Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Google auth in AAD but different domains

Brass Contributor

I have an O365 domain (contoso.org). I have a separate Google domain (northwind.org). Currently I sync users/passwords from O365 to Google and the authentication is handled by AAD and Google respectively.

 

Now I want to integrate my Google auth into AAD and let AAD handle the login - but I want to keep my Google users in their northwind.org domain.

 

Is this possible? I know I can have AAD handle Google authentication. What I don't know is can I have 2 separate domains in my O365 tenant - one for O365 users and one for Google users.

2 Replies

I don't think so, the recently introduced Google federation feature should cover the auth process but that's pretty much limited to Azure AD - none of the Office 365 services will "know" how to handle such users. Though in all fairness, you can actually create mailboxes for @outlook.com users now in O365 (requires some tinkering) or give them Admin rights, I simply haven't bothered to check the Google scenario :)

Hi @Craig Debbo!

 

If I understood correctly, you want to authenticate against AAD and keep your existing Google and O365 emails? I haven't tried that but sure, it is a supported scenario. You do need to register (and verify) both domains to AAD, configure Google SSO to use AAD, and add Google App to AAD.

 

Check this for more details: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial

 

If you are looking for a scenario, where your emails are in Office 365 and you want your users to be able to login with their Google account, that is also supported scenario (and tested by me.) A bit more tricky to setup but doable. Let me know if you'd like know more about this.