Most frequent questions and answers about Google Workspace to Google Workspace SSO.
No, Google Workspace (or Google Cloud Identity) does not provide automated user provisioning option to another Google tenant.
So it wouldn’t be possible this way, however you may consider other options for bulk provisioning like my google sheet add-on Ok Goldy
Only Google Workspace or Google Cloud Identity Super Administrators can add SAML applications.
Please make sure you are assigned Super Admin role.
No, Google does not support 3rd party MFA integration.
However you should be able to leverage Google’s MFA (which supports multiple MFA methods including FIDO keys).
Google’s MFA is available to Google Workspace and Google Cloud Identity customers without any additional cost.
Google Cloud Identity (or Google Workspace) Administrators with Reporting privilege can look at SAML logs.
Following SAML Login logs are available at this path Admin Console –> Reports –> Audit –> SAML
SAML Login Logs :
- Event Name – (e.g Successful login)
- Event description (e.g Goldy Arora logged in)
- User (e.g email@example.com)
- Application Name (e.g Microsoft Office 365)
- Organization name (user’s orgUnit name like /Contractors)
- Initiated by (who initiated the login e.g Service provider or Identity Provider)
- Failure type (if any failure, e.g Application not configured)
- Response status (e.g SUCCESS_URI)
- Response second level status
- IP Address (login user’s IP address, e.g 96.248.xxx.xx)
- Date (date and time of user login, e.g 3 Feb 2020, 08:47:59 GMT-5)
Ask it in the comments below, and I would try to answer it (if i can) as soon as I get time.