Azure AD as IdP for GSuite under different urls


  • Hi,

    I am trying to integrate a GSuite instance with Office365/AzureAD. I want Azure to provide the identity to GSuite.

    GSuite is set up under a different domain name (actually, a subdomain) of Azure's primary.  So, Office365 is under, and gsuite is under gsuite.example.come.

    I have seen this tutorial, but I cannot figure out how I can tell Azure what the domain of of GSuite is. 

    I don't acutally want to change the domain of the users (since that is used elsewhere), and the ui does not even let me update this pulldown if I try.

    Is there a place to configure saml attributes in such a way as I can define the mappings between azure users and gsuite users?

    Any other suggestions?

    Sunday, March 5, 2017 4:38 PM

All replies

  • You can refer to the SimpleSAMLphp as an IDP for Google’s G-Suite in the following link below:

    Disclaimer: This response contains a reference to a third party World Wide Web site. 
    Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. 
    There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.
    Monday, March 6, 2017 11:45 AM
  • If users have GSuite's identifier( value on his/her attribute on Azure AD, you can edit attribute mapping for nameIdentifier on SAML assertion.

    Naohiro Fujie MVP for Enterprise Mobility ( Jan 2010 - Dec 2016 )

    Wednesday, March 8, 2017 4:04 AM