Most frequent questions and answers about Google Workspace to Office 365 SSO and Provisioning.
Google does not provide an option to provision / manage groups and memberships to Office 365.
Only Google Workspace or Google Cloud Identity Super Administrators can add SAML applications.
Please make sure you are assigned Super Admin role.
No, Google does not support 3rd party MFA integration.
However you should be able to leverage Google’s MFA (which supports multiple MFA methods including security key).
Google’s MFA is available to Google Workspace and Google Cloud Identity customers without any additional cost.
Google Cloud Identity (or Google Workspace) Administrators with Reporting priveleges can look at SAML and Provisioning logs.
Following SAML Login logs are available at this path Admin Console –> Reports –> Audit –> SAML
SAML Login Logs :
- Event Nama – (e.g Successful login)
- Event description (e.g Goldy Arora logged in)
- User (e.g email@example.com)
- Application Name (e.g Microsoft Office 365)
- Organization name (user’s orgUnit name like /Contractors)
- Initiated by (who initiated the login e.g Service provider or Identity Provider)
- Failure type (if any failure, e.g Application not configured)
- Response status (e.g SUCCESS_URI)
- Response second level status
- IP Address (login user’s IP address, e.g 96.248.xxx.xx)
- Date (date and time of user login, e.g 3 Feb 2020, 08:47:59 GMT-5)
Following provisioning (and deprovisioning) logs are available at this path Admin Console –> Reports –> Audit –> Admin
- Event Name (e.g Update Auto Provisioned User)
- Event Description (e.g User firstname.lastname@example.org was updated on application Microsoft Office 365 by auto provisioning)
- Admin (which Admin performed this operation)
- Date (date and time when this operation was performed, e.g 24 Apr 2020, 13:59:30 GMT-4)
- IP (IP address of the Admin who performed this operation, e.g 96.248.XXX.XX)
Ask it in the comments below, and I would try to answer it (if i can) as soon as I get time.