In Azure, Blog, G Suite

Is it possible to extend Azure Active Directory® (Azure AD or AAD) identities to G Suite? It’s a great question, given that Microsoft® and Google® have historically been rivals in the IT services space. Well, the short answer is, yes—it is possible to extend Azure AD identities to G Suite. The longer story is how, and the solution might not be what you expect. So, let’s start with the basics.

Connecting Microsoft to Google

Azure AD is a cloud-based IAM solution from Microsoft. The Microsoft cloud platform is tailored to fit Azure users and connect them to Azure cloud resources. These Azure resources often include the Office 365 suite of applications, Azure infrastructure, and various business applications. Essentially, for IT organizations that only leverage Azure services, Azure AD can be the only IAM solution required. However, things start to get interesting when solutions that are not based in Azure come into play, such as G Suite.

Historically, IT admins have leveraged the on-prem Active Directory® (AD) platform as their starting point for connecting Windows-based users to G Suite. This connection was made possible through the use of an add-on utility known as the Google Cloud Directory Sync (GCDS)—formerly known as GADS (Google Apps Directory Sync). GCDS is essentially an identity bridge designed for connecting AD to Google cloud apps and services, including G Suite. AD admins would basically layer GCDS on top of their on-prem AD infrastructure to extend Microsoft identities to Google.

Interestingly, however, Google has not created a similar identity bridge for Azure AD. One can only speculate as to why this is the case, but it probably has something to do with Google Compute Engine (GCE)—Google’s rival Infrastructure-as-a-Service (IaaS) offering and top Azure competitor. It might also have something to do with the fact that Azure AD is not a cloud replacement for Active Directory, but rather a complement to the on-prem AD platform. At any rate, IT admins must find a workaround if they hope to extend Azure AD identities to G Suite.

Of course, the legacy AD platform integrates seamlessly with Azure AD via Azure AD Connect. We also know that AD integrates with Google via GCDS. So, theoretically, it is possible to extend a core Windows identity to both Azure AD and G Suite by integrating Azure and G Suite with AD. Obviously, this is quite a roundabout approach to getting there and far from ideal, but it is technically possible. If it sounds complicated, that’s because it is. Not only that, but organizations will then be required to invest heavily into a legacy AD infrastructure on-prem, when all they really wanted to do was connect two cloud-based platforms.

Fortunately, there is another way—one that has reimagined the Active Directory platform altogether. It’s called Directory-as-a-Service®, and it can seamlessly connect users to their IT resources, regardless of the platform, provider, protocol, or location. In this case, Directory-as-a-Service would effectively replace on-prem AD, and shift the core identity provider to the cloud. As a result, IT admins could extend the same core user identity to Azure AD and G Suite, but without the need for anything on-prem, or GCDS and Azure AD Connect. In fact, JumpCloud Directory-as-a-Service can connect users to virtually any IT resource from the cloud.

Extend Azure AD Identities to G Suite via JumpCloud

Directory-as-a-ServiceSign up to extend Azure AD identities to G Suite via the Directory-as-a-Service platform today. Your first 10 users are free forever. You can also browse our Knowledge Base and YouTube for supplemental information, and contact us if you have any questions.

Recent Posts