Automating Onboarding Students Using Microsoft to Manage Google Workspace Part 1 (Configuring SSO for G Suite in Azure AD)

Akins IT • August 29, 2019
Connect with us

Part 1: Configuring SSO for G Suite in Azure AD


Problem


The typical IT admin in this scenario requires their School Information System (SIS) to synchronize student data their on-prem AD, Azure AD, and Google Workspace. Currently, they feel that neither Microsoft nor Google has provided them with a convenient method with which to both effectively and efficiently manage the identities in these seemingly disparate environments


Objective


By integrating Azure Active Directory with Google Workspace, we will be able to administratively manage an organization's on-prem AD, Azure AD, and Google Workspace identities from a single portal. In addition, with Google Workspace identity management being delegated to Azure AD, we can redirect the SIS's synchronization from Google Workspace to either the on-prem AD or Azure AD.


In this way, we will have a continuous stream of data flowing from one entry point, that is reflected in all relevant directories. Such a seamless system will make the provisioning of identities, access permissions, and group memberships a simple process for IT administrators.


Let’s begin by reviewing the different facets of the configuration of Single Sign-On in Azure:

The 3 areas of focus for setting up SSO integration with Google Workspace for our students will include


  • Configuring SSO parameters in Azure and Google Workspace
  • Enabling Automatic User provisioning from Azure AD to Google Workspace
  • Creating Conditional Access policies to further secure Google Workspace identities once they are tied to Azure AD identities

To integrate Google Workspace with Azure AD, we first need to navigate to Enterprise Applications in our Azure portal, and add Google Workspace (which will be a collective of all the apps under the Google Workspace umbrella):

After adding the Google Workspace app platform, we will select SAML for our Single Sign-On experience, which will then provide us with the information we need to configure the SSO options in Google Workspace:

Armed with that information, we can enable SSO with third party identity providers in Google Workspace and fill out the required fields based on the information supplied to us in our respective SAML page:

Once we have established the SSO connection between Azure and Google Workspace, we will need some users assigned to our Google Workspace app platform:

Now that we have assigned users to the G Suite app platform, let us continue into setting the Provisioning Mode to Automatic, and provide the Google admin credentials needed to authorize Azure AD to create accounts in G Suite.

And lastly, once we have integrated Azure SSO with G Suite, we can create conditional access policies that protect identities that exist in Google Workspace because they are authenticated through Azure AD during sign-in:

This concludes part 1 of our series on Automating Onboarding Students and Using Microsoft To Manage Google Workspace.

CONTACT US IF THIS NEEDS TO BE UPDATED OR IF YOU NEED HELP WITH YOUR GOOGLE WORKSPACE AD ENVIRONMENT GO TO PART TWO - CONFIGURING CONDITIONAL ACCESS FOR G SUITE

AWS stumbled this morning. Here’s why multi‑cloud keeps you moving.

By Shawn Akins October 20, 2025
October 20, 2025 — Early today, Amazon Web Services experienced a major incident centered in its US‑EAST‑1 (N. Virginia) region. AWS reports the event began around 12:11 a.m. PT and tied back to DNS resolution affecting DynamoDB , with mitigation within a couple of hours and recovery continuing thereafter. As the outage rippled, popular services like Snapchat, Venmo, Ring, Roblox, Fortnite , and even some Amazon properties saw disruptions before recovering. If your apps or data are anchored to a single cloud, a morning like this can turn into a help‑desk fire drill. A multi‑cloud or cloud‑smart approach helps you ride through these moments with minimal end‑user impact. What happened (and why it matters) Single‑region fragility: US‑EAST‑1 is massive—and when it sneezes, the internet catches a cold. Incidents here have a history of wide blast radius. Shared dependencies: DNS issues to core services (like DynamoDB endpoints) can cascade across workloads that never directly “touch” that service. Multi‑cloud: practical resilience, not buzzwords For mid‑sized orgs, schools, and local government, multi‑cloud doesn’t have to mean “every app in every cloud.” It means thoughtful redundancy where it counts : Multi‑region or multi‑provider failover for critical apps Run active/standby across AWS and Azure (or another provider), or at least across two AWS regions with automated failover. Start with citizen‑facing portals, SIS/LMS access, emergency comms, and payment gateways. Portable platforms Use Kubernetes and containers, keep state externalized, and standardize infra with Terraform/Ansible so you can redeploy fast when a region (or a provider) wobbles. (Today’s DNS hiccup is exactly the kind of scenario this protects against.) Resilient data layers Replicate data asynchronously across clouds/regions; choose databases with cross‑region failover and test RPO/RTO quarterly. If you rely on a managed database tied to one region, design an escape hatch. Traffic and identity that float Use global traffic managers/DNS to shift users automatically; keep identity (MFA/SSO) highly available and not hard‑wired to a single provider’s control plane. Run the playbook Document health checks, automated cutover, and comms templates. Then practice —tabletops and live failovers. Many services today recovered within hours, but only teams with rehearsed playbooks avoided user‑visible downtime. The bottom line Cloud concentration risk is real. Outages will happen—what matters is whether your constituents, students, and staff feel it. A pragmatic multi‑cloud stance limits the blast radius and keeps your mission‑critical services online when one provider has a bad day. Need a resilience check? Akins IT can help you prioritize which systems should be multi‑cloud, design the right level of redundancy, and validate your failover plan—without overspending. Let’s start with a quick, 30‑minute review of your most critical services and RPO/RTO targets. (No slideware, just actionable next steps.)

Microsoft Confirms GoAnywhere Exploitation: What IT Leaders Need to Know

By Shawn Akins October 13, 2025
How a Zero-Day in GoAnywhere MFT Sparked a Ransomware Wave—and What Mid-Sized IT Leaders Must Do Now

The Windows 10 Deadline Is Here—Are You Ready for What Happens Next?

By Shawn Akins October 13, 2025
The clock is ticking: Learn your options for Windows 11 migration, Extended Security Updates, and cost‑smart strategies before support ends.
More Posts