My org is almost exclusively Linux and Mac based. We have all of our internal services configured to use our GSuite logins for identity and auth.
Now we need to use a Windows application, and I'd like to host it in GCP using Windows Server 2019 rather than maintaining on-prem windows desktop hardware (we're a distributed team). I've setup an AD instance, but I'd really like to allow users to sign on using GSuite logins, maintaining continuity our existing Google Identity based SSO setup.
I've read through: https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction, but it seems to be a solution for using Active Directory as the Master and syncing TO Google Identity. I want the reverse, I'd like Google Identity to be the master, and Active Directory uses it as the identity provider (ideally without syncing :-P).
How can I go about setting up Active Directory so it uses Google Identity as the identity provider?
Unfortunately, accordingly to the documentation Federating Google Cloud with Active Directory you can configure only one-way synchronization :
In addition, have a look at Federating Google Cloud with Active Directory: Configuring single sign-on and Best practices for planning accounts and organizations to find more details.
Current level of integration was provided by Microsoft as part of Windows Server, you can try to request at Microsoft To Do UserVoice or at Microsoft Techcommunity enhance of this integration.