Azure AD – You now use Google ID with Azure B2B

It has been in preview for the past few months, it is now GA (generally available): you can now invite external users (Azure AD B2B – Business to Business) using Google ID as identity provider, supporting and email address domains.

Before enabling support for Google ID, you first need to create a Google client ID and secret by accessing; it is recommended to use a shared Google account to logon

Create a new project and name it; optionally if you already have an organization configured you can also define it

image_thumb  image_thumb1

Once your Google API project has been created, configure the OAuth consent screen option of your project


There define the application details and define the Authorized domains with the value

image_thumb4  image_thumb5

Once done, save it and access the Credentials option to create an OAuth client ID


Select Web application and define the settings with Authorized redirect URIs set to:

  •<directory id>/oauth2/authresp
    (where <directory id> is your directory ID)


Save the client ID and secret.

Then you can logon to your Azure portal ( or Azure AD Portal ( to enable Google ID federation for your Azure AD and reach the Organizational relationship


Then access the Identity Providers to add the Google one on which you define the client ID and secret you have created above

image_thumb[2]  image_thumb[3]  image_thumb[4]

You can also enable it using PowerShell using the below command

New-AzureADMSIdentityProvider -Type Google -Name Google -ClientId [Client ID] -ClientSecret [Client secret]

That’s it, you are now federating with Google identity services. You can now invite external/guest users using their Google account.

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies