In this blog we’ll use the following steps to configure G Suite to allow single sign-on from Office 365 accounts.
- Add the domain to both Office 365 and G Suite
- Configure Azure Active Directory single sign-on for G Suite integration
- Configure G Suite single sign-on to use Azure Active Directory
- Add automatic user provisioning so Azure Active Directory will create accounts in G Suite
Many organisations use both G Suite and Office 365 and create and delete user accounts for each system independently. This is not only more work for the administrator but also confusing for users who have to manage separate passwords. Single sign-on allows G Suite and Office 365 users to log in to both with the same account. Once they log in (or sign in) to one system, they are automatically logged in to the other system. Can you now guess where the name single sign-on comes from? In this post you’ll learn how to configure G Suite so that users can log in using their Office 365 account. We won’t be covering how to do it in the reverse direction, that is allowing Office 365 users to log in using a G Suite account.
Office 365 uses a product called Azure Active Directory for user management. You may never have used it (or even heard of it before as Office 365 hides it in the background), but we’ll be using it to set up single sign-on. You can activate the free Azure Active Directory subscription that comes with Office 365 by following these instructions from Microsoft.
In the following video we’ll walk you through the steps to configure single sign-on and automatic user provisioning. Before you do this you’ll need active subscriptions to both Office 365 and G Suite and have added your organisation’s domain name to both of these if they’re not already added. There are links in the Resources section to add a domain to G Suite and Office 365 if you haven’t already done this.
Once you have implemented single sign-on with automatic user provisioning, all normal user management will be done in Office 365. You won’t need to manage them separately in G Suite, and users will only need one password for both systems.
Here’s some additional resources to help you learn more about this process.
There’s a bunch of terms used that may not make a lot of sense. Here’s what they mean.
Authentication – Verifying that a person is who they claim to be (in other words, verifying their identity). Typically this is done by successfully entering a username/email address and password and possibly an additional verification code.
Authorisation – Verifying that a person is entitled to access a system or resources. Even if you’re authenticated (you’ve verified your identity), you may not be authorised to access a particular system. For example, you might have an account on Office 365 and you have logged in and authenticated your identity, but you may not be authorised to log in to G Suite using that identity.
Identity – This is commonly a digital representation of a person (although it might also be an organisation, an application, or a device).
SAML – This is the standard that computer systems use for exchanging authentication and authorisation data and is what single sign-on uses so you can log in to G Suite using your Office 365 account.
Single Sign-on – A way for different computer systems to rely on another system for user authentication. From a user’s perspective, once they’ve signed on to a system, any other systems that use that single sign-on won’t require them to sign in again.
Azure Active Directory – Also known as Azure AD, this is a product from Microsoft that is available within Office 365. It is a sophisticated system for managing user’s identities and their access to systems and resources.