cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Question about SSO

Mike D
Copper Contributor

‎Jan 08 2019 02:23 PM - last edited on ‎Jan 14 2022 05:20 PM by

‎Jan 08 2019 02:23 PM - last edited on ‎Jan 14 2022 05:20 PM by

Question about SSO

Hello,

 

My organization has cloud-only users in Azure AD.  We also have a GSuite tenant that we use for email.  The GSuite tenant has multiple domains associated with it and there are user accounts in each of these domains.  My question is, is it possible to configure Azure AD SSO with my GSuite tenant and exclude specific domains from SSO?  Or does Azure AD SSO apply to all of the users in my GSuite tenant no matter what?

 

Thank you.

872 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Mike D (Copper Contributor)
Jeremy Miller

‎Jan 08 2019 07:24 PM

‎Jan 08 2019 07:24 PM

Solution

Re: Question about SSO

Hi Mike!  According to documentation for configuring SSO with Azure AD and G Suite, you can only have one identity provider for the tenant.  Based on this, it sounds like all of your domains will either have to use Azure AD or all use Google as the IDP.

 

Q: Can I enable single sign-on for only a subset of my G Suite users?

A: No, turning on single sign-on immediately requires all your G Suite users to authenticate with their Azure AD credentials. Because G Suite doesn't support having multiple identity providers, the identity provider for your G Suite environment can either be Azure AD or Google -- but not both at the same time.

 

Reference: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial

2 Likes
Reply
Mike D

‎Jan 09 2019 03:04 PM

‎Jan 09 2019 03:04 PM

Re: Question about SSO

Thank you for the information. I appreciate it.
0 Likes
Reply
Nestori Syynimaa

‎Jan 10 2019 09:31 AM

‎Jan 10 2019 09:31 AM

Re: Question about SSO

Just for clarification:

  • Azure AD supports multiple IDPs, one per domain
  • G Suite supports only one IDP
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Mike D (Copper Contributor)
Jeremy Miller

‎Jan 08 2019 07:24 PM

‎Jan 08 2019 07:24 PM

Solution

Re: Question about SSO

Hi Mike!  According to documentation for configuring SSO with Azure AD and G Suite, you can only have one identity provider for the tenant.  Based on this, it sounds like all of your domains will either have to use Azure AD or all use Google as the IDP.

 

Q: Can I enable single sign-on for only a subset of my G Suite users?

A: No, turning on single sign-on immediately requires all your G Suite users to authenticate with their Azure AD credentials. Because G Suite doesn't support having multiple identity providers, the identity provider for your G Suite environment can either be Azure AD or Google -- but not both at the same time.

 

Reference: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial

View solution in original post

2 Likes
Reply