Google support SAML authentication. We are using an identity manager that can provide SAML authentication to Google and interface with AD. It can also auto-provision accounts in Google when we create them in AD.
Director of Technology
North Country Supervisory Union
121 Duchess Ave Suite A
Newport, VT 05855
(802)3345847 ext 2018
[log in to unmask]
From: School Information Technology Discussion [mailto:[log in to unmask]] On Behalf Of Mike Vining
Sent: Tuesday, October 25, 2016 9:02 AM
To: [log in to unmask]
Subject: Re: single sign-on
There are 2 Google tools you'll need to use.
1. Google Apps Directory Sync - This is installed anywhere in your environment. It will use LDAP to sync your users and directory structure. However, because AD doesn’t store passwords in a way that the tool can read them (unless you are still using 2003) the new accounts will not have the same password as the AD account.
2. Google Apps Password Sync - This is installed on each DC in your environment (requires reboot). It will sync password changes from AD to Google.
Basically, sync the accounts to create them, then reset the password in AD and Google will have that new password.
As for getting the browser to auto-login to Google without user intervention, I don't think that is possible at this time, but if you figure it out please share.
Hope that helps,
From: School Information Technology Discussion [mailto:[log in to unmask]] On Behalf Of Will Hatch
Sent: Monday, October 24, 2016 9:32 AM
To: [log in to unmask]
Subject: single sign-on
We're trying to muster up the ambition to get single sign-on working between Google and Windows Active Directory. Has anyone successfully done this? Helpful tips?
This email may contain information protected under the Family Educational Rights and Privacy Act (FERPA) or the Health Insurance Portability and Accountability Act (HIPAA). If this email contains confidential and/or privileged health or student information and you are not entitled to access such information under FERPA or HIPAA, federal regulations require that you destroy this email without reviewing it and you may not forward it to anyone.
If you wish to file a Civil Rights program complaint of discrimination, complete the USDA Program Discrimination Complaint Form, found online at http://www.ascr.usda.gov/complaint_filing_cust.html, or at any USDA office, or call (866) 632-9992 to request the form. You may also write a letter containing all of the information requested in the form. Send your completed complaint form or letter to us by mail at U.S. Department of Agriculture, Director, Office of Adjudication, 1400 Independence Avenue, S.W., Washington, DC 20250-9410, by fax (202) 690-7442 or email at [log in to unmask]
Revised by mandate of the USDA dated March 24th, 2014.