In this blog we’ll use the following steps to configure Google Workspace to allow single sign-on from Office 365 accounts.
- Add the domain to both Office 365 and Google Workspace
- Configure Azure Active Directory single sign-on for Google Workspace integration
- Configure Google Workspace single sign-on to use Azure Active Directory
- Add automatic user provisioning so Azure Active Directory will create accounts in Google Workspace
Many organisations use both Google Workspace and Office 365 and create and delete user accounts for each system independently. This is not only more work for the administrator but also confusing for users who have to manage separate passwords. Single sign-on allows Google Workspace and Office 365 users to log in to both with the same account. Once they log in (or sign in) to one system, they are automatically logged in to the other system. Can you now guess where the name single sign-on comes from? In this post you’ll learn how to configure Google Workspace so that users can log in using their Office 365 account. We won’t be covering how to do it in the reverse direction, that is allowing Office 365 users to log in using a Google Workspace account.
Office 365 uses a product called Azure Active Directory for user management. You may never have used it (or even heard of it before as Office 365 hides it in the background), but we’ll be using it to set up single sign-on. You can activate the free Azure Active Directory subscription that comes with Office 365 by following these instructions from Microsoft.
In the following video we’ll walk you through the steps to configure single sign-on and automatic user provisioning. Before you do this you’ll need active subscriptions to both Office 365 and Google Workspace and have added your organisation’s domain name to both of these if they’re not already added. There are links in the Resources section to add a domain to Google Workspace and Office 365 if you haven’t already done this.
Once you have implemented single sign-on with automatic user provisioning, all normal user management will be done in Office 365. You won’t need to manage them separately in Google Workspace, and users will only need one password for both systems.
Here’s some additional resources to help you learn more about this process.
- Add a domain to Office 365
- Add a domain to Google Workspace
- Microsoft Tutorial – Single Sign-On
- Microsoft Tutorial – Automatic User Provisioning to Google Workspace
- Google Tutorial – Single Sign-On
- Microsoft tutorial – Add a user
- Google tutorial – Add a user
- Microsoft tutorial – Create groups and add users
There’s a bunch of terms used that may not make a lot of sense. Here’s what they mean.
Authentication – Verifying that a person is who they claim to be (in other words, verifying their identity). Typically this is done by successfully entering a username/email address and password and possibly an additional verification code.
Authorisation – Verifying that a person is entitled to access a system or resources. Even if you’re authenticated (you’ve verified your identity), you may not be authorised to access a particular system. For example, you might have an account on Office 365 and you have logged in and authenticated your identity, but you may not be authorised to log in to Google Workspace using that identity.
Identity – This is commonly a digital representation of a person (although it might also be an organisation, an application, or a device).
SAML – This is the standard that computer systems use for exchanging authentication and authorisation data and is what single sign-on uses so you can log in to Google Workspace using your Office 365 account.
Single Sign-on – A way for different computer systems to rely on another system for user authentication. From a user’s perspective, once they’ve signed on to a system, any other systems that use that single sign-on won’t require them to sign in again.
Azure Active Directory – Also known as Azure AD, this is a product from Microsoft that is available within Office 365. It is a sophisticated system for managing user’s identities and their access to systems and resources.