Idea is to
enable SSO to GCP cloud with Azure AD configuration
Make sure
cloud identity is subscripted in GCP account and we have a super admin user in
that account.
Also the
same domain is verified in both Azure and GCP.
Note: If
Same domain is verified in any other Gsuit or GCP account, that should be used.
Base
Document Followed
Process.
In GCP:
Create 1 Super admin in Google env (Super admin is only available in
admin.google.com which is available only if Gsuite or if Cloud Identity is
register.)
In Azure: Create 1 Application for the User
Provisioning.
Make sure
the user has been created in GCP user portal. Admin.google.com
In Azure
Create Second App
We will
face login error after configuring as per the GCP document. Errors have been listed below. To solve we
need add the Identifier and Reply URL.
Errors
faced
Error1:
AADSTS650056:
Misconfigured application. This could be due to one of the following: The
client has not listed any permissions for 'AAD Graph' in the requested
permissions in the client's application registration. Or, The admin has not
consented in the tenant. Or, Check the application identifier in the request to
ensure it matches the configured client application identifier. Please contact
your admin to fix the configuration or consent on behalf of the tenant. Client
app ID: 01303a13-8322-4e06-bee5-80d612907131.
Solution : In SAML Config :
add Identifier (Entity ID) : google.com/a/<Domain
Name>
Error2:
AADSTS900561: The
endpoint only accepts POST requests. Received a GET request.
Solution : In SAML Config :
add Reply URL : https://google.com/a/*