Our school has had a Windows domain for >20 years. The design goal was for users to have the same experience whichever client PC they logged on to. We had Thunderbird, and the email settings moved with the user's profile. Now we have gmail and use the chrome browser courtesy of Google Apps for Education (now gsuite?) None of these settings move with the domain roaming profile. If they move to another PC (it's a school, so that's a certainty) they have to repeat the whole 3-stage login. What can I do to get a single signon so the users enjoy what we had last century! We have GADS to sync AD to enable chromebook users, and are just starting with Azure AD Connect. Does any of that help?
Asked
Active
Viewed 52 times
1
-
What is the 3 step logon that you are trying to consolidate? Windows login, gmail login? Can you explain the user experience in some more detail? – Joe Feb 17 '19 at 16:45
-
Typical logon: at W10 PC, user enters username e.g. Zulu. (domain name is assumed.) User starts Chrome browser. Our home page has a link Get Mail which goes to gmail login. User enters username (mail has external domain name pre-filled.) User notices no bookmarks. Goes to settings. Has to login to Chrome, this time with username@fullExternalDomain and password, then has to choose to link to existing profile. These are 12 year olds so it needs to be simpler. – Ken Feb 19 '19 at 04:45
1 Answers
2
I would use Tutorial: Azure Active Directory integration with G Suite
Prerequisites To configure Azure AD integration with G Suite, you need the following items:
An Azure AD subscription A G Suite single sign-on enabled subscription A Google Apps subscription or Google Cloud Platform subscription.
Scenario description
In this tutorial, you configure and test Azure AD single sign-on in a test environment.
G Suite supports SP initiated SSO G Suite supports automatic user provisioning
The big step of the tutorial are;
Configure and test Azure AD single sign-on
In this section, you configure and test Azure AD single sign-on with G Suite based on a test user called Britta Simon. For single sign-on to work, a link relationship between an Azure AD user and the related user in G Suite needs to be established.
To configure and test Azure AD single sign-on with G Suite, you need to complete the following building blocks:
Configure Azure AD Single Sign-On - to enable your users to use this feature.
Configure G Suite Single Sign-On - to configure the Single Sign-On settings on application side.
Create an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
Assign the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
Create G Suite test user - to have a counterpart of Britta Simon in G Suite that is linked to the Azure AD representation of user.
Test single sign-on - to verify whether the configuration works.
yagmoth555
- 16,758
- 4
- 29
- 50
-
Thanks! We have a different local domain name from the public name used for gmail and chromebooks. We don't have Federated Services, so unless there is some sort of aliasing feature, we may have a problem. No doubt I will find out. – Ken Feb 17 '19 at 10:41