I'm trying to set up SAML SSO where G Suite is the identity provider for Office 365 (service provider).
Google's instructions are limited: https://support.google.com/a/answer/6363817?hl=en
But I found some great help here: http://www.viewds.com/blog/making-office-365-work-with-an-external-saml-identity-provider.html
I now believe I have the SAML requests going back and forth correctly, but I've run into a snag. From the Google instructions:
The default Name ID must match the requirements set by ImmutableID. Use an Active Directory sync to configure this. Multi-value input is not supported.
This seems straightforward enough, but Google sends email address as the default Name ID and AzureAD uses an apparent UUID as the ImmutableID.
Anyone have experience here who can give guidance about how to get the two systems talking to each other correctly? Do I have to change ImmutableIDs on AzureAD? Set some sort of custom field on the Google side?
thanks!