less than 1 minute read

If you are looking to configure Azure AD B2B Direct Federation with Google’s GSuite and running into issues here’s a quick screenshot of how it needs to be set up on the GSuite end.

Service provider details

  • ACS URL: https://login.microsoftonline.com/login.srf
  • Entity ID: urn:federation:MicrosoftOnline
  • Name ID format: PERSISTENT
  • Name ID: Basic Information > Primary Email

SAML Attribute Mapping

  • Primary email > http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Once this is setup your guest users coming in from the specified domain can use their GSuite identity to sign in/SSO instead of having to create a Microsoft Account and password.

Tags:

Updated: