We have G Suite as an identity provider in our company. Some of users also use Azure and Office 365. We want to be able to login by using Google account to Azure Ad and later have this account in AD and assign roles and groups in AD and whole Azure. We want to change passwords in Google etc.
How to setup SSO from Google to Azure?
Azure AD supports the concept of Identity Providers for External Identities. You can read about it here on Microsoft Docs.
You could enable users from identity providers like :
Google
Facebook
Direct federation (to external identity providers that support SAML or WS-Fed protocols)
Since you specifically mention G suite as an identity provider in your company, Direct federation may be the most relevant one for you. I say this because using Google federation directly is designed for Gmail accounts as mentioned in the note here on Microsoft Docs
How to setup Direct Federation is explained in detail here on Microsoft Docs
Please note that
This feature is currently in Preview
There some important limitations in terms of domain requirements and authentication URL as stated here on Microsoft Docs
Related
Snowflake's federation authentication documentation does not explicitly mention Customer Identity Access Management (CIAM):
https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-overview.html
Is it possible to use CIAM services such as Azure Active Directory B2C or Google Cloud Identity Platform with Snowflake? The idea would be to leverage BYOI / social logins.
We Support SAML and OAUTH. If CIAM supports these standards, then there should not be any issues integrating it with snowflake.
However, this has not been tested from our side.
You can open a support case if you are running into any errors etc.
I want to build an Central Authentication Service on my website help users can access all my organization's service: Email and Drive using Google Suite for Education, Office 365, LMS and LCMS system... Student sign in one-time can access all service (eg. Email from Google).
Is it possible?
What you need to do is configure one identity provider (say Azure Active Directory) as the master and then configure the other (Google) as the subordinate. I don't know if Google supports that or not, but Azure AD does. Information on that is here: Tutorial: Azure Active Directory single sign-on (SSO) integration with Google Cloud (G Suite) Connector.
Okta is another product that solves this type of problem, but that adds more complexity.
I have an ASP.NET web application which has multitenancy supported in it . I have a requirement to integrate microsoft graph to access and write to outlook calendars.My question is , will every Tenant have its own application id and secret key ? Or will one secret key and application Id be common to all tenants ? Please provide me details of what needs to be changed as this is somehow misleading and vague.
Thanks in advance.
This is discussed in the docs under Step 4 of Register an application with the Microsoft identity platform:
Supported account types - Select which accounts you would like your application to support.
Accounts in this organizational directory only - Select this option if you're building a line-of-business (LOB) application. This option is not available if you're not registering the application in a directory.
This option maps to Azure AD only single-tenant.
This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.
Accounts in any organizational directory - Select this option if you would like to target all business and educational customers.
This option maps to an Azure AD only multi-tenant.
If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.
Accounts in any organizational directory and personal Microsoft accounts - Select this option to target the widest set of customers.
This option maps to Azure AD multi-tenant and personal Microsoft accounts.
If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types.
Hi I'm following the steps outline into:
https://docs.snowflake.com/en/user-guide/scim-azure.html
But I couldn't find any documentation explaining whether this user sync will affect my existing Snowflake users (the ones that have been created straight into Snowflake before the AD integration)
I believe the reference you are looking for is here:
See the note section of: https://docs.snowflake.com/en/user-guide/scim-azure.html#enabling-snowflake-initiated-sso
"By default, Azure AD users provisioned to Snowflake using SCIM are
not assigned a password in Snowflake. This means that if SAML SSO is
configured in Azure AD, users will authenticate to Snowflake using
SSO.
SAML SSO is not a requirement if using SCIM to provision users and
groups from Azure AD to Snowflake. For additional options, see
Configure Azure AD single sign-on."
To enable Snowflake Initiated SSO
https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-configure-snowflake.html#label-enable-snowflake-init-sso
Snowflake support confirmed that the existing users are NOT affected by any SCIM integration and I tested it with success, nothing happens to the existing users.
I am developing an application which uses Azure AD as authentication provider.
Need to implement a two factor authentication for the application.
Is it possible to create our own provider and plugin into azure without using the one available with Azure AD.
As far as I know, the Azure AD doesn't support to use the third-party MFA authentication provider.
However we are also could build multi-factor authentication into custom apps with Azure AD. More detail about this you can refer this document.