Helpful Azure AD Documentation
- Dynamic Membership rules for Groups in Active Directory
- What is a device identity? (explains differences between Azure AD joined, registered, etc.)
Azure AD as IDP for G Suite
- Tutorial: Azure Active Directory single sign-on (SSO) integration with G Suite
- Tutorial: Configure G Suite for automatic user provisioning
- Set up single sign-on for managed Google Accounts using third-party Identity providers
- Integrating Azure AD and G-Suite – Single Sign-On
Azure AD/G Suite Notes
- Users must have an Exchange mailbox in order for the email attribute to be populated, since G Suite needs this attribute from the Identity Provider (IDP)
- If the user doesn’t have an Exchange mailbox, they won’t be able to sign in to G Suite
- There are some settings you’ll want to change to get the best experience on Chromebooks
- See “Configure SAML single sign-on for Chrome devices” for more details
- We’ve found the best results by enabling Single Sign-on IdP Redirection (Device management > Chrome management > Device Settings > Single Sign-On IdP Redirection)