0

Scenario: Managed GCP Applications hosted on GCP with a Google cloud identity setup for customers

Want customers to access GCP managed service using their own IDP

Question: Can I use Azure AD b2c as an IDP for Google cloud identity ?

Looking for a solution or alternate solutions which may not be that expensive

Sam-Tahir
  • 191
  • 3
  • 15

1 Answers1

0

Azure AD B2C is an OIDC IdP so yes, it can be used as a federated IdP in Google Cloud Identity. Due to the similarities between Azure AD B2C and Azure AD you can follow most of the steps detailed in Configure workforce identity federation with Azure AD and sign in users with the following Azure AD B2C specific replacements:

  1. Create a new app. As a best practice, we recommend that you create a new application in Azure AD B2C and use only the application to obtain Google Cloud credentials. To create a web app for user sign-in with Azure AD B2C and enable your app to receive tokens from Azure AD B2C, see Register a web application in Azure Active Directory B2C. Do not forget to follow the Next steps.

  2. Skip this one.

AlfredoRevilla-MSFT
  • 3,171
  • 1
  • 12
  • 18
  • Can you clarify what it means by create a new App in Azure ADB2C. Basically my app is just in Google. Planning to use some of the managed gcp services like gcp data fusion & dataproc. And if I want to grant customers access to my gcp org without manually creating local users in cloud identity, wanted to use ADB2C for them to come in. So what type of App do I need to create in ADB2C for my scenario ? Thanks – Sam-Tahir Dec 02 '22 at 03:44
  • It means to create an app registration. I chose to duplicate the terms used by google so it could be easier to match what to replace. Follow these steps: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-register-applications?tabs=app-reg-ga – AlfredoRevilla-MSFT Dec 02 '22 at 16:25
  • Question utilizing this scenario...Would customers be able to use their own IDP as well, or would they be forced to use the ADB2C users we create for them in our Azure ADB2C tenant , to then eventually login to our GCP platform ? – Sam-Tahir Dec 02 '22 at 20:58
  • Azure AD B2C can federate with other OIDC, OAuth2 and SAML IdPs. You won't be limited to "local consumer user accounts", which are the ones that live in the Azure AD B2C tenant. – AlfredoRevilla-MSFT Dec 02 '22 at 22:58