At Email Meter, we use Looker Studio to power our email statistics dashboards. Looker Studio is a modern BI & analytics platform used to tell stories with data.

To view your company’s email statistics dashboard in Looker Studio, users will need to be signed into a Google account.

With this guide, you will learn how to integrate Google with Microsoft Entra ID. After completing these steps, users will be able to sign-in to Email Meter with Google using their existing Microsoft SSO.

To follow this guide, you will need administrator permissions on both Microsoft and Google admin panels.

Requirements

To get started, you will need:

  • A Microsoft 365 subscription
  • A Google Workspace tenant

If you don’t have a Google Workspace tenant, you can contact us to help you set one up. Alternatively, we can offer a Google Workspace tenant managed by Email Meter to set up your SSO.

Instructions

Install the Google Cloud connector

  • In the search bar, type “Google Cloud”.
  • Select Google Cloud / G Suite Connector by Microsoft from the results. A drawer menu will appear on the left. Now, click on the Create button to add the application.
  • Wait a few seconds, and the application will be added to your tenant.

Set up Microsoft Entra SSO

Now, you need to establish a relationship between your users in Microsoft Entra and the related user in Google Cloud.

  • Sign in to the Microsoft Entra admin center.
  • Go to Identity > Applications > Enterprise applications > Google Cloud / G Suite Connector by Microsoft. There, go to the Single-sign-on section.
  • Select the SAML option.
  • On the Basic SAML Configuration section, click on the pencil icon to edit the settings.
  • In the Identifier section, type a URL using one of the following patterns.
Identifier
google.com/a/<yourdomain.com>
google.com
https://google.com
https://google.com/a/<yourdomain.com>
  • In the Reply URL textbox, type a URL using one of the following patterns.
Reply URL
https://www.google.com/acs
https://www.google.com/a/<yourdomain.com>/acs
  • In the Sign on URL textbox, type a URL using the following pattern:
Sign on URL
https://www.google.com/a/<yourdomain.com>/ServiceLogin?continue=https://workspace.google.com/dashboard

  • Then, click Save to save your changes.

  • On the SAML Signing Certificate section, find Certificate (Base 64) and click Download to download the certificate. You will need it shortly.

  • On the Set up Google Cloud / G Suite Connector by Microsoft section, copy the three URLs and save them, as we will need them to set everything up in Google Cloud. Alternatively, leave this tab open so you can go back to it quickly.

Set up SSO in the Google Admin

Add third-party SSO profile

  • Open a new tab in your browser, and sign in to the Google Admin.
  • On the left sidebar, go to Security > Authentication > SSO with third party IdP.
  • On the Third-party SSO profiles section, click on Add SAML profile.
  • A modal will open. There, you will need to input some information.
  • In the SSO profile name, type Microsoft SSO - SAML, or any naming of your choice.
  • In the IDP entity ID field, paste the value of Microsoft Entra Identifier from the previous section.
  • In the Sign-in page URL field, paste the value of Login URL from the previous section.
  • In the Sign-out page URL field, paste the value of Logout URL from the previous section.
  • In the Change password URL, enter the following URL:
Change password URL
https://account.activedirectory.windowsazure.com/changepassword.aspx
  • In the Verification certificate section, update the certificate that you downloaded previously.
  • Once everything is filled, click Save.

Manage the profile assignment

  • On the Manage SSO profile assignements section, click on Get started.
  • On the SSO profile assignement, click Another SSO profile and select the one you’ve created in the past step. If you’ve followed our recommended naming conventions, it will be called Microsoft SSO - SAML .
  • Click Save.

Assign users

On Microsoft’s side

To enable users to use single sign-on in Google with their Microsoft SSO, you need to grant them access to the Google Cloud / G Suite Connector by Microsoft.

  • Sign in to the Microsoft Entra admin center.
  • Go to Identity > Applications > Enterprise applications > Google Cloud / G Suite Connector by Microsoft. There, go to the Users and groups section.
  • Click on Add user/group, and then select the users and/or groups that you need.
  • Once you’re done, click on the Assign button.

On Google’s side

In order for this to work, the user needs to exist in both Google and Microsoft.

If you don’t want to manually create users in Google when needed, you can also configure automatic user provisioning following Microsoft’s or Google’s documentation.

Test SSO

If you’ve followed this steps correctly, your users will now be able to login to Google services using their existing Microsoft SSO.

To test this, click this link. It will redirect you to the Google login flow. After inputting your email address, it will redirect you to Microsoft to complete the login process.

Frequently asked questions

Login methodsBigQuery