Google Apps For Business, SSO, AD FS 2.0 and AD
- by Dominique dutra
We are a small company with 22 people in the office.
We had a lot of problems with e-mail in the past so I decided to change over to Google Apps for Business. It is the perfect solution for us, except for one thing: I need to be able to control the access to the mailboxes. Only users inside the office, authenticated to AD, or users authenticated to our VPN can connect to gmail.
From what I've read it is possible using the SSO (Single Sign On) solution provided by Google - but i am having some trouble finding consistent information about it.
First of all, our infrastructure:
Windows Server 2008 R2
Active Directory, one domain only.
Kerio Control for QoS and VPN.
That's about it on our side.
On Google Apps' side, I have one account, and 03 domains that my users use to log in. The main domain has most of the users, but the are a couple of people that login using one of the subdomains. I have a 03 domains because I run mail for 03 companies and wanted all to be in within the same control panel.
Well, I found some guides on the internet but none of them cover the AD FS installation part.
I've read somewhere that I needed to download AD FS 2.0 directly from Microsoft.com, because the one that came with Windows Server was a old version.
I downloaded it (adfsSetup.exe) and tried to install but got an error, saying that I needed a Windows Server 2008 Sp2 for that program. My Windows Server 2008 is R2.
I really need some help here, this is very importand, I dont want to have to pay $1000 for a SSO solution when i have an AD set up.
Can someone please point me out to the right direction?
Where can I find an AD FS 2.0 setup compatible with R2 would be a good start, or the one that came with r2 is already the 2.0 version.
After the initial setup, there are some guides on the internet about the Google Apps part. It seems to be really easy.
I also tried adding AD FS role, but there are a bunch of options wich I have no idea what means, and I coudn't find any guide covering that on the internet.
I dont have a lot of experience with Windows Server, but I have a company wich is certificated and provide us with support. I can ask for their help in the later setup, but I dont think ADFS is a very common thing to deal with.
