Google federated users as guests?  

0 Replies