Google Federation As An Identity Provider For B2B Application

Introduction 

 
In today's world, the configuration of networks is driven by the needs of users and business which have changed over time.
 
Organizations can't assume users will be in one place, rather they are on both internal and/or external networks. Users don't access networks with one device either, they have a myriad of devices and types of software architectures they use including on-premises apps, SAAS apps, mobile apps, and so on.
 
How are you as a developer supposed to properly secure your applications and your user's access to information across so many scenarios?
 
Let's understand how to set up a business-to-business application with External Identity, i.e. Google Federation.
 
External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.
 
Note
Google Federation works with Gmail Account users.
 
Step 1 - Configure a Google Developer Project
 
Create a new project in the Google Developers Console to obtain a client ID and a client secret that you can later add to Azure Active Directory (Azure AD).
  • Navigate to https://console.developers.google.com, and sign in with your Google account.
  • Create a new project: On the dashboard, select Create Project, give the project a name (for example, Demp App ), and then select Open.
Google Federation As An Identity Provider For B2B Application
 
Step 2 - Add Project Name and Select Create.
 
Google Federation As An Identity Provider For B2B Application
Step 3 - Configure Oauth Consent Screen 
  • Once the project is created, select your project.
  • Select OAuth Consent Screen
  • Select External
  • Click Create
Google Federation As An Identity Provider For B2B Application
  • Once the user clicks to create and navigate to App Information Screen
  • Add an App Name i.e. Demo App
  • Select the User Supported Email from DropDown
Google Federation As An Identity Provider For B2B Application
  • Scroll and Add Authorized Domains and enter microsoftonline.com
  • Add Developer Contact information
  • Click save and continue to proceed.
Google Federation As An Identity Provider For B2B Application
 
Step 4 - Add Credentials details
 
Select Credentials, click create credentials and select "Oauth Client ID"
 
Google Federation As An Identity Provider For B2B Application
  • Add Application Type as "Web Application" and give the application a suitable name.
  • Under Authorized redirect URLs add:
https://login.microsoftonline.com
https://login.microsoftonline.com/te/<tenant ID>/oauth2/authresp
(where <tenant ID> is your tenant ID) 
Google Federation As An Identity Provider For B2B Application
 
Now you will prompt with OAuth Client Created. Copy and Paste securely Client Id and Client Secret. It will be used to add an identity provider into Azure AD Portal.
 
Google Federation As An Identity Provider For B2B Application
 
Step 5 - Configure the Google Federation in Azure AD
  • Navigate to https://portal.azure.com.
  • Select App Registration -> New Registration
  • To register an application add Name i.e. demoapp01 and leave other information as-is click to register.
  • Navigate to External Identities and Click to "All Identity Providers"
  • Select "+Google" to configure the federation.
Google Federation As An Identity Provider For B2B Application
 
Add the copied Client ID and Client Secret and click save to continue.
 
Google Federation As An Identity Provider For B2B Application
 
Now the Google Federation configuration is done. Let's start with Application association with External Identities.
 
Step 6 - Configure User Flow
 
User flows that enable users to sign up, sign in, or manage their profile. (As of today, this feature is in public preview).
  • Select User Flow and click to "+ New user flow".
Google Federation As An Identity Provider For B2B Application
  • Add the name of the newly created flow, i.e. Demo App, and select the Federated Google Identity Provider
Google Federation As An Identity Provider For B2B Application
  • The User flow has been created and associated with the Google Federation identity provider.
  • For the associate application or Azure, add an instance created at step no.5. Select an application and proceed.
Google Federation As An Identity Provider For B2B Application
 
We are done with federated configuration and integration with an Azure AD Application, let's see how the output looks like now.
 
Output Screen 1
 
As the user runs the application and clicks on the sign in button, a login prompt will appear, If user click "Create New or Sign In Option", a sign in with Google option will appear.
 
Google Federation As An Identity Provider For B2B Application
 
Output Screen 2
 
As the user uses the google option to sign in, a request will go to Google and a Google sign in screen will appear.
 
Google Federation As An Identity Provider For B2B Application
 
Output Screen 3
 
Once the user enters their Google credentials, the application asks for minimal permission consent approval, which is the default setting to read the user profile from Google.
 
Google Federation As An Identity Provider For B2B Application
 
Output Screen 4
 
As users accept the consent and social account as an external identity allowed to log in to the organization created, i.e. Business to Business Application. 
 
Google Federation As An Identity Provider For B2B Application
I hope you enjoyed and learned something new in this article. Thanks for reading and stay tuned for the next article.