This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Azure as IDP for Workspace

E8419
New Contributor III

‎12-18-2023 02:57 PM

Hello

 

How many of you currently use Azure as your IDP for Workspace?

 

How many use Google Login stand alone?

 

Anyone using the new web sign in with Google Federated Azure to SSO with Google Creds into Windows Intune managed laptops or desktops?

 

I am trying to decide which way to go - currently a heavy GCPW user.

Topics:
Reply
4 REPLIES 4

Bill_Gibson
Contributor III

‎12-18-2023 03:54 PM

Anyone using Google as Azure IdP?

0 Kudos
Reply

E8419
New Contributor III
In response to Bill_Gibson

‎12-18-2023 04:04 PM - edited ‎12-18-2023 04:04 PM

I am currently but I'm an unsure if this is the right route to take long term

0 Kudos
Reply

Kim_Nilsson
Admin Moderator
In response to Bill_Gibson

‎12-19-2023 12:27 AM

Yup, our district/county/municipality has a Sharepoint intranet, which requires all staff login to access it.

So we have a SAML set up for that. The one described in Google's support documents.

Since we already had on-prem AD federation set up for one domain, it was a bit painful as that had to be temporarily disabled, so we could add the edu subdomain.

It works perfectly fine, but a definite recommendation is to not disable unused accounts in Workspace, as that will cause their accounts in O365 to be permanently deleted after 30 days, and not able to be automatically recreated if the user then suddenly starts using their Workspace account again.

Typical issue with substitutes who only work rarely.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Kim_Nilsson
Admin Moderator

‎12-19-2023 12:36 AM

Google login only for access to Workspace.

Really don't want to change that. Mainly because managing passwords and, to some extent, accounts elsewhere is a pain. Now we do have fully automatic sync of user accounts and groups, so very few accounts are manual, even groups. But we do have them, and I don't quite have the hang of managing incoming SSO for separate OUs.

If people who do use SSO says it's fine, and easy to use incoming SSO only in certain OUs, and it doesn't mess up login to Chromebooks, then maaaybe in the future I'll look into it. So far I'm not convinced.

Also, why would I want to pay for third-party SSO? Using Google Sign-in to (curriculum) services is awesome.

We do not use GCPW. Would be cool, but we're instead investing quite heavily in Intune for Windows 11, with forced MFA for login to O/M365 accounts, which effectively means forced MFA for login to Windows devices.

Now, that only affects administrative and non-teaching staff, as all our teachers have Apple Macbooks!

For them we just recently started using Mosyle MDM, and with their Auth 2 feature we will be able to have them log into their Macbooks with the Google accounts!!! Really happy about that! Will implement that during 2024, as we're replacing the remaining 350 old MBAs next year.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines