Ask Slashdot: Single Sign-On To Link Google Apps and Active Directory?

← Back to Stories (view on slashdot.org)

Ask Slashdot: Single Sign-On To Link Google Apps and Active Directory?

Posted by timothy on Tuesday November 4, 2014 @06:45AM from the all-in-the-same-gang dept.

trazom28 writes to seek answers to a problem faced by many businesses (and, as in this case, schools): "We are looking for a solution to a single sign on to coordinate Active Directory and Google. You can sync the passwords easily enough with Google Apps Password Sync, but ideally we would like the students and staff to be able to sign in once and be done. Additionally, the Google login requires the @domain.k12.wi.us so it would have to take the AD username, pass it along and tack on the domain to log into Google.

Has anyone seen any solution for this that actually works, or is this the Holy Grail of all IT? Please hold off on any Google haters, that's a different discussion for a different forum.

3 of 168 comments (clear)

Min score:

Reason:

Sort:

LDAP won't work? by drakaan · 2014-11-04 06:50 · Score: 4, Informative

https://support.google.com/a/a...
I googled it.

--
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
Holy Grail not needed by jose.tudela · 2014-11-04 07:00 · Score: 5, Informative

You can use Active Directory and/or OpenLDAP and then simpleSAMLphp and link to Google Apps.
We do it this way:
1) RCDevs WebADM LDAP Directory (or in your case Active Directory)
2) simpleSAMLphp There's actually a good tutorial to integrate with Google Apps here: https://simplesamlphp.org/docs...
3) Google apps confitured for SAML 2.0
It took me about 15 minutes to set it up.
Any question feel free to ask.
Re:What the hell by Vokkyt · 2014-11-04 09:11 · Score: 4, Informative

Well, GAFE accounts aren't normal google accounts. Function wise they're the same, but Google promotes that they are not put through the same advertising analytics that normal gmail accounts are.
From the GAFE website:

Google Apps is governed by a detailed Privacy Policy, which ensures we will not inappropriately share or use personal information placed in our systems. Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail our obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations. Google is registered with the US-EU Safe Harbor agreement, which helps ensure that our data protection compliance meets European Union standards for educational institutions
FERPA is the big stickler here, as google really couldn't offer the service without being FERPA compliant, and they couldn't run Google Business as usual and still be FERPA compliant.
Now, as to whether you choose to believe their claims, that's another story, but you're approaching it with a lot of misinformation, it seems.