SBN Extend Azure AD identities to G Suite

Is it possible to extend Azure Active Directory® (Azure AD or AAD) identities to G Suite? It’s a great question, given that Microsoft® and Google® have historically been rivals in the IT services space. Well, the short answer is, yes—it is possible to extend Azure AD identities to G Suite. The longer story is how, and the solution might not be what you expect. So, let’s start with the basics.

Connecting Microsoft to Google

Azure AD is a cloud-based IAM solution from Microsoft. The Microsoft cloud platform is tailored to fit Azure users and connect them to Azure cloud resources. These Azure resources often include the Office 365 suite of applications, Azure infrastructure, and various business applications. Essentially, for IT organizations that only leverage Azure services, Azure AD can be the only IAM solution required. However, things start to get interesting when solutions that are not based in Azure come into play, such as G Suite.

Historically, IT admins have leveraged the on-prem Active Directory® (AD) platform as their starting point for connecting Windows-based users to G Suite. This connection was made possible through the use of an add-on utility known as the Google Cloud Directory Sync (GCDS)—formerly known as GADS (Google Apps Directory Sync). GCDS is essentially an identity bridge designed for connecting AD to Google cloud apps and services, including G Suite. AD admins would basically layer GCDS on top of their on-prem AD infrastructure to extend Microsoft identities to Google.

Interestingly, however, Google has not created a similar identity bridge for Azure AD. One can only speculate as to why this is the case, but it probably has something to do with Google Compute Engine (GCE)—Google’s rival Infrastructure-as-a-Service (IaaS) offering and top Azure competitor. It might also have something to do with the fact that Azure AD is not a cloud replacement for Active Directory, but rather a complement to the on-prem AD platform. At any rate, IT admins must find a workaround if they hope to extend Azure AD identities to G Suite.

Of course, the legacy AD platform integrates (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at:

Vince Lujan

Vince is a documentation and blog writer at JumpCloud, the world’s first cloud-based directory service. Vince recently graduated with a degree in professional and technical writing from the University of New Mexico, and enjoys researching new innovations in cloud architecture and infrastructure.

vince-lujan has 171 posts and counting.See all posts by vince-lujan