This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- The Google for Education Community Platform
- Primary and Secondary Education Communities
- ELP Admin Community
- Discussions
- Peer-Peer Topics
- Assigning Minecraft Licenses
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Assigning Minecraft Licenses
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-23-2025 06:28 PM
Wondering if anyone has set up automated Minecraft license assigning? We have our Google Workspace set up as IdP for Microsoft Entra (which works fine) and students (and staff) can login to Microsoft using their Google Accounts. Any student that has a Minecraft license assigned can use that using their Google account.
Within Workspace I have created a dynamic Minecraft group that pulls students from specified OU's (each year is in its own OU, currently only a few years use Minecraft). I supply that group name as an attribute in my SAML set up for Microsoft Entra. In Microsoft Entra I have a similar group called Minecraft that is used to assign a Minecraft license to its members. All that works. But how do I get Microsoft Entra to add (and remove) students that are member of the Workspace Minecraft group to the Entra Minecraft group?
Topics:
- Topics:
-
Admin Console
-
Other
-
User Management
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2025 06:05 AM
Off-topic: Can you share any resources that address setting Google as the IdP in Entra?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2025 03:12 PM
https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust
The thing that gets me (often) with Microsoft Azure/Entra, is that anything where MS is in control, can be done using the GUI. Like setting Entra as IdP and others as SP. When it comes to using another service as IdP (such as Google Workspace), there always seems to be some Powershell involved... Which creates an extra (unnecessary) hurdle.
Anyway, ChatGPT summarizes the process quite well (when asking for "provide resources to set up google workspace as Idp for Microsoft Entra"):
To set up Google Workspace as an Identity Provider (IdP) for Microsoft Entra ID, follow these steps:
Step 1: Configure Google Workspace as an IdP
Sign in to Google Admin Console:
Go to admin.google.com and sign in with your super admin account. (Configure federation between Google Workspace and Microsoft Entra ID)
Add SAML App:
Navigate to Apps > Web and mobile apps.
Click Add App > Add custom SAML app. (Configure federation between Google Workspace and Microsoft Entra ID)
Download IdP Metadata:
On the Google Identity Provider details page, click Download Metadata.
Save the GoogleIDPMetadata.xml file; you'll need it later. (Configure federation between Google Workspace and Microsoft Entra ID)
Configure Service Provider Details:
On the Service provider details page:
Name ID format: Set to PERSISTENT.
Name ID: Map to Primary Email.
Signed Response: Check this option.
Click Continue. (Configure federation between Google Workspace and Microsoft Entra ID)
Attribute Mapping:
Map Google attributes to Microsoft Entra attributes. For example:
Google Directory attribute: Primary Email
Microsoft Entra attribute: IDPEmail
Click Finish. (Set up SSO between MS 365 and Google - Microsoft Q&A)
Step 2: Configure SAML SSO in Microsoft Entra ID
Add Google Workspace App:
Sign in to the Microsoft Entra admin center.
Navigate to Identity > Applications > Enterprise applications > New application.
Search for Google Cloud / G Suite Connector by Microsoft and add it. (Microsoft Entra SSO integration with Google Cloud / G Suite Connector ...)
Set Up SAML SSO:
In the application settings, go to Single sign-on.
Select SAML.
In the Basic SAML Configuration:
Identifier (Entity ID): google.com
Reply URL (Assertion Consumer Service URL): https://www.google.com/a/yourdomain.com/ServiceLogin?continue=https://mail.google.com
Sign-on URL: https://accounts.google.com/o/saml2/idp?idpid=yourid
Logout URL: https://accounts.google.com/logout
Upload the GoogleIDPMetadata.xml file you downloaded earlier. (Configure Entra ID as the SSO provider for Google Workspace, Microsoft Entra SSO integration with Google Cloud / G Suite Connector ..., How to Federate Google Workspace with Microsoft Entra ID, Configure federation between Google Workspace and Microsoft Entra ID)
Assign Users:
Assign users or groups to the application to grant them access. (EntraID & Google Workspace Integration - Microsoft Q&A)
Step 3: Test the Federation
Access the Application:
Navigate to the application in Microsoft Entra ID.
Click Sign in with Google. (EntraID & Google Workspace Integration - Microsoft Q&A)
Authenticate:
You should be redirected to Google Workspace for authentication.
After successful login, you will be redirected back to Microsoft Entra ID. (Google Workspace federation in Entra ID - techcommunity.microsoft.com)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2025 12:58 AM
Google's own support article is what I have used.
https://support.google.com/a/answer/6363817
--
https://wheretofind.me/@NoSubstitute
https://wheretofind.me/@NoSubstitute
Subscribe
